https://bugs.winehq.org/show_bug.cgi?id=46841
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|JASC Paint Shop Pro 8 |JASC Paint Shop Pro 8.x and |Crashes inside msvcrt |9.x crash on startup | |(msvcrt c++ exception | |handling)
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming. This also affects JASC Paint Shop Pro 9.01 hence refining the summary.
As already mentioned, overriding 'msvcrt71.dll' to use the app provided native dll over builtin works around.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Jasc Software Inc/Paint Shop Pro 9
$ WINEDLLOVERRIDES=msvcr71=n wine ./Paint\ Shop\ Pro\ 9.exe --- snip ---
Trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Jasc Software Inc/Paint Shop Pro 9
$ WINEDEBUG=+seh,+relay,+msvcrt wine ./Paint\ Shop\ Pro\ 9.exe >>log.txt 2>&1 ... 002c:Call msvcp71.?uncaught_exception@std@@YA_NXZ() ret=073d2968 002c:Call msvcr71.__uncaught_exception() ret=7a240907 002c:Ret msvcr71.__uncaught_exception() retval=00000000 ret=7a240907 002c:Ret msvcp71.?uncaught_exception@std@@YA_NXZ() retval=00000000 ret=073d2968 002c:Call msvcr71.??0exception@@QAE@XZ(00326030) ret=073d2844 002c:trace:msvcrt:MSVCRT_exception_default_ctor (0x326030) 002c:Ret msvcr71.??0exception@@QAE@XZ() retval=00326030 ret=073d2844 002c:Call msvcr71._CxxThrowException(00326030,073d4938) ret=073d29ef 002c:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,00325fc4) ret=7a3610e5 002c:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b4447ab ip=7b4447ab tid=002c 002c:trace:seh:raise_exception info[0]=19930520 002c:trace:seh:raise_exception info[1]=00326030 002c:trace:seh:raise_exception info[2]=073d4938 002c:trace:seh:raise_exception eax=7b42e059 ebx=00000008 ecx=00325f04 edx=00325fc4 esi=00326030 edi=00325f80 002c:trace:seh:raise_exception ebp=00325f58 esp=00325ee4 cs=320023 ds=32002b es=32002b fs=320063 gs=32006b flags=00000216 002c:trace:seh:call_stack_handlers calling handler at 0x73d36f8 code=e06d7363 flags=1 002c:trace:seh:call_stack_handlers handler at 0x73d36f8 returned 1 002c:trace:seh:call_stack_handlers calling handler at 0x7a36d5a0 code=e06d7363 flags=1 002c:trace:seh:catch_function_nested_handler got nested exception in catch function 002c:trace:seh:catch_function_nested_handler detect threw new exception in catch block 002c:trace:seh:cxx_frame_handler handling C++ exception rec 0x325ef0 frame 0x3275ac trylevel 16 descr 0x87ff7a8 nested_frame 0x326348 002c:trace:seh:dump_exception_type flags 0 destr 0x73d2590 handler (nil) type info 0x73d492c 002c:trace:seh:dump_exception_type 0: flags 0 type 0x73d607c {vtable=0x73d41f0 name=.?AVCJException@@ ()} offsets 0,-1,0 size 552 copy ctor 0x73d2820 002c:trace:seh:dump_exception_type 1: flags 0 type 0x73d6024 {vtable=0x73d41f0 name=.?AVexception@@ ()} offsets 0,-1,0 size 12 copy ctor 0x73d2e00 002c:trace:seh:dump_function_descr magic 19930520 002c:trace:seh:dump_function_descr unwind table: 0x87ff598 39 002c:trace:seh:dump_function_descr 0: prev -1 func 0x87d3c60 002c:trace:seh:dump_function_descr 1: prev 0 func 0x87d3c68 002c:trace:seh:dump_function_descr 2: prev 1 func 0x87d3c70 002c:trace:seh:dump_function_descr 3: prev 2 func 0x87d3c78 002c:trace:seh:dump_function_descr 4: prev 3 func 0x87d3c80 002c:trace:seh:dump_function_descr 5: prev 4 func 0x87d3c88 002c:trace:seh:dump_function_descr 6: prev 5 func 0x87d3c90 002c:trace:seh:dump_function_descr 7: prev 6 func 0x87d3c98 002c:trace:seh:dump_function_descr 8: prev 7 func 0x87d3ca0 002c:trace:seh:dump_function_descr 9: prev 8 func 0x87d3ca8 002c:trace:seh:dump_function_descr 10: prev 9 func 0x87d3cb0 002c:trace:seh:dump_function_descr 11: prev 10 func (nil) 002c:trace:seh:dump_function_descr 12: prev 11 func (nil) 002c:trace:seh:dump_function_descr 13: prev 12 func 0x87d3cb9 002c:trace:seh:dump_function_descr 14: prev 11 func (nil) 002c:trace:seh:dump_function_descr 15: prev 14 func (nil) 002c:trace:seh:dump_function_descr 16: prev 15 func 0x87d3cc1 002c:trace:seh:dump_function_descr 17: prev 14 func (nil) 002c:trace:seh:dump_function_descr 18: prev 17 func (nil) 002c:trace:seh:dump_function_descr 19: prev 18 func 0x87d3cc9 002c:trace:seh:dump_function_descr 20: prev 17 func (nil) 002c:trace:seh:dump_function_descr 21: prev 20 func (nil) 002c:trace:seh:dump_function_descr 22: prev 21 func 0x87d3cd1 002c:trace:seh:dump_function_descr 23: prev 20 func (nil) 002c:trace:seh:dump_function_descr 24: prev 11 func (nil) 002c:trace:seh:dump_function_descr 25: prev 24 func 0x87d3cd9 002c:trace:seh:dump_function_descr 26: prev 24 func 0x87d3ce1 002c:trace:seh:dump_function_descr 27: prev 26 func 0x87d3ce9 002c:trace:seh:dump_function_descr 28: prev 26 func 0x87d3cf1 002c:trace:seh:dump_function_descr 29: prev 26 func 0x87d3cf9 002c:trace:seh:dump_function_descr 30: prev 26 func 0x87d3d01 002c:trace:seh:dump_function_descr 31: prev 26 func 0x87d3d09 002c:trace:seh:dump_function_descr 32: prev 26 func 0x87d3d11 002c:trace:seh:dump_function_descr 33: prev 32 func 0x87d3d19 002c:trace:seh:dump_function_descr 34: prev 32 func 0x87d3d21 002c:trace:seh:dump_function_descr 35: prev 32 func 0x87d3d2c 002c:trace:seh:dump_function_descr 36: prev 35 func 0x87d3d38 002c:trace:seh:dump_function_descr 37: prev 11 func (nil) 002c:trace:seh:dump_function_descr 38: prev 10 func (nil) 002c:trace:seh:dump_function_descr try table: 0x87ff730 6 002c:trace:seh:dump_function_descr 0: start 21 end 22 catchlevel 23 catch 0x87ff6d0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e278 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 1: start 18 end 19 catchlevel 23 catch 0x87ff6e0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e1ce type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 2: start 15 end 16 catchlevel 23 catch 0x87ff6f0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e124 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 3: start 12 end 13 catchlevel 23 catch 0x87ff700 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e07a type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 4: start 24 end 36 catchlevel 37 catch 0x87ff710 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -24 handler 0x872e890 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 5: start 11 end 37 catchlevel 38 catch 0x87ff720 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -128 handler 0x872e97b type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:call_stack_handlers handler at 0x7a36d5a0 returned 1 002c:trace:seh:call_stack_handlers calling handler at 0x87d3d44 code=e06d7363 flags=1 002c:trace:seh:cxx_frame_handler handling C++ exception rec 0x325ef0 frame 0x3275ac trylevel 16 descr 0x87ff7a8 nested_frame (nil) 002c:trace:seh:dump_exception_type flags 0 destr 0x73d2590 handler (nil) type info 0x73d492c 002c:trace:seh:dump_exception_type 0: flags 0 type 0x73d607c {vtable=0x73d41f0 name=.?AVCJException@@ ()} offsets 0,-1,0 size 552 copy ctor 0x73d2820 002c:trace:seh:dump_exception_type 1: flags 0 type 0x73d6024 {vtable=0x73d41f0 name=.?AVexception@@ ()} offsets 0,-1,0 size 12 copy ctor 0x73d2e00 002c:trace:seh:dump_function_descr magic 19930520 002c:trace:seh:dump_function_descr unwind table: 0x87ff598 39 002c:trace:seh:dump_function_descr 0: prev -1 func 0x87d3c60 002c:trace:seh:dump_function_descr 1: prev 0 func 0x87d3c68 002c:trace:seh:dump_function_descr 2: prev 1 func 0x87d3c70 002c:trace:seh:dump_function_descr 3: prev 2 func 0x87d3c78 002c:trace:seh:dump_function_descr 4: prev 3 func 0x87d3c80 002c:trace:seh:dump_function_descr 5: prev 4 func 0x87d3c88 002c:trace:seh:dump_function_descr 6: prev 5 func 0x87d3c90 002c:trace:seh:dump_function_descr 7: prev 6 func 0x87d3c98 002c:trace:seh:dump_function_descr 8: prev 7 func 0x87d3ca0 002c:trace:seh:dump_function_descr 9: prev 8 func 0x87d3ca8 002c:trace:seh:dump_function_descr 10: prev 9 func 0x87d3cb0 002c:trace:seh:dump_function_descr 11: prev 10 func (nil) 002c:trace:seh:dump_function_descr 12: prev 11 func (nil) 002c:trace:seh:dump_function_descr 13: prev 12 func 0x87d3cb9 002c:trace:seh:dump_function_descr 14: prev 11 func (nil) 002c:trace:seh:dump_function_descr 15: prev 14 func (nil) 002c:trace:seh:dump_function_descr 16: prev 15 func 0x87d3cc1 002c:trace:seh:dump_function_descr 17: prev 14 func (nil) 002c:trace:seh:dump_function_descr 18: prev 17 func (nil) 002c:trace:seh:dump_function_descr 19: prev 18 func 0x87d3cc9 002c:trace:seh:dump_function_descr 20: prev 17 func (nil) 002c:trace:seh:dump_function_descr 21: prev 20 func (nil) 002c:trace:seh:dump_function_descr 22: prev 21 func 0x87d3cd1 002c:trace:seh:dump_function_descr 23: prev 20 func (nil) 002c:trace:seh:dump_function_descr 24: prev 11 func (nil) 002c:trace:seh:dump_function_descr 25: prev 24 func 0x87d3cd9 002c:trace:seh:dump_function_descr 26: prev 24 func 0x87d3ce1 002c:trace:seh:dump_function_descr 27: prev 26 func 0x87d3ce9 002c:trace:seh:dump_function_descr 28: prev 26 func 0x87d3cf1 002c:trace:seh:dump_function_descr 29: prev 26 func 0x87d3cf9 002c:trace:seh:dump_function_descr 30: prev 26 func 0x87d3d01 002c:trace:seh:dump_function_descr 31: prev 26 func 0x87d3d09 002c:trace:seh:dump_function_descr 32: prev 26 func 0x87d3d11 002c:trace:seh:dump_function_descr 33: prev 32 func 0x87d3d19 002c:trace:seh:dump_function_descr 34: prev 32 func 0x87d3d21 002c:trace:seh:dump_function_descr 35: prev 32 func 0x87d3d2c 002c:trace:seh:dump_function_descr 36: prev 35 func 0x87d3d38 002c:trace:seh:dump_function_descr 37: prev 11 func (nil) 002c:trace:seh:dump_function_descr 38: prev 10 func (nil) 002c:trace:seh:dump_function_descr try table: 0x87ff730 6 002c:trace:seh:dump_function_descr 0: start 21 end 22 catchlevel 23 catch 0x87ff6d0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e278 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 1: start 18 end 19 catchlevel 23 catch 0x87ff6e0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e1ce type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 2: start 15 end 16 catchlevel 23 catch 0x87ff6f0 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e124 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 3: start 12 end 13 catchlevel 23 catch 0x87ff700 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -80 handler 0x872e07a type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 4: start 24 end 36 catchlevel 37 catch 0x87ff710 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -24 handler 0x872e890 type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:dump_function_descr 5: start 11 end 37 catchlevel 38 catch 0x87ff720 1 002c:trace:seh:dump_function_descr 0: flags 8 offset -128 handler 0x872e97b type 0x88550c8 {vtable=0x87f8698 name=.?AVCJException@@ ()} 002c:trace:seh:call_catch_block matched type 0x73d4910 in tryblock 2 catchblock 0 002c:trace:seh:_CreateFrameInfo (0x3259dc, 0x326030) 002c:trace:seh:__regs_RtlUnwind code=e06d7363 flags=3 002c:trace:seh:__regs_RtlUnwind eax=00000000 ebx=00325ef0 ecx=00325910 edx=003254a5 esi=003275ac edi=087ff758 002c:trace:seh:__regs_RtlUnwind ebp=00325ab8 esp=00325920 eip=7a36cb3f cs=0023 ds=002b fs=0063 gs=006b flags=00000246 002c:trace:seh:__regs_RtlUnwind calling handler at 0x7bc92f70 code=e06d7363 flags=3 002c:trace:seh:__regs_RtlUnwind handler at 0x7bc92f70 returned 1 002c:trace:seh:__regs_RtlUnwind calling handler at 0x73d36f8 code=e06d7363 flags=3 002c:trace:seh:cxx_local_unwind calling unwind handler 0x73d36f0 trylevel 0 last -1 ebp 0x326274 002c:Call msvcr71.??1exception@@UAE@XZ(0b79a008) ret=073d27c2 002c:trace:msvcrt:MSVCRT_exception_dtor (0xb79a008) 002c:Ret msvcr71.??1exception@@UAE@XZ() retval=00000000 ret=073d27c2 002c:Call msvcr71.free(0b79a008) ret=073d27cd 002c:Call ntdll.RtlFreeHeap(07280000,00000000,0b79a008) ret=7a37d3e9 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7a37d3e9 002c:Ret msvcr71.free() retval=00000001 ret=073d27cd 002c:trace:seh:__regs_RtlUnwind handler at 0x73d36f8 returned 1 002c:trace:seh:__regs_RtlUnwind calling handler at 0x7a36d5a0 code=e06d7363 flags=3 002c:trace:seh:__CxxUnregisterExceptionObject (0x32635c) 002c:trace:seh:_FindAndUnlinkFrame (0x32635c) 002c:trace:seh:_IsExceptionObjectToBeDestroyed 0x3269a4 002c:trace:seh:__DestructExceptionObject (0x326870) 002c:Call msvcr71.??1exception@@UAE@XZ(003269a4) ret=7a36b85c 002c:trace:msvcrt:MSVCRT_exception_dtor (0x3269a4) 002c:Ret msvcr71.??1exception@@UAE@XZ() retval=00000000 ret=7a36b85c 002c:trace:seh:__regs_RtlUnwind handler at 0x7a36d5a0 returned 1 002c:trace:seh:cxx_local_unwind calling unwind handler 0x87d3cc1 trylevel 16 last 15 ebp 0x3275b8 002c:trace:seh:call_catch_block calling catch block 0x87ff6f0 addr 0x872e124 ebp 0x3275b8 002c:Call msvcr71.malloc(00000088) ret=071993cd 002c:Call ntdll.RtlAllocateHeap(07280000,00000000,00000088) ret=7a37d390 002c:Ret ntdll.RtlAllocateHeap() retval=0b799e68 ret=7a37d390 .... 002c:Call ntdll.RtlAllocateHeap(07280000,00000000,00000022) ret=7a37d390 002c:Ret ntdll.RtlAllocateHeap() retval=0b79a620 ret=7a37d390 002c:Ret msvcr71.malloc() retval=0b79a620 ret=0719a438 002c:Call msvcr71.memcpy(0b79a630,07250078,00000001) ret=0719a3fe 002c:Ret msvcr71.memcpy() retval=0b79a630 ret=0719a3fe 002c:Call msvcr71.memcpy(0b79a630,0b799dc0,00000011) ret=0719a534 002c:Ret msvcr71.memcpy() retval=0b79a630 ret=0719a534 002c:Call msvcr71.free(0b799dc0) ret=0872fb68 002c:Call ntdll.RtlFreeHeap(07280000,00000000,0b799dc0) ret=7a37d3e9 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7a37d3e9 002c:Ret msvcr71.free() retval=00000001 ret=0872fb68 002c:trace:seh:__CxxUnregisterExceptionObject (0x3259dc) 002c:trace:seh:_FindAndUnlinkFrame (0x3259dc) 002c:trace:seh:_IsExceptionObjectToBeDestroyed 0x326030 002c:trace:seh:__DestructExceptionObject (0x325ef0) 002c:Call msvcr71.??1exception@@UAE@XZ(00326030) ret=7a36b85c 002c:trace:msvcrt:MSVCRT_exception_dtor (0x326030) 002c:Ret msvcr71.??1exception@@UAE@XZ() retval=00000000 ret=7a36b85c 002c:trace:seh:call_catch_block done, continuing at 0x872e11e 002c:trace:seh:__CxxUnregisterExceptionObject (0x32635c) 002c:trace:seh:_FindAndUnlinkFrame (0x32635c) 002c:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7a36b696 ip=7a36b696 tid=002c 002c:trace:seh:raise_exception info[0]=00000000 002c:trace:seh:raise_exception info[1]=00000004 002c:trace:seh:raise_exception eax=0000002e ebx=00000000 ecx=00325db0 edx=01234ad8 esi=0032635c edi=7a3f8000 002c:trace:seh:raise_exception ebp=00326228 esp=00326200 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010293 002c:trace:seh:call_stack_handlers calling handler at 0x87d3d44 code=c0000005 flags=0 002c:trace:seh:cxx_frame_handler handling C exception code c0000005 rec 0x3261a8 frame 0x3275ac trylevel 18 descr 0x87ff7a8 nested_frame (nil) 002c:trace:seh:call_stack_handlers handler at 0x87d3d44 returned 1 0062:Ret KERNEL32.Sleep() retval=093ffe5c ret=00360315 002c:trace:seh:call_stack_handlers calling handler at 0x583b7c code=c0000005 flags=0 0062:Call KERNEL32.GetExitCodeThread(00000364,093ffe84) ret=00359fb9 002c:trace:seh:cxx_frame_handler handling C exception code c0000005 rec 0x3261a8 frame 0x327854 trylevel 7 descr 0x5d4ed0 nested_frame (nil) 002c:trace:seh:call_stack_handlers handler at 0x583b7c returned 1 002c:trace:seh:call_stack_handlers calling handler at 0x892e83c code=c0000005 flags=0 002c:trace:seh:cxx_frame_handler handling C exception code c0000005 rec 0x3261a8 frame 0x327b40 trylevel 3 descr 0x89419c0 nested_frame (nil) 002c:trace:seh:call_stack_handlers handler at 0x892e83c returned 1 ... --- snip ---
One frame gets unlinked two times in nested C++ exception handling (CXX_FRAME_MAGIC_VC6), causing page fault. Maybe some quirk in older VC++ runtime exception handling (vs. unified code base)?
There are a lot of C++ exceptions on startup by design (plugin loading/first time init), partially nested so one has to use some trickery to reach that place. Also the call sites are pretty much the same (PSP script engine -> embedded Python interpreter).
For PSP 9.01:
If the debugger supports it, place a conditional module load breakpoint and filter for 'JascCmdPyScriptRC.dll' after attaching, before dismissing the trial dialog:
--- snip --- Type Address Module/Label/Exception State Disassembly Hitcount Summary DLL FFFFFFFF JascCmdPyScriptRC.dll Enabled 1 all() --- snip ---
After hitting that one, add another one for catching CPP_EH_EXCEPTION first-chance exceptions with hitcount of 15 (16th time it goes haywire).
--- snip --- Type Address Module/Label/Exception State Disassembly Hitcount Summary Exception E06D7363 CPP_EH_EXCEPTION Enabled 15 firstchance() --- snip ---
$ sha1sum psp9.exe cd15e0959d1f9e48894d40afea16afe455c9e655 psp9.exe
$ du -sh psp9.exe 108M psp9.exe
$ wine --version wine-4.6-108-g9d7d68747b
Regards