https://bugs.winehq.org/show_bug.cgi?id=48561
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Component|-unknown |msvcp
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming. The minidump wasn't useful but fortunately I found a distributed "backup" of Orcad v16.6 for reproduce/debug.
There are actually two bugs - one of them is only surfacing when Wine has been built with LLVM MingGW toolchain (miscompiled msvcp code).
Targeting the problem when Wine was built with Gcc here.
--- snip --- $ pwd /home/focht/.wine/drive_c/Cadence/SPB_16.6/tools/pcb/bin
$ WINEDEBUG=+seh,+relay,+msvcrt,+msvcp wine ./allegro.exe >> log.txt 2>&1 ... 004f:trace:msvcrt:MSVCRT__wsopen_dispatch path: (L"C:/Cadence/SPB_16.6/share/pcb/text/custdatatips.cdt") oflags: 0x0000 shflags: 0x0040 pmode: 0x0000 fd*: 0x306c98c secure: 0 004f:trace:msvcrt:msvcrt_alloc_fd :handle (0x138) allocating fd (6) 004f:trace:msvcrt:MSVCRT__wsopen_dispatch :fd (6) handle (0x138) 004f:trace:msvcrt:msvcrt_init_fp :fd (6) allocating FILE* 004f:trace:msvcrt:msvcrt_init_fp :got FILE* (0x7ea2e460) 004f:trace:msvcrt:MSVCRT__wfsopen :fd (6) mode (L"r") FILE* (0x7ea2e460) 004f:trace:msvcrt:MSVCRT__wfsopen :got (0x7ea2e460) ... 004f:trace:msvcp:basic_istream_char_getline_delim Format is: "(%p %p %s %s)\n" (0306DB44 0306D684 400 "\n") 004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:basic_streambuf_char__Lock Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_istream_char__Ipfx Format is: "(%p %d)\n" (0306DB44 1) 004f:trace:msvcp:ios_base_good Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:basic_ios_char_tie_get Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:ios_base_good Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:basic_streambuf_char_sbumpc Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_streambuf_char__Gnavail Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_filebuf_char_uflow Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_filebuf_char_is_open Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_streambuf_char_gptr Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_streambuf_char_egptr Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcrt:_lock (34) 004f:trace:msvcrt:read_i :fd (6) handle (0x138) buf (0x4a780d0) len (4096) 004f:trace:msvcrt:read_i :EOF "" 004f:trace:msvcrt:read_i (0), "" 004f:trace:msvcrt:_unlock (34) 004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n" (0306DB9C) 004f:trace:msvcp:basic_streambuf_char__Unlock Format is: "(%p)\n" (0306DB4C) 004f:trace:msvcp:basic_ios_char_setstate_reraise Format is: "(%p %x %x)\n" (0306DB9C 3 0) 004f:trace:msvcp:basic_ios_char_clear_reraise Format is: "(%p %x %x)\n" (0306DB9C 3 0) 004f:trace:msvcp:ios_base_clear_reraise Format is: "(%p %x %x)\n" (0306DB9C 3 0) 004f:trace:msvcp:MSVCP_failure_ctor Format is: "%p %s\n" 0306CBE8 eofbit is set 004f:trace:msvcp:MSVCP_runtime_error_ctor Format is: "%p %s\n" 0306CBE8 eofbit is set 004f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e85bc23 ip=7e85bc23 tid=004f 004f:trace:seh:raise_exception info[0]=00000000 004f:trace:seh:raise_exception info[1]=00000000 004f:trace:seh:raise_exception eax=00000041 ebx=0306cbe8 ecx=0306cbc0 edx=00000000 esi=00000000 edi=00000000 004f:trace:seh:raise_exception ebp=0306cba8 esp=0306cb88 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 004f:trace:seh:call_stack_handlers calling handler at 0x1f8fd6e code=c0000005 flags=0 004f:trace:seh:call_stack_handlers handler at 0x1f8fd6e returned 1 004f:trace:seh:call_stack_handlers calling handler at 0x401ed1 code=c0000005 flags=0 004f:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0x7e85bc23 ... 004f:Call msvcr80._strdup(0257a668 "Program has encountered a problem and must exit. The design will be saved as a .SAV file that can be recovered using dbdoctor (if applicable). To resolve problem, first obtain the latest software update from Cadence and if the problem persists contact Cadence Customer Support. In addition t"...) ret=0197ee27 ... --- snip ---
The application reads a text file 'custdatatips.cdt' which is 2873 bytes.
--- snip --- { {5 (1073741825, 0, 0) (1073741827, 0, 0) (1073741826, 0, 0) (63, 0, 1) } {10 (1073741825, 0, 0) (1073741827, 0, 1) (1073741845, 1, 1) (1073741843, 1, 1) } {12 (1073741825, 0, 0) (1073741856, 0, 0) (1073741833, 0, 1) } {27 (1073741825, 0, 0) (1073741828, 1, 1) (63, 0, 1) } ... {32776 (16777215) (0) (0) } {49155 (16777215) (0) (0) } } --- snip ---
There are empty lines (newlines only) at the end, hence 'getline(stream,buffer)' will set 'ios:eofbit' and 'ios:failbit' at one point.
Wine's msvcp crashes when trying to set up failure exception.
Debugger session:
--- snip --- $ wine64 winedbg ./allegro.exe WineDbg starting on pid 005b
0x000000007bcb0131 DbgBreakPoint+0x1 in ntdll: ret Wine-dbg>c ... Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x000000007e85bbb8). 005a:fixme:dbghelp:x86_64_find_runtime_function RunTime_Function outside IMAGE_DIRECTORY_ENTRY_EXCEPTION unimplemented yet! Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7e85bbb8 ESP:0306cb90 EBP:0306cba8 EFLAGS:00010246( R- -- I Z- -P- ) EAX:0306cbe8 EBX:0306cbe8 ECX:0306cbc0 EDX:0306cc24 ESI:00000000 EDI:00000000 ... Backtrace: =>0 0x000000007e85bbb8 MSVCP_exception_ctor+0x28(this=<couldn't compute location>, name=<couldn't compute location>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\exception.c:103] in msvcp80 (0x000000000306cba8) 1 0x000000007e85bc6d MSVCP_runtime_error_ctor+0x1c(this=<unknown register 329>, name=<unknown register 334>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\exception.c:563] in msvcp80 (0x000000000306cbd8) 2 0x000000007e85d36e throw_exception+0x11d(str=<is not available>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\exception.c:673] in msvcp80 (0x000000000306cc18) 3 0x000000007e86851f ios_base_clear_reraise+0xde(this=<couldn't compute location>, state=<couldn't compute location>, reraise=<couldn't compute location>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\ios.c:5300] in msvcp80 (0x000000000306cc48) 4 0x000000007e869988 basic_ios_char_clear_reraise+0x37(this=<couldn't compute location>, state=<couldn't compute location>, reraise=<couldn't compute location>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\ios.c:5812] in msvcp80 (0x000000000306cc88) 5 0x000000007e869dcb basic_ios_char_setstate_reraise+0x7a() in msvcp80 (0x000000000306ccc8) 6 0x000000007e86f80b basic_istream_char_getline_delim+0x26a(this=<couldn't compute location>, str=<couldn't compute location>, count=<couldn't compute location>, delim=<couldn't compute location>) [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\ios.c:5923] in msvcp80 (0x000000000306cd28) 7 0x000000007e86f8c2 basic_istream_char_getline+0x21() [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\ios.c:8552] in msvcp80 (0x000000000306cd58) 8 0x0000000001861eb6 EntryPoint+0x14602f7() in allegro (0x000000000306dbe4) 9 0x00000000018618ac EntryPoint+0x145fced() in allegro (0x000000000306dcf0) 10 0x00000000018618fa EntryPoint+0x145fd3b() in allegro (0x000000000306dcf8) 11 0x000000000186528d EntryPoint+0x14636ce() in allegro (0x000000000306dd00) 12 0x000000000049fb50 EntryPoint+0x9df91() in allegro (0x000000000306f708) 13 0x000000000049f001 EntryPoint+0x9d442() in allegro (0x000000000306fd00) 14 0x0000000000402401 EntryPoint+0x842() in allegro (0x000000000306fe64) 15 0x00000000018c8ecb EntryPoint+0x14c730c() in allegro (0x000000000306fe74) 16 0x00000000018bac6c EntryPoint+0x14b90ad() in allegro (0x000000000306fe90) 17 0x000000007820cd75 EntryPoint+0xffffffffffffffff() in mfc80 (0x000000000306ff30) 18 0x000000007b452222 call_process_entry+0x11() in kernel32 (0x000000000306ff48) 19 0x000000007b452610 start_process+0xdf(entry=<couldn't compute location>, peb=<couldn't compute location>) [Z:\home\focht\projects\wine\mainline-src\dlls\kernel32\process.c:153] in kernel32 (0x000000000306ffd8) 20 0x000000007b45222e __wine_start_process+0x9() in kernel32 (0x000000000306ffec) 0x000000007e85bbb8 MSVCP_exception_ctor+0x28 [Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80..\msvcp90\exception.c:103] in msvcp80: movl 0x0(%esi),%eax 103 if(EXCEPTION_STR(name)) {
--- snip ---
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l...
--- snip --- ... 34 #if _MSVCP_VER >= 70 || defined(_MSVCIRT) 35 typedef const char **exception_name; 36 #define EXCEPTION_STR(name) (*name) 37 #define EXCEPTION_NAME(str) ((exception_name)&str) 38 #else 39 typedef const char *exception_name; 40 #define EXCEPTION_STR(name) (name) 41 #define EXCEPTION_NAME(str) (str) 42 #endif ... --- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l...
--- snip --- 556 static runtime_error* MSVCP_runtime_error_ctor( runtime_error *this, exception_name name ) 557 { 558 TRACE("%p %s\n", this, EXCEPTION_STR(name)); 559 #if _MSVCP_VER <= 90 && !defined _MSVCIRT 560 #if _MSVCP_VER == 60 561 MSVCP_exception_ctor(&this->e, ""); 562 #else 563 MSVCP_exception_ctor(&this->e, NULL); 564 #endif 565 MSVCP_basic_string_char_ctor_cstr(&this->str, EXCEPTION_STR(name)); 566 #else 567 MSVCP_exception_ctor(&this->e, name); 568 #endif 569 this->e.vtable = &MSVCP_runtime_error_vtable; 570 return this; 571 } --- snip ---
Passing NULL exception name causes NULL ptr deref in 'MSVCP_exception_ctor'. If debug trace is enabled, it with will crash even earlier in 'MSVCP_failure_ctor' (TRACE).
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l...
--- snip --- 670 static failure* MSVCP_failure_ctor( failure *this, exception_name name ) 671 { 672 TRACE("%p %s\n", this, EXCEPTION_STR(name)); 673 MSVCP_runtime_error_ctor(&this->base, name); 674 #if _MSVCP_VER > 90 675 /* FIXME: set err correctly */ 676 this->err = 0; 677 #endif 678 this->base.e.vtable = &MSVCP_failure_vtable; 679 return this; 680 } --- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l...
--- snip --- 95 /* ??0exception@@QAE@ABQBD@Z */ 96 /* ??0exception@@QEAA@AEBQEBD@Z */ 97 DEFINE_THISCALL_WRAPPER(MSVCP_exception_ctor,8) 98 exception* __thiscall MSVCP_exception_ctor(exception *this, exception_name name) 99 { 100 TRACE("(%p %s)\n", this, EXCEPTION_STR(name)); 101 102 this->vtable = &MSVCP_exception_vtable; 103 if(EXCEPTION_STR(name)) { 104 unsigned int name_len = strlen(EXCEPTION_STR(name)) + 1; 105 this->name = malloc(name_len); 106 memcpy(this->name, EXCEPTION_STR(name), name_len); 107 this->do_free = TRUE; 108 } else { 109 this->name = NULL; 110 this->do_free = FALSE; 111 } 112 return this; 113 } --- snip ---
For the time being you can work around with 'winetricks -q vcrun2005'.
$ wine --version wine-5.1
Regards