[Bug 21579] Multiple applications crash with builtin RichEdit (text host window/gui control methods must not be called during CreateTextServices)(Yahoo Messenger 10, BSSB-Win, ICQ 6,7,8)

8 Feb 2015


      https://bugs.winehq.org/show_bug.cgi?id=21579
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht@gmx.net
            Summary|Yahoo Messenger 10 crash    |Multiple applications crash
                   |when opening IM window with |with builtin RichEdit (text
                   |a contact                   |host window/gui control
                   |                            |methods must not be called
                   |                            |during
                   |                            |CreateTextServices)(Yahoo
                   |                            |Messenger 10, BSSB-Win, ICQ
                   |                            |6,7,8)
--- Comment #22 from Anastasius Focht focht@gmx.net ---
Hello folks,
refining summary and copying my analysis from bug 35416 here.
--- snip ---
$ LC_ALL=de_DE WINEDEBUG=+tid,+seh,+relay,+ole,+variant,+snoop wine
./BSSB_Win.exe >>log.txt 2>&1 
...
0024:Ret  PE DLL (proc=0x7ac4b570,module=0x7ac10000
L"riched20.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0024:Ret  KERNEL32.LoadLibraryA() retval=7ac10000 ret=60003485
0024:Call KERNEL32.GetLastError() ret=6000348d
0024:Ret  KERNEL32.GetLastError() retval=00000000 ret=6000348d
0024:Call KERNEL32.GetProcAddress(7ac10000,600b3978 "CreateTextServices")
ret=6000353f
0024:Ret  KERNEL32.GetProcAddress() retval=7ac15644 ret=6000353f 
...
0024:Call riched20.CreateTextServices(0014ed78,0014edd4,0014eddc) ret=600200a1 
...
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6001ac4e
ip=6001ac4e tid=0024
0024:trace:seh:raise_exception  info[0]=00000000
0024:trace:seh:raise_exception  info[1]=00000044
0024:trace:seh:raise_exception  eax=00000000 ebx=0033f0c4 ecx=0014edd4
edx=7ac42464 esi=00000044 edi=0033f0c4
0024:trace:seh:raise_exception  ebp=0014edd4 esp=0033f034 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
0024:trace:seh:call_stack_handlers calling handler at 0x660291be code=c0000005
flags=0
0024:trace:seh:call_stack_handlers handler at 0x660291be returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x6602e521 code=c0000005
flags=0
0024:trace:seh:call_stack_handlers handler at 0x6602e521 returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x660eeead code=c0000005
flags=0 
...
Backtrace:
=>0 0x6001ac4e in fm20 (+0x1ac4e) (0x0014edd4)
  1 0x00000000 (0x600b2598)
  2 0x6001afab in fm20 (+0x1afaa) (0x6001afa1)
  3 0xf123e94c (0x04246c83)
0x6001ac4e: movsl    (%esi),%es:(%edi)
Modules:
Module    Address            Debug info    Name (88 modules)
PE      400000-  a50000    Deferred        bssb_win 
...
Threads:
process  tid      prio (all id:s are in hex) 
...
00000023 (D) C:\Program Files\BSSB_Win\BSSB_Win.exe
    00000024    0 <== 
--- snip ---
Debugger session:
--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x7ac22194 ME_SetDefaultFormatRect+0x12(editor=0x14a28e8)
[/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:2708] in riched20
(0x0033f138)
  1 0x7ac277ad ME_HandleMessage+0x49b5(editor=0x14a28e8, msg=0x1, wParam=0,
lParam=0, unicode=0x1, phresult=0x33f6b0)
[/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:4006] in riched20
(0x0033f688)
  2 0x7ac436cb CreateTextServices+0x1a6(pUnkOuter=<couldn't compute location>,
pITextHost=<couldn't compute location>, ppUnk=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/riched20/txtsrv.c:417] in riched20
(0x0033f6d8)
  3 0x600200a1 in fm20 (+0x200a0) (0x0033f70c)
  4 0x600a64e2 in fm20 (+0xa64e1) (0x0013e184)
  5 0x00000000 (0x600b2598)
  6 0x6001afab in fm20 (+0x1afaa) (0x6001afa1)
  7 0xf123e94c (0x04246c83)
Wine-dbg>l
2708      ITextHost_TxGetClientRect(editor->texthost, &editor->rcFormat);
2709      editor->rcFormat.top += editor->exStyleFlags & WS_EX_CLIENTEDGE ? 1 :
0;
2710      editor->rcFormat.left += 1 + editor->selofs;
2711      editor->rcFormat.right -= 1;
2712    }
p *editor->texthost
{lpVtbl=0x600b2598}
--- snip ---
The problem is the app (text host) doesn't expect window/ui control methods
being called in CreateTextServices().
Source:
http://source.winehq.org/git/wine.git/blob/6c1b292f0b781c08041867f2508df5df1...
--- snip ---
392 HRESULT WINAPI CreateTextServices(IUnknown *pUnkOuter, ITextHost
*pITextHost, IUnknown **ppUnk)
393 {
...
416
417     ME_HandleMessage(ITextImpl->editor, WM_CREATE, 0, 0, TRUE, &hres);
418
...
--- snip ---
Austin's workaround:
https://bugs.winehq.org/attachment.cgi?id=50272&action=diff
Also tested with ICQ 8.x: http://exe.icq.com/icq.exe
$ sha1sum icq_rfrset.exe 
f34b5b0584b329006b16fb2411c84c5d9e3dc73e  icq_rfrset.exe
$ du -sh icq_rfrset.exe 
37M    icq_rfrset.exe
$ wine --version
wine-1.7.36
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 21579] Multiple applications crash with builtin RichEdit (text host window/gui control methods must not be called during CreateTextServices)(Yahoo Messenger 10, BSSB-Win, ICQ 6,7,8)