https://bugs.winehq.org/show_bug.cgi?id=32671
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|wine: Unhandeled stack |PhotoLine 32 v18.x crashes |overflow by PhotoLine32 |on startup (missing error | |handling on creation of | |multi-profile color | |transform)
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
*always* provide the exact application version to reproduce the bug.
Deducing from OP's initial comment date (early 2013) it's likely PhotoLine 32 v18.x being the culprit here.
The current vendor download is PhotoLine 32 v19.x which works fine. I could reproduce a crash with v18 (released in 2013), which I found on some shady site.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/PhotoLine
$ WINEDEBUG=+tid,+seh,+relay,+mscms wine ./PhotoLine.exe >>log.txt 2>&1 ... 0027:Call KERNEL32.LoadLibraryW(003224dc L"C:\windows\system32\mscms.dll") ret=006d5ca1 ... 0027:Ret KERNEL32.LoadLibraryW() retval=7d0d0000 ret=006d5ca1 ... 0027:Call mscms.SelectCMM(57696e20) ret=006a73e6 0027:fixme:mscms:SelectCMM ('Win ') stub 0027:Ret mscms.SelectCMM() retval=00000001 ret=006a73e6 ... 0027:Call mscms.OpenColorProfileA(00322734,00000001,00000001,00000003) ret=006a78c1 0027:trace:mscms:OpenColorProfileA ( 0x322734, 0x00000001, 0x00000001, 0x00000003 ) ... 0027:trace:mscms:OpenColorProfileW ( 0x32266c, 0x00000001, 0x00000001, 0x00000003 ) 0027:trace:mscms:OpenColorProfileW profile file: L"C:\Program Files\PhotoLine\Defaults\ISOcoated_v2_eci.icc" ... 0027:Call KERNEL32.CreateFileW(001a0438 L"C:\Program Files\PhotoLine\Defaults\ISOcoated_v2_eci.icc",80000000,00000001,00000000,00000003,00000000,00000000) ret=7d0d8c62 0027:Ret KERNEL32.CreateFileW() retval=00000248 ret=7d0d8c62 0027:Call KERNEL32.GetFileSize(00000248,00000000) ret=7d0d8e28 0027:Ret KERNEL32.GetFileSize() retval=001be8d5 ret=7d0d8e28 ... 0027:Call KERNEL32.ReadFile(00000248,0ce90020,001be8d5,003225a8,00000000) ret=7d0d8f44 0027:Ret KERNEL32.ReadFile() retval=00000001 ret=7d0d8f44 ... 0027:Ret mscms.OpenColorProfileA() retval=00000001 ret=006a78c1 ... 0027:Call mscms.IsColorProfileValid(00000001,0032271c) ret=006a78fb 0027:trace:mscms:IsColorProfileValid ( 0x1, 0x32271c ) 0027:Ret mscms.IsColorProfileValid() retval=00000001 ret=006a78fb ... 0027:Call mscms.OpenColorProfileA(00322734,00000001,00000001,00000003) ret=006a78c1 0027:trace:mscms:OpenColorProfileA ( 0x322734, 0x00000001, 0x00000001, 0x00000003 ) 0027:trace:mscms:OpenColorProfileW ( 0x322734, 0x00000001, 0x00000001, 0x00000003 ) ... 0027:Ret mscms.OpenColorProfileA() retval=00000002 ret=006a78c1 0027:Call mscms.IsColorProfileValid(00000002,0032271c) ret=006a78fb 0027:trace:mscms:IsColorProfileValid ( 0x2, 0x32271c ) 0027:Ret mscms.IsColorProfileValid() retval=00000001 ret=006a78fb ... 0027:Call mscms.CreateMultiProfileTransform(003227d0,00000002,003227c4,00000002,00000003,00000000) ret=006a74bf 0027:trace:mscms:CreateMultiProfileTransform ( 0x3227d0, 0x00000002, 0x3227c4, 0x00000002, 0x00000003, 0x00000000 ) 0027:trace:mscms:GetColorProfileHeader ( 0x1, 0x3225f0 ) 0027:trace:mscms:from_profile color space: 0x434d594b 'CMYK' 0027:trace:mscms:GetColorProfileHeader ( 0x2, 0x3225f0 ) 0027:trace:mscms:from_profile color space: 0x52474220 'RGB ' ... 0027:trace:mscms:lcms_error_handler 9 "Wrong output color space on transform" ... 0027:Ret mscms.CreateMultiProfileTransform() retval=00000001 ret=006a74bf ... 0027:Call mscms.TranslateColors(00000001,003228a0,00000001,00000007,003248a0,00000002) ret=006a75bf 0027:trace:mscms:TranslateColors ( 0x1, 0x3228a0, 1, 7, 0x3248a0, 2 ) 0027:trace:mscms:from_type color type: 0x00000002 0027:trace:mscms:from_type color type: 0x00000007 0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7cb564c3 ip=7cb564c3 tid=0027 0027:trace:seh:raise_exception info[0]=00000000 0027:trace:seh:raise_exception info[1]=000000ab 0027:trace:seh:raise_exception eax=00000000 ebx=7cb86000 ecx=00000000 edx=7bd01da8 esi=00000000 edi=003227e8 0027:trace:seh:raise_exception ebp=003227c8 esp=003226e0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 0027:trace:seh:call_stack_handlers calling handler at 0xeb6c7b code=c0000005 flags=0 ... Unhandled exception: page fault on read access to 0x000000ab in 32-bit code (0x7cb564c3). ... Backtrace: =>0 0x7cb564c3 cmsChangeBuffersFormat+0x23() in liblcms2.so.2 (0x003227c8) 1 0x7d0da874 TranslateColors+0xd7(handle=0x1, in=0x3228a0, count=0x1, input_type=COLOR_CMYK, out=0x3248a0, output_type=COLOR_RGB) [/home/focht/projects/wine/wine.repo/src/dlls/mscms/transform.c:371] in mscms (0x003227c8) 2 0x7bc7e52e relay_call+0x39() in ntdll (0x003227f4) 3 0x7d0d420d in mscms (+0x420c) (0x003268ac) 4 0x006a75bf in photoline (+0x2a75be) (0x003268ac) 5 0x00754e6f in photoline (+0x354e6e) (0x00327a74) 0x7cb564c3 cmsChangeBuffersFormat+0x23 in liblcms2.so.2: testb $0x2,0xab(%esi) Modules: Module Address Debug info Name (115 modules) PE 400000- 14c7000 Export photoline ELF 495dd000-495fb000 Deferred libgcc_s.so.1 ELF 7b800000-7ba71000 Deferred kernel32<elf> -PE 7b820000-7ba71000 \ kernel32 ... Threads: process tid prio (all id:s are in hex) ... 00000026 (D) C:\Program Files\PhotoLine\PhotoLine.exe 0000002a 0 00000029 0 00000028 0 00000027 0 <== --- snip ---
Using winedbg proxy mode:
--- snip --- ... Program received signal SIGSEGV, Segmentation fault.
cmsChangeBuffersFormat (hTransform=0x0, InputFormat=393250, OutputFormat=262170) at cmsxform.c:1118 1118 if (!(xform ->dwOriginalFlags & cmsFLAGS_CAN_CHANGE_FORMATTER)) { Wine-gdb> bt #0 cmsChangeBuffersFormat (hTransform=0x0, InputFormat=393250, OutputFormat=262170) at cmsxform.c:1118 #1 0x7cc3c874 in TranslateColors (handle=0x1, in=0x3328e0, count=1, input_type=COLOR_CMYK, out=0x3348e0, output_type=COLOR_RGB) at /home/focht/projects/wine/wine.repo/src/dlls/mscms/transform.c:371 #2 0x006a75bf in ?? () #3 0x00754e6f in ?? () #4 0x00000000 in ?? () --- snip ---
The missing error handling of 'cmsCreateMultiprofileTransform()' causes a transform handle being returned when it shouldn't. The path leading to failure itself could be another issue.
Source: https://source.winehq.org/git/wine.git/blob/685b931c2a11219da3949cd1ad5a1fa9...
--- snip --- 204 HTRANSFORM WINAPI CreateMultiProfileTransform( PHPROFILE profiles, DWORD nprofiles, 205 PDWORD intents, DWORD nintents, DWORD flags, DWORD cmm ) 206 { 207 HTRANSFORM ret = NULL; 208 #ifdef HAVE_LCMS2 209 cmsHPROFILE *cmsprofiles, cmsconvert = NULL; 210 struct transform transform; 211 struct profile *profile0, *profile1; 212 DWORD in_format, out_format; ... 243 cmsprofiles = HeapAlloc( GetProcessHeap(), 0, (nprofiles + 1) * sizeof(cmsHPROFILE) ); 244 if (cmsprofiles) 245 { 246 cmsprofiles[0] = profile0->cmsprofile; 247 if (cmsconvert) 248 { 249 cmsprofiles[1] = cmsconvert; 250 cmsprofiles[2] = profile1->cmsprofile; 251 nprofiles++; 252 } 253 else 254 { 255 cmsprofiles[1] = profile1->cmsprofile; 256 } 257 transform.cmstransform = cmsCreateMultiprofileTransform( cmsprofiles, nprofiles, in_format, out_format, *intents, 0 ); 258 259 HeapFree( GetProcessHeap(), 0, cmsprofiles ); 260 ret = create_transform( &transform ); 261 } 262 263 release_profile( profile0 ); 264 release_profile( profile1 ); 265 266 #endif /* HAVE_LCMS2 */ 267 return ret; 268 } --- snip ---
(line 257)
$ sha1sum pl.exe 41043a0ee25ece198a3b91e176900c97901c1252 pl.exe
$ du -sh pl.exe 21M pl.exe
$ wine --version wine-1.7.48-100-ge3c6777
Regards