https://bugs.winehq.org/show_bug.cgi?id=38939
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |NEW URL| |http://www.ublox.com/images | |/Support/Support_Products/E | |valuationSoftware/u-centers | |etup_v8.17.zip CC| |focht@gmx.net Component|-unknown |user32 Summary|u-blox U-center 8,17 |u-blox u-center GNSS |crashes when attempting to |evaluation software v8.17 |open view->Packet Console |crashes when received data | |is inserted in 'Packet | |Console' window | |(questionable handling of | |edit control text buffer | |ownership) Ever confirmed|0 |1
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Since I don't have some GPS device to hook up on serial port I use the following setup:
* dual USB serial converter (Y-cable) * crosslink for loopback * NMEA simulator software
Simulator: http://www.atlsoft.de/gps-simulator/ (needs 'winetricks -q dotnet20' prerequisite)
COM1, COM2 device symlinks to /dev/ttyUSB0,1
U-Blox:
* open COM1 * open packet console
NMEAGenerator:
* open COM2 * start (sends NMEA protocol strings)
--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x7eb69195). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7eb69195 ESP:0033ec00 EBP:0033ecb8 EFLAGS:00210202( R- -- I - - - ) EAX:00000000 EBX:00138fb0 ECX:0033eba0 EDX:000000a2 ESI:0114c5b8 EDI:0114c5b8 ... Backtrace: =>0 0x7eb69195 EDIT_EM_ReplaceSel+0x3e9(es=0x114c978, can_undo=0, lpsz_replace="10:18:29 R -> NMEA GPRMC, Size 71, 'Recommended Minimum Specific GNSS Data' ", send_update=0x1, honor_limit=0x1) [/home/focht/projects/wine/wine.repo/src/dlls/user32/edit.c:2629] in user32 (0x0033ecb8) 1 0x7eb6f15c EditWndProc_common+0x49c(hwnd=0x30044, msg=0xc2, wParam=0, lParam=0x11024d0, unicode=0x1) [/home/focht/projects/wine/wine.repo/src/dlls/user32/edit.c:4763] in user32 (0x0033ed88) 2 0x7ebdb8ef EditWndProcW+0x32(hwnd=0x30044, msg=0xc2, wParam=0, lParam=0x11024d0) [/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:1083] in user32 (0x0033edb8) 3 0x7ebd8efe WINPROC_wrapper+0x19() in user32 (0x0033ede8) 4 0x7ebd9063 call_window_proc+0xbc(hwnd=0x30044, msg=0xc2, wp=0, lp=0x11024d0, result=0x33ee58, arg=0x7ebdb8bc) [/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:245] in user32 (0x0033ee28) 5 0x7ebdb423 CallWindowProcW+0x5d(func=0x7ebdb8bc, hwnd=0x30044, msg=0xc2, wParam=0, lParam=0x11024d0) [/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:982] in user32 (0x0033ee6c) 6 0x00535b98 in u-center (+0x135b97) (0x0033ee8c) ... 0x7eb69195 EDIT_EM_ReplaceSel+0x3e9 [/home/focht/projects/wine/wine.repo/src/dlls/user32/edit.c:2629] in user32: movzwl 0x0(%eax),%eax 2629 p[strl] = p[0];
Wine-dbg>info locals 0x7eb69195 EDIT_EM_ReplaceSel+0x3e9: (0033ecb8) EDITSTATE* es=0x114c978 (parameter [EBP+8]) BOOL can_undo=0 (parameter [EBP+12]) LPCWSTR lpsz_replace="10:18:29 R -> NMEA GPRMC, Size 71, 'Recommended Minimum Specific GNSS Data' " (parameter [EBP+16]) BOOL send_update=0x1 (parameter [EBP+20]) BOOL honor_limit=0x1 (parameter [EBP+24]) UINT strl=0x51 (local [EBP-12]) UINT tl=0 (local [EBP-44]) UINT utl=0 (local [EBP-116]) UINT s=0 (local [EBP-16]) UINT e=0 (local [EBP-20]) UINT i=0x30044 (local [EBP-24]) UINT size=0x51 (local [EBP-60]) LPWSTR p=0x0(nil) (local [EBP-28]) HRGN hrgn=(nil) (local [EBP-32]) LPWSTR buf=0x0(nil) (local [EBP-36]) UINT bufl=0 (local [EBP-40])
Wine-dbg>p *es {is_unicode=0x1, text=0x0(nil), text_length=0, buffer_size=0x5f, buffer_limit=0x7ffffffe, font=0xd90107, x_offset=0, line_height=0xf, char_width=0x8, style=0x502009c4, flags=0, undo_insert_count=0, undo_position=0, undo_text="", undo_buffer_size=0xf, selection_start=0, selection_end=0, password_char=0, left_margin=0x4, right_margin=0x4, format_rect={left=0x5, top=0x1, right=0x36d, bottom=0x11e}, text_width=0, region_posx=0, region_posy=0, word_break_proc=0x0(nil), line_count=0x1, y_offset=0, bCaptureState=0, bEnableState=0x1, hwndSelf=0x30044, hwndParent=0x1600da, hwndListBox=(nil), wheelDeltaRemainder=0, lock_count=0, tabs_count=0x1, tabs=0x1149eb0, first_line_def=0x10ff568, hloc32W=0x10fb972, hloc32A=0x0(nil), hlocapp=0x10fb972, composition_len=0, composition_start=0, logAttr=(nil), ssa=0x0(nil)} ---- snip ---
Trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/u-blox/u-center_v8.17
$ WINEDEBUG=+tid,+seh,+relay,+edit wine ./u-Center.exe >>log.txt 2>&1 ... 0037:Call user32.SendMessageW(000101e8,000000bd,00000000,00000000) ret=00540e15 0037:Call window proc 0x534d7e (hwnd=0x101e8,msg=EM_GETHANDLE,wp=00000000,lp=00000000) 0037:Call user32.CallWindowProcW(7ebdb8bc,000101e8,000000bd,00000000,00000000) ret=00535b98 0037:Call window proc 0x7ebdb8bc (hwnd=0x101e8,msg=EM_GETHANDLE,wp=00000000,lp=00000000) 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=bd (EM_GETHANDLE) wparam=0 lparam=0 0037:trace:edit:EDIT_EM_GetHandle Returning 0x1112202, LocalSize() = 32 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=bd (EM_GETHANDLE) -- 0x01112202 0037:Ret window proc 0x7ebdb8bc (hwnd=0x101e8,msg=EM_GETHANDLE,wp=00000000,lp=00000000) retval=01112202 0037:Ret user32.CallWindowProcW() retval=01112202 ret=00535b98 0037:Ret window proc 0x534d7e (hwnd=0x101e8,msg=EM_GETHANDLE,wp=00000000,lp=00000000) retval=01112202 0037:Ret user32.SendMessageW() retval=01112202 ret=00540e15 0037:Call KERNEL32.LocalLock(01112202) ret=00540e1c 0037:Ret KERNEL32.LocalLock() retval=01115cc8 ret=00540e1c ... 0037:Call user32.SendMessageW(000101e8,000000ba,00000000,00000000) ret=004b3cfc 0037:Call window proc 0x534d7e (hwnd=0x101e8,msg=EM_GETLINECOUNT,wp=00000000,lp=00000000) 0037:Call user32.CallWindowProcW(7ebdb8bc,000101e8,000000ba,00000000,00000000) ret=00535b98 0037:Call window proc 0x7ebdb8bc (hwnd=0x101e8,msg=EM_GETLINECOUNT,wp=00000000,lp=00000000) 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=ba (EM_GETLINECOUNT) wparam=0 lparam=0 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=ba (EM_GETLINECOUNT) -- 0x00000001 0037:Ret window proc 0x7ebdb8bc (hwnd=0x101e8,msg=EM_GETLINECOUNT,wp=00000000,lp=00000000) retval=00000001 0037:Ret user32.CallWindowProcW() retval=00000001 ret=00535b98 0037:Ret window proc 0x534d7e (hwnd=0x101e8,msg=EM_GETLINECOUNT,wp=00000000,lp=00000000) retval=00000001 0037:Ret user32.SendMessageW() retval=00000001 ret=004b3cfc ... 0037:Ret window proc 0x534d7e (hwnd=0x101e8,msg=EM_GETHANDLE,wp=00000000,lp=00000000) retval=01112202 0037:Ret user32.SendMessageW() retval=01112202 ret=00541eba 0037:Call KERNEL32.LocalUnlock(01112202) ret=00541ec1 0037:Ret KERNEL32.LocalUnlock() retval=00000000 ret=00541ec1 0037:Call user32.GetWindowTextLengthW(000101e8) ret=0053b0fc 0037:Call window proc 0x534d7e (hwnd=0x101e8,msg=WM_GETTEXTLENGTH,wp=00000000,lp=00000000) 0037:Call user32.CallWindowProcW(7ebdb8bc,000101e8,0000000e,00000000,00000000) ret=00535b98 0037:Call window proc 0x7ebdb8bc (hwnd=0x101e8,msg=WM_GETTEXTLENGTH,wp=00000000,lp=00000000) 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=e (WM_GETTEXTLENGTH) wparam=0 lparam=0 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=e (WM_GETTEXTLENGTH) -- 0x00000000 0037:Ret window proc 0x7ebdb8bc (hwnd=0x101e8,msg=WM_GETTEXTLENGTH,wp=00000000,lp=00000000) retval=00000000 0037:Ret user32.CallWindowProcW() retval=00000000 ret=00535b98 0037:Ret window proc 0x534d7e (hwnd=0x101e8,msg=WM_GETTEXTLENGTH,wp=00000000,lp=00000000) retval=00000000 0037:Ret user32.GetWindowTextLengthW() retval=00000000 ret=0053b0fc ... 0037:Ret window proc 0x534d7e (hwnd=0x101e8,msg=EM_SCROLLCARET,wp=00000000,lp=00000000) retval=00000001 0037:Ret user32.SendMessageW() retval=00000001 ret=004b3bfd 0037:Call ntdll.RtlReAllocateHeap(00110000,00000000,0111b170,000000fe) ret=00673e33 0037:Ret ntdll.RtlReAllocateHeap() retval=01114298 ret=00673e33 0037:Call user32.SendMessageW(000101e8,000000c2,00000000,011142a8) ret=004b3c22 0037:Call window proc 0x534d7e (hwnd=0x101e8,msg=EM_REPLACESEL,wp=00000000,lp=011142a8) 0037:Call user32.CallWindowProcW(7ebdb8bc,000101e8,000000c2,00000000,011142a8) ret=00535b98 0037:Call window proc 0x7ebdb8bc (hwnd=0x101e8,msg=EM_REPLACESEL,wp=00000000,lp=011142a8) 0037:trace:edit:EditWndProc_common hwnd=0x101e8 msg=c2 (EM_REPLACESEL) wparam=0 lparam=11142a8 0037:trace:edit:EDIT_EM_ReplaceSel L"10:25:54 R -> NMEA GPRMC, Size 71, 'Recommended Minimum Specific GNSS Data'\r\n", can_undo 0, send_update 1 0037:trace:edit:EDIT_MakeFit trying to ReAlloc to 81+1 characters 0037:trace:edit:EDIT_MakeFit Old 32 bit handle 0x1112202, new handle 0x1112202 0037:trace:edit:EDIT_MakeFit We now have 95+1 0037:trace:edit:EDIT_EM_ReplaceSel inserting stuff (tl 0, strl 81, selstart 0 ((null)), text (null)) 0037:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7eb69195 ip=7eb69195 tid=0037 0037:trace:seh:raise_exception info[0]=00000000 0037:trace:seh:raise_exception info[1]=00000000 0037:trace:seh:raise_exception eax=00000000 ebx=f773ede8 ecx=00000000 edx=000000a2 esi=0032edf8 edi=0032edb4 0037:trace:seh:raise_exception ebp=0032ebe8 esp=0032eb30 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210202 ... --- snip ---
The app essentially does:
--- snip --- ... LocalLock((HLOCAL)SendMessage(edit, EM_GETHANDLE, 0, 0)); ... <access contents> ... LocalUnlock((HLOCAL)SendMessage(edit, EM_GETHANDLE, 0, 0)); ... <further edit control messages, causing text buffer manipulation> --- snip ---
The following functions look conceptually questionable to me when it comes to text buffer ownership.
EDIT_EM_GetHandle EDIT_LockBuffer EDIT_UnlockBuffer
$ sha1sum u-centersetup_v8.17.zip 7c312d9c2593bb7c84d9c28612838c667d8c3625 u-centersetup_v8.17.zip
$ du -sh u-centersetup_v8.17.zip 16M u-centersetup_v8.17.zip
$ wine --version wine-1.7.47-118-ga90592c
Regards