https://bugs.winehq.org/show_bug.cgi?id=24112
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|Abandoned? | URL|http://www.xara.com/us/down |http://downloads.xara.com/d |loads/designer/ |ownloads/software/xaradesig | |nerpro6dl.exe CC| |focht@gmx.net
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, still present.
Looks like use-after-free issue, cause unknown. The crash location is pretty much random due to heap garbage being interpreted as function pointer leading to callstack partially messed up.
Trace with +relay hides the problem and the app starts.
I reconstructed the call site though:
--- snip --- ... 004B3B9A 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20] 004B3B9E 50 PUSH EAX 004B3B9F E8 FC0EFAFF CALL Designer.00454AA0 004B3BA4 8B8E 44040000 MOV ECX,DWORD PTR DS:[ESI+444] 004B3BAA 8B11 MOV EDX,DWORD PTR DS:[ECX] ; ptr freed block 004B3BAC 8B42 1C MOV EAX,DWORD PTR DS:[EDX+1C] 004B3BAF FFD0 CALL EAX ; nirvana 004B3BB1 85C0 TEST EAX,EAX 004B3BB3 74 0B JE SHORT Designer.004B3BC0 004B3BB5 8B8E 44040000 MOV ECX,DWORD PTR DS:[ESI+444] 004B3BBB E8 D0960800 CALL Designer.0053D290 004B3BC0 E8 5BCC3000 CALL Designer.007C0820 004B3BC5 8B16 MOV EDX,DWORD PTR DS:[ESI] 004B3BC7 8B82 D4000000 MOV EAX,DWORD PTR DS:[EDX+D4] 004B3BCD 8BCE MOV ECX,ESI 004B3BCF FFD0 CALL EAX 004B3BD1 85C0 TEST EAX,EAX 004B3BD3 75 26 JNZ SHORT Designer.004B3BFB ... --- snip ---
+heap shows a couple of small (non critical) heap corruptions before and finally a use-after-free:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Xara/Xara_Designer_Pro_6
$ WINEDEBUG=+tid,+seh,+loaddll,+process,+debugstr,+heap wine ./DesignerPro.exe
log.txt 2>&1
... 0027:trace:heap:RtlAllocateHeap (0x19b0000,70000062,00000054): returning 0x1a960e0 0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4536f8 ip=004536f8 tid=0027 0027:trace:seh:raise_exception info[0]=00000000 0027:trace:seh:raise_exception info[1]=feeefeee 0027:trace:seh:raise_exception eax=00000000 ebx=feeefeee ecx=3cfb9274 edx=00000000 esi=03ba4500 edi=00000001 0027:trace:seh:raise_exception ebp=01a960e0 esp=0033828c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210283 0027:trace:seh:call_stack_handlers calling handler at 0xe240a9 code=c0000005 flags=0 0027:trace:seh:call_stack_handlers handler at 0xe240a9 returned 1 ... Unhandled exception: page fault on read access to 0xfeeefeee in 32-bit code (0x004536f8). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:004536f8 ESP:0033828c EBP:01a960e0 EFLAGS:00210283( R- -- I S - - -C) EAX:00000000 EBX:feeefeee ECX:3cfb9274 EDX:00000000 ESI:03ba4500 EDI:00000001 Stack dump: 0x0033828c: 3cfb9294 00000001 03ba4500 00000000 0x0033829c: 00000000 00000000 0033834c 003382e8 0x003382ac: f7549aa3 00000003 7bceef40 7bcbc525 0x003382bc: 7bcbc2a5 00338300 7ffd8000 7bd019a0 0x003382cc: 00000000 003382f0 0033834c 00338300 0x003382dc: 0000004b 00000000 00000000 00338338 Backtrace: =>0 0x004536f8 in designerpro (+0x536f8) (0x01a960e0) 1 0x00000000 (0x00f69754) 2 0x007c5db0 in designerpro (+0x3c5daf) (0x007c0fd0) 3 0xccccc301 (0x181ac0b8) 0x004536f8: movl 0x0(%ebx),%edx Modules: Module Address Debug info Name (161 modules) PE 340000- 391000 Deferred mxexif_rel_u_vc8 PE 3a0000- 3cd000 Deferred xaracms PE 400000- 13b8000 Export designerpro PE 13c0000- 145c000 Deferred playripl PE 1ec0000- 1f61000 Deferred xaradark.cjstyles PE 1f70000- 1fa6000 Deferred magixofa-en PE 1fc0000- 23da000 Deferred xaraxenu PE 3000000- 310c000 Deferred xaradraw PE 3530000- 37f4000 Deferred pcfx PE 3800000- 3816000 Deferred xaradraw2 PE 4090000- 4255000 Deferred magixofa_u PE 56a0000- 56ab000 Deferred ucompstream PE 56b0000- 5705000 Deferred mpeg2 PE 7750000- 7aa8000 Deferred imfilters PE 10000000-100a0000 Deferred mfl_u ELF 495dd000-495fb000 Deferred libgcc_s.so.1 PE 60000000-60025000 Deferred ijl10 ELF 7b800000-7ba71000 Deferred kernel32<elf> -PE 7b820000-7ba71000 \ kernel32 ... Threads: process tid prio (all id:s are in hex) ... 00000026 (D) C:\Program Files\Xara\Xara_Designer_Pro_6\DesignerPro.exe 00000030 0 0000002f 0 0000002e 0 0000002d 0 0000002a 0 00000029 0 00000028 0 00000027 0 <== --- snip ---
Could be either an app bug that doesn't appear on NT due to different heap manager design or something else.
I don't see the benefit of wasting time on this now as only one old app version is affected and later versions work, maybe revisiting later.
$ sha1sum xaradesignerpro6dl.exe a98b3f7e75a623d5b8c309d5863b40e09e08b735 xaradesignerpro6dl.exe
$ du -sh xaradesignerpro6dl.exe 104M xaradesignerpro6dl.exe
$ wine --version wine-1.7.49
Regards