http://bugs.winehq.org/show_bug.cgi?id=22764
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |user32 Summary|Garmin chart plotter |Garmin chart plotter |updater crashes on start |updater crashes on start | |(DM_GETDEFID handling, | |property sheet dialog box)
--- Comment #6 from Anastasius Focht focht@gmx.net 2011-12-13 11:23:29 CST --- Hello,
still present.
The binary to reproduce is double-packed. Extract "program_card.exe" from "ChartplottersUpdatewithSDcard_20111111.exe". Extract "Copy2Card.exe" from "program_card.exe".
After extraction the installer runs "Copy2Card.exe UpdateInfo.xml" Running "Copy2Card.exe" without arguments is sufficient to reproduce the bug.
The app creates a wizard-like dialog (property sheet dialog box) with a property sheet page and some button controls at bottom (Cancel, Help, Next, Finish, Back).
Window/control hierarchy for better overview:
--- snip --- Handle Text Parent ID/menu Style ClsName 0005010E Marine Pr.. Topmost 94CA00C4 #32770 (dialog box) |00050112 0005010E (000003EF) 40000007 Static \0006004E Copy2Card 0005010E 50020044 #32770 (dialog box) |00030132 0006004E (00003027) 40021000 Static |00040106 Cancel 0006004E (00000002) 50010001 Button |00040116 Help 0006004E (00000009) 48030000 Button |00050026 0006004E (00003020) 4C000000 SysTabControl32 |00050108 &Next > 0006004E (00003024) 50010000 Button |00050114 Finish 0006004E (00003025) 48010000 Button |00050120 0006004E (00003026) 50021000 Static |00050126 < &Back 0006004E (00003023) 50010000 Button \0006011E Copy2Card 0006004E 50010444 #32770 (dialog box) \0004002A This wizard 0006011E (00000404) 50020000 Static --- snip ---
Window/control creation sequence follows...
NOTE: handles from window hierarchy don't match with handles in trace snippets due to different methods used (just resolve/substitute with IDs from traces).
The interesting one is the "Next" button (id=0x3024) which gets the focus and default button id. You can see the dialog showing up with one button control having focus for a split second before the app exits (use +heap to slow it down).
--- snip --- 0023:Call user32.CreateDialogIndirectParamW(00400000,00d43f88,00000000,00426007,00000000) ret=00426719 ... 0023:Call comctl32.PropertySheetW(00db2330) ret=0042c00a ... 0023:Call user32.CreateDialogIndirectParamW(00000000,0014a680,0001007c,688499c0,0014a070) ret=6884295b ... 0023:Call user32.GetDlgItem(00010088,00003020) ret=68849cab 0023:Ret user32.GetDlgItem() retval=00010096 ret=68849cab 0023:Call user32.SetPropW(00010088,6889f140 L"PropertySheetInfo",0014a070) ret=68849ccd 0023:Ret user32.SetPropW() retval=00000001 ret=68849ccd 0023:Call user32.SetWindowLongW(00010088,00000008,0014a070) ret=68849cf2 0023:Ret user32.SetWindowLongW() retval=00000000 ret=68849cf2 0023:Call user32.GetPropW(00010088,6889f140 L"PropertySheetInfo") ret=68846fde 0023:Ret user32.GetPropW() retval=0014a070 ret=68846fde 0023:Call user32.GetDlgItem(00010088,00003023) ret=68846ff7 0023:Ret user32.GetDlgItem() retval=0001008a ret=68846ff7 0023:Call user32.GetDlgItem(00010088,00003024) ret=68847010 0023:Ret user32.GetDlgItem() retval=0001008c ret=68847010 0023:Call user32.GetDlgItem(00010088,00003025) ret=68847029 0023:Ret user32.GetDlgItem() retval=0001008e ret=68847029 0023:Call user32.EnableWindow(0001008a,00000000) ret=68847092 ... 0023:Call user32.GetDlgItem(00010088,00003024) ret=68849f0a 0023:Ret user32.GetDlgItem() retval=0001008c ret=68849f0a 0023:Call user32.SetFocus(0001008c) ret=68849f15 ... 0023:Ret user32.SetFocus() retval=00000000 ret=68849f15 ... 0023:Call user32.CreateDialogIndirectParamW(00400000,0014cdf8,00010088,00426007,001496f8) ret=68844750 ... 0023:Ret user32.CreateDialogIndirectParamW() retval=0001009a ret=68844750 ... 0023:Ret user32.CreateDialogIndirectParamW() retval=00010088 ret=6884295b ... 0023:Ret comctl32.PropertySheetW() retval=00010088 ret=0042c00a ... 0023:Ret user32.CreateDialogIndirectParamW() retval=0001007c ret=00426719 ... --- snip ---
The problem:
--- snip --- ... 0023:Call user32.SendMessageW(00010088,00000476,00000000,00000000) ret=0042c0ce 0023:Call window proc 0x42feee (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) 0023:Call user32.CallWindowProcW(6862eb83,00010088,00000476,00000000,00000000) ret=0042d457 0023:Call window proc 0x6862eb83 (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) 0023:Call dialog proc 0x688499c0 (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) 0023:Call user32.GetPropW(00010088,6889f140 L"PropertySheetInfo") ret=6884a2ad 0023:Ret user32.GetPropW() retval=0014a070 ret=6884a2ad 0023:Call user32.SetWindowLongW(00010088,00000000,0001009a) ret=6884a31d 0023:Ret user32.SetWindowLongW() retval=00000000 ret=6884a31d 0023:Ret dialog proc 0x688499c0 (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) retval=00000001 result=0001009a 0023:Ret window proc 0x6862eb83 (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) retval=0001009a 0023:Ret user32.CallWindowProcW() retval=0001009a ret=0042d457 0023:Ret window proc 0x42feee (hwnd=0x10088,msg=PSM_GETCURRENTPAGEHWND,wp=00000000,lp=00000000) retval=0001009a 0023:Ret user32.SendMessageW() retval=0001009a ret=0042c0ce 0023:Call user32.GetParent(0001009a) ret=00425fde 0023:Ret user32.GetParent() retval=00010088 ret=00425fde 0023:Call user32.GetDlgItem(0001009a,00000001) ret=00425cec 0023:Ret user32.GetDlgItem() retval=00000000 ret=00425cec 0023:Call user32.GetDlgItem(00010088,00000001) ret=00425cec 0023:Ret user32.GetDlgItem() retval=00000000 ret=00425cec ... <internal exception, minidump, exit> --- snip ---
The app code calling GetDlgItem( hwnd, 1) is obviously wrong, resulting in exit (NULL hwnd is returned). It seems the control id passed to GetDlgItem() is stored in some class instance member data of C++ class hierarchy.
The following sequence shows the retrieval of the wrong control id which gets stored for later use:
--- snip --- ... 0024:Call user32.SendMessageW(0001009a,00000400,00000000,00000000) ret=00422efd 0024:Call window proc 0x42feee (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) 0024:Call user32.CallWindowProcW(6841fb83,0001009a,00000400,00000000,00000000) ret=0042d457 0024:Call window proc 0x6841fb83 (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) 0024:trace:win:WIN_SetWindowLong 0x1009a 0 0 W 0024:Call dialog proc 0x426007 (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) 0024:Ret dialog proc 0x426007 (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) retval=00000000 result=00000000 0024:Ret window proc 0x6841fb83 (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) retval=534b0001 0024:Ret user32.CallWindowProcW() retval=534b0001 ret=0042d457 0024:Ret window proc 0x42feee (hwnd=0x1009a,msg=WM_USER,wp=00000000,lp=00000000) retval=534b0001 0024:Ret user32.SendMessageW() retval=534b0001 ret=00422efd ... --- snip ---
(WM_USER+0) -> DM_GETDEFID
SendMessage(0001009a, DM_GETDEFID) resulting loWORD -> 0x0001
The sheet page (hwnd=0001009a -> 0006011E in Window/control hierarchy snippet) is on the same level as the buttons and part of the property sheet dialog box (parent).
DM_SETDEFID for "Next" button was sent earlier on the parent property sheet dialog:
--- snip --- ... 0024:Call user32.SendMessageW(00010088,00000401,00003024,00000000) ret=7a0dc137 0024:Call window proc 0x42feee (hwnd=0x10088,msg=WM_USER+1,wp=00003024,lp=00000000) 0024:Call user32.GetDlgItem(00010088,00003024) ret=0042b8fe 0024:Ret user32.GetDlgItem() retval=0001008c ret=0042b8fe ... --- snip ---
Wine code resulting in current behaviour:
http://source.winehq.org/git/wine.git/blob/a64765f673b01944ebf5da44dbcae7b8f...
--- snip --- 266 case DM_GETDEFID: 267 if (dlgInfo && !(dlgInfo->flags & DF_END)) 268 { 269 HWND hwndDefId; 270 if (dlgInfo->idResult) 271 return MAKELONG( dlgInfo->idResult, DC_HASDEFID ); 272 if ((hwndDefId = DEFDLG_FindDefButton( hwnd ))) 273 return MAKELONG( GetDlgCtrlID( hwndDefId ), DC_HASDEFID); 274 } 275 return 0; --- snip ---
I changed the code to retrieve the dialog info (-> idResult) from the parent (the property sheet dialog) and it helped the app to display the wizard dialog properly.
$ sha1sum ChartplottersUpdatewithSDcard_20111111.exe 8ee8bab4c541dba387b3128bbe7e58d97db0b373 ChartplottersUpdatewithSDcard_20111111.exe
$ wine --version wine-1.3.34-253-g088fa18
Regards