[Bug 49029] ABBYY FineReader 12 Professional crashes in trial mode

https://bugs.winehq.org/show_bug.cgi?id=49029

--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,

revisiting, still present.

+heap trace to show preceding heap corruption, causing crash later.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/ABBYY FineReader 12

$ WINEDEBUG=+seh,+loaddll,+process,+msxml,+msvcrt,+heap wine ./FineReader.exe

...

log_heap.txt 2>&1

... 01b0:trace:msxml:domdoc_put_async (04208538)->(0) 01b0:trace:msxml:domdoc_put_preserveWhiteSpace (04208538)->(-1) ... 01b0:trace:msxml:domdoc_loadXML (04208538)->(L"<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?><advertisement><messages id="0" date="2021-11-14" /><messages_to_delete id="94"><message_id>1100</message_id><message_id>991</message_id><message_id>971</message_id><message_id>970</message_id><message_id>969</message_id><"... 0032F8A8) ... 01b0:trace:msxml:domdoc_loadXML parsed document 024E08D0 ... 01b0:trace:msxml:domdoc_get_documentElement (04208538)->(0032F8CC) 01b0:trace:msxml:create_node type 1 ... 01b0:trace:msxml:domelem_selectNodes (007799F8)->(L"messages_to_delete" 0032F754) ... 01b0:trace:msxml:create_selection (024E0940, "messages_to_delete", 0032F754) 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(3) 01b0:trace:msxml:registerNamespaces (024EB3F8) ... 01b0:trace:msxml:create_selection found 1 matches ... 01b0:trace:msxml:domelem_getAttributeNode (007907E8)->(L"id" 0032F770) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0072CEA8 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0072CEA8): returning TRUE 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000024): returning 042055E0 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(4) 01b0:trace:msxml:domattr_QueryInterface (042055E0)->({2933bf85-7b36-11d2-b20e-00c04f983e60} 0032F770) 01b0:trace:msxml:domattr_AddRef (042055E0)->(2) 01b0:trace:msxml:domattr_Release (042055E0)->(1) 01b0:trace:heap:RtlSizeHeap (00700000,70000062,0074DF10): returning 00000010 01b0:trace:heap:RtlFreeHeap (02890000,70000062,02D353B0): returning TRUE 01b0:trace:msxml:domattr_AddRef (042055E0)->(2) 01b0:trace:msxml:domattr_AddRef (042055E0)->(3) 01b0:trace:msxml:domattr_Release (042055E0)->(2) 01b0:trace:msxml:domattr_AddRef (042055E0)->(3) 01b0:trace:msxml:domattr_Release (042055E0)->(2) 01b0:trace:msxml:domattr_Release (042055E0)->(1) 01b0:trace:msxml:domattr_get_text (042055E0)->(0032F78C) ... 01b0:trace:msxml:node_get_text 042055E0 L"94" ... 01b0:trace:msxml:domelem_removeAttribute (007907E8)->(L"id") 01b0:trace:msxml:domelem_get_attributes (007907E8)->(0032F75C) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000028): returning 0074DBF8 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(5) 01b0:trace:msxml:xmlnodemap_removeNamedItem (0074DBF8)->(L"id" 00000000) 01b0:trace:msxml:domelem_remove_named_item (024E0B98)->(L"id" 00000000) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0072B748 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0072B748): returning TRUE 01b0:trace:msxml:domelem_remove_qualified_item (024E0B98)->(L"id" (null) 00000000) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0079D6C8 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0079D6C8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,0248AFC8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,024E0C28): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,02509DB8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,024E0BE8): returning TRUE 01b0:trace:msxml:xmlnodemap_Release (0074DBF8)->(0) 01b0:trace:msxml:xmldoc_release_refs (024E08D0)->(4) 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0074DBF8): returning TRUE 01b0:trace:heap:RtlSizeHeap (00700000,70000062,0079F598): returning 00000010 01b0:trace:heap:RtlFreeHeap (02890000,70000062,039FABF0): returning TRUE 01b0:trace:msxml:domattr_Release (042055E0)->(0) 01b0:trace:seh:dispatch_exception code=c0000005 flags=0 addr=03EBC68F ip=03ebc68f tid=01b0 01b0:trace:seh:dispatch_exception info[0]=00000000 01b0:trace:seh:dispatch_exception info[1]=feeefeee 01b0:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised 01b0:trace:seh:dispatch_exception eax=00000001 ebx=042055f8 ecx=042055e0 edx=00000000 esi=00000000 edi=feeefeee 01b0:trace:seh:dispatch_exception ebp=0032f774 esp=0032f748 cs=0023 ss=002b ds=002b es=002b fs=0063 gs=006b flags=00010206 01b0:trace:seh:call_stack_handlers calling handler at 005D4481 code=c0000005 flags=0 01b0:trace:seh:call_stack_handlers handler at 005D4481 returned 1 --- snip ---

$ wine --version wine-6.21-214-gbe0684dad50

Regards