[Bug 36505] New: DynDNS Updater 4.1.6 crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=36505

Bug ID: 36505 Summary: DynDNS Updater 4.1.6 crashes on startup Product: Wine Version: 1.7.19 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: jscript Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net

Hello folks,

relevant part of trace log:

---- snip --- WINEDEBUG=+tid,+seh,+relay,+jscript,+ole,+variant wine ./DynDNS\ Updater\ 4.1.6.exe >>log.txt 2>&1 ... 0023:trace:jscript:JScriptParse_ParseScriptText (0x140338)->(L"require("res://scriptLib.js");\r\nrequire("res://json2.js");\r\nrequire("res://base64.js");\r\nrequire("res://md5.js");\r\n\r\n/////////////////////////////////////////////////////////////////////\r\napp.log(0, 'SCRIPT STARTS');\r\napp.log(0, 'TAG DATA: ' + app.tag);\r\n\r\nvar mainScript = ("... (null) (nil) (null) ffffffff 0 20 (nil) (nil)) ... 0023:trace:jscript:interp_str L"res://scriptLib.js" ... 0023:trace:jscript:JScriptParse_ParseScriptText (0x140338)->(L"////////////////////////////////////////////////////////////////////\r\n// Library\r\n//\r\nvar WinConst = {\r\n//-- window style bits.\r\n WS_OVERLAPPED: 0x00000000,\r\n WS_POPUP: 0x80000000,\r\n WS_CLIPSIBLINGS: 0x04000000,\r\n WS_CLIPCHILDREN: 0x02000000,\r\n WS_CAPTION: 0x00C00000,"... (null) (nil) (null) ffffffff 0 20 (nil) (nil)) ... 0023:trace:jscript:interp_double 0.000000 0023:trace:jscript:interp_obj_prop L"FFF_DEFAULT" 0023:trace:jscript:ensure_prop_name creating prop L"FFF_DEFAULT" flags 200 0023:Call ntdll.RtlAllocateHeap(00110000,00000000,00000018) ret=7d688c0d 0023:Ret ntdll.RtlAllocateHeap() retval=001b3978 ret=7d688c0d 0023:trace:jscript:prop_put L"FFF_DEFAULT" = 0.000000 0023:trace:jscript:interp_double 1.000000 0023:trace:jscript:interp_obj_prop L"FFF_FILESONLY" 0023:trace:jscript:ensure_prop_name creating prop L"FFF_FILESONLY" flags 200 0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001c) ret=7d688c0d 0023:Ret ntdll.RtlAllocateHeap() retval=001b3998 ret=7d688c0d 0023:trace:jscript:prop_put L"FFF_FILESONLY" = 1.000000 0023:trace:jscript:interp_double 2.000000 0023:trace:jscript:interp_obj_prop L"FFF_DIRSONLY" 0023:trace:jscript:ensure_prop_name creating prop L"FFF_DIRSONLY" flags 200 0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001a) ret=7d688c0d 0023:Ret ntdll.RtlAllocateHeap() retval=001b39c0 ret=7d688c0d 0023:trace:jscript:prop_put L"FFF_DIRSONLY" = 2.000000 0023:trace:jscript:interp_double 4.000000 0023:trace:jscript:interp_obj_prop L"FFF_RECURSIVE" 0023:trace:jscript:ensure_prop_name creating prop L"FFF_RECURSIVE" flags 200 0023:Call ntdll.RtlReAllocateHeap(00110000,00000000,001b38f0,00000100) ret=7d688c76 0023:Ret ntdll.RtlReAllocateHeap() retval=001b39e8 ret=7d688c76 0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001c) ret=7d688c0d 0023:Ret ntdll.RtlAllocateHeap() retval=001b38f0 ret=7d688c0d 0023:trace:jscript:prop_put L"FFF_RECURSIVE" = 4.000000 0023:trace:jscript:interp_double 1.000000 0023:trace:jscript:interp_obj_prop L"SLOF_ABORT_RESISTANT" 0023:trace:jscript:ensure_prop_name creating prop L"SLOF_ABORT_RESISTANT" flags 200 0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000002a) ret=7d688c0d 0023:Ret ntdll.RtlAllocateHeap() retval=001b3918 ret=7d688c0d 0023:trace:jscript:prop_put L"SLOF_ABORT_RESISTANT" = 1.000000 0023:trace:jscript:interp_var_set L"AppConst" 0023:trace:jscript:prop_put L"AppConst" = obj(0x1b38c8) 0023:trace:jscript:interp_ret 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7d6a794b ip=7d6a794b tid=0023 0023:trace:seh:raise_exception info[0]=00000001 0023:trace:seh:raise_exception info[1]=00000000 0023:trace:seh:raise_exception eax=00000000 ebx=7d6dd000 ecx=7d6a7948 edx=7ff80001 esi=0033f258 edi=00217b8c 0023:trace:seh:raise_exception ebp=0033f1b8 esp=0033f170 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210216 ... Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0x7d6a794b). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7d6a794b ESP:0033f170 EBP:0033f1b8 EFLAGS:00210216( R- -- I -A-P- ) EAX:00000000 EBX:7d6dd000 ECX:7d6a7948 EDX:7ff80001 ESI:0033f258 EDI:00217b8c ... Backtrace: =>0 0x7d6a794b jsval_to_variant+0x63(val={u={n=nan, s={u={obj=0x217b8c, str=0x217b8c, b=0x217b8c, v=0x217b8c, as_uintptr=0x217b8c}, tag=JSV_UNDEFINED}}}, retv=(nil)) [/home/focht/projects/wine/wine.repo/src/dlls/jscript/jsutils.c:344] in jscript (0x0033f1b8)

1 0x7d6a0bc6 JScriptParse_ParseScriptText+0x250(iface=<couldn't compute location>, pstrCode=<couldn't compute location>, pstrItemName=<couldn't compute location>, punkContext=<couldn't compute location>, pstrDelimiter=<couldn't compute location>, dwSourceContextCookie=<couldn't compute location>, ulStartingLine=<couldn't compute location>, dwFlags=<couldn't compute location>, pvarResult=<couldn't compute location>, pexcepinfo=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/jscript/jscript.c:786] in jscript (0x0033f248)

2 0x0040eef2 in dyndns updater 4.1.6 (+0xeef1) (0x0033f2dc) 3 0x0040dcfe in dyndns updater 4.1.6 (+0xdcfd) (0x0033f364) 4 0x0040dfa7 in dyndns updater 4.1.6 (+0xdfa6) (0x0033f3d8) 5 0x7e2adf16 call_method+0x21() in oleaut32 (0x0033f3f8) ... 344 V_VT(retv) = VT_EMPTY; Modules: Module Address Debug info Name (86 modules) PE 400000- 477000 Export dyndns updater 4.1.6 ELF 7b800000-7ba60000 Dwarf kernel32<elf> -PE 7b810000-7ba60000 \ kernel32 ELF 7bc00000-7bcee000 Dwarf ntdll<elf> -PE 7bc10000-7bcee000 \ ntdll ELF 7bf00000-7bf04000 Dwarf <wine-loader> ELF 7d663000-7d6fa000 Dwarf jscript<elf> -PE 7d670000-7d6fa000 \ jscript ... process tid prio (all id:s are in hex) ... 00000022 (D) Z:\home\focht\Downloads\DynDNS Updater 4.1.6.exe 00000023 0 <== --- snip ---

The app passes 'dwFlags = SCRIPTTEXT_ISEXPRESSION' _and_ NULL 'pvarResult' which Wine's JScript tries to write to after successful 'exec_source'.

The scriptlet is rather uninteresting (not a problem):

--- snip --- //////////////////////////////////////////////////////////////////// // Library // var WinConst = { //-- window style bits. WS_OVERLAPPED: 0x00000000, WS_POPUP: 0x80000000, WS_CLIPSIBLINGS: 0x04000000, WS_CLIPCHILDREN: 0x02000000, ... INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP : 0x00008000, // ignore https:// to http:// INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS : 0x00004000, // ignore http:// to https:// INTERNET_FLAG_IGNORE_CERT_DATE_INVALID : 0x00002000, // ignore expired X509 Cert. INTERNET_FLAG_IGNORE_CERT_CN_INVALID : 0x00001000, // ignore bad common name in X509 Cert.

___LINE_FOR_NEW_VALUES___ : 0 };

var AppConst = { FFF_DEFAULT : 0, FFF_FILESONLY : 1, FFF_DIRSONLY : 2, FFF_RECURSIVE : 4,

SLOF_ABORT_RESISTANT : 0x0001 }; --- snip ---

MSDN: http://msdn.microsoft.com/en-us/library/tch4w30x%28v=vs.94%29.aspx

--- quote --- pvarResult

[out] Address of a buffer that receives the results of scriptlet processing, or NULL if the caller expects no result (that is, the SCRIPTTEXT_ISEXPRESSION value is not set). --- quote ---

Someone is wrong here ...

Source: http://source.winehq.org/git/wine.git/blob/02d63cb3120d89a5107d4e26a92eb4bd0...

--- snip --- 753 static HRESULT WINAPI JScriptParse_ParseScriptText(IActiveScriptParse *iface, 754 LPCOLESTR pstrCode, LPCOLESTR pstrItemName, IUnknown *punkContext, 755 LPCOLESTR pstrDelimiter, CTXARG_T dwSourceContextCookie, ULONG ulStartingLine, 756 DWORD dwFlags, VARIANT *pvarResult, EXCEPINFO *pexcepinfo) 757 { 758 JScript *This = impl_from_IActiveScriptParse(iface); 759 bytecode_t *code; 760 HRESULT hres; ... 774 if(dwFlags & SCRIPTTEXT_ISEXPRESSION) { 775 exec_ctx_t *exec_ctx; 776 777 hres = create_exec_ctx(This->ctx, NULL, This->ctx->global, NULL, TRUE, &exec_ctx); 778 if(SUCCEEDED(hres)) { 779 jsval_t r; 780 781 IActiveScriptSite_OnEnterScript(This->site); 782 783 clear_ei(This->ctx); 784 hres = exec_source(exec_ctx, code, &code->global_code, TRUE, &r); 785 if(SUCCEEDED(hres)) { 786 hres = jsval_to_variant(r, pvarResult); 787 jsval_release(r); 788 } 789 exec_release(exec_ctx); 790 791 IActiveScriptSite_OnLeaveScript(This->site); 792 } ... --- snip ---

$ sha1sum DynDNS\ Updater\ 4.1.6.exe 629268eaef62d424798c7965d3e9e63a0584861a DynDNS Updater 4.1.6.exe

$ du -sh DynDNS\ Updater\ 4.1.6.exe 460K DynDNS Updater 4.1.6.exe

$ wine --version wine-1.7.19-47-g704d169

Regards