[Bug 39892] New: Regression in Wine 1.7.33+ causes UFile to crash with runtime error when rendering certain pages
https://bugs.winehq.org/show_bug.cgi?id=39892
Bug ID: 39892 Summary: Regression in Wine 1.7.33+ causes UFile to crash with runtime error when rendering certain pages Product: Wine Version: 1.9.0 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: anthony@anthonyfok.org Distribution: ---
Created attachment 53271 --> https://bugs.winehq.org/attachment.cgi?id=53271 Winedbg 1.9.0 log of UFile 2013 crashing at the NetFile "Interview" page
UFile 2013, which worked almost flawlessly and successfully submitted my Canadian tax returns over the Internet on my behalf with Wine 1.7.17:
* https://appdb.winehq.org/objectManager.php?sClass=version&iId=30238 (from May 2014)
now crashes consistently with a _CxxThrowException() error at msvcr100 upon clicking on the link to certain "Interview" pages. This has been tested on both Ubuntu 14.04.3 LTS and Debian sid (December 2015) with Wine-1.8 (provided by the distributions) and with Wine-1.9.0 (from WineHQ).
This same problem also plagues the newer UFile 2014, and presumably with UFile 2015.
After many trials to no avail, I finally went back to wine-unstable:i386 (1.7.17-1) from snapshot.debian.org, and... it worked!
Some more tests later, I found that wine-development:i386 (1.7.32-1) was the last good working version. From 1.7.33 on, up to 1.7.55, 1.8 and 1.9.0, Wine would crash when I click on a UFile "Interview" page like "NetFile". The "Interview" pages that crash seem to be the ones that involve some kind of HTML rendering, e.g., where an image or a hyperlink is included in the introductory text.
Just to make sure it has nothing to do with the new GCC 5.x toolchain, I took Debian's old 1.7.32-1 package from December 2014 and recompiled it inside a pbuilder/cowbuilder environment for sid-i386. Both Debian's old 1.7.32-1 package and my recompiled package work flawlessly, while both Debian's old 1.7.33-1 and my recompiled package crash at the same place.
Note, however, that HTML Help dialog works fine with all the above Wine versions up to Wine 1.9.0.
Nevertheless, since the runtime exception seems to have initiated from UFile's own DtHtmlLabelDll.dll, and pages with plain-text introductory text renders fine in Wine 1.7.33 to 1.9.0, I suspect that some changes in MSHTML introduced in 1.7.33 could be the cause of this regression.
Thanks in advance!
Anthony
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #1 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53272 --> https://bugs.winehq.org/attachment.cgi?id=53272 Winedbg 1.7.33 log of UFile 2013 crashing at the NetFile "Interview" page
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #2 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53273 --> https://bugs.winehq.org/attachment.cgi?id=53273 Screenshot of UFile 2013 rendering the NetFile "Interview" page in 1.7.32
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #3 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53274 --> https://bugs.winehq.org/attachment.cgi?id=53274 Screenshot of UFile 2013 crashing at the NetFile "Interview" page in Wine 1.9.0
https://bugs.winehq.org/show_bug.cgi?id=39892
Anthony Fok anthony@anthonyfok.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #53273|Screenshot of UFile 2013 |Screenshot of UFile 2013 description|rendering the NetFile |rendering the NetFile |"Interview" page in 1.7.32 |"Interview" page in Wine | |1.7.32
https://bugs.winehq.org/show_bug.cgi?id=39892
Anthony Fok anthony@anthonyfok.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |anthony@anthonyfok.org, | |jacek@codeweavers.com Component|-unknown |mshtml Regression SHA1| |1454e302a80c218343420a7402d | |a4d6e2dec4c76
--- Comment #4 from Anthony Fok anthony@anthonyfok.org --- Following the instructions at http://wiki.winehq.org/RegressionTesting, I did a regression test inside a sid-i386 chroot environment, and found the following:
foka@debian:~/wine-dirs/wine-source$ git bisect good 1454e302a80c218343420a7402da4d6e2dec4c76 is the first bad commit commit 1454e302a80c218343420a7402da4d6e2dec4c76 Author: Jacek Caban jacek@codeweavers.com Date: Mon Dec 1 12:55:51 2014 +0100
mshtml: Added support for flag 2 in getAttribute.
:040000 040000 e310a1e23bff845038a76d07a587ff60d212f07f 2e8691d55751082174d77f70ab68b55e7cbf7df9 M dlls
And here is the git bisect log:
foka@debian:~/wine-dirs/wine-source$ git bisect log git bisect start # bad: [aa026e061446d5afee9d55b808402998fae94f1f] Release 1.7.33. git bisect bad aa026e061446d5afee9d55b808402998fae94f1f # good: [fe2466ffdfa505329d009dac14cf933e77a14495] Release 1.7.32. git bisect good fe2466ffdfa505329d009dac14cf933e77a14495 # bad: [14324fec97b8c9740dcbca59d44a5cba13b00323] ws2_32/tests: Add SO_BSP_STATE tests. git bisect bad 14324fec97b8c9740dcbca59d44a5cba13b00323 # bad: [685c68ba61cb01f1ab4d68bd5f75fb9bed74bd3b] cabinet/tests: Add test for calling FDIIsCabinet with hf == 0. git bisect bad 685c68ba61cb01f1ab4d68bd5f75fb9bed74bd3b # bad: [f1cd8d4ac9ece36bebc0f7ab3e15edc3e425248d] localspl: Remove unused strings (Clang). git bisect bad f1cd8d4ac9ece36bebc0f7ab3e15edc3e425248d # good: [08b06b7d8f7396937c3d278219ce3b6cefa0476a] wined3d: Unbind shader resource views in state_unbind_resources(). git bisect good 08b06b7d8f7396937c3d278219ce3b6cefa0476a # good: [d57ccd54f8d751b57490d5a74c3a81ac31297313] ws2_32/tests: Fix several copy and paste errors. git bisect good d57ccd54f8d751b57490d5a74c3a81ac31297313 # bad: [1454e302a80c218343420a7402da4d6e2dec4c76] mshtml: Added support for flag 2 in getAttribute. git bisect bad 1454e302a80c218343420a7402da4d6e2dec4c76 # good: [71cb0cea7442440cc9ea3cf142255e9c261c01a6] mshtml: Added "indent" command support to execCommand. git bisect good 71cb0cea7442440cc9ea3cf142255e9c261c01a6 # first bad commit: [1454e302a80c218343420a7402da4d6e2dec4c76] mshtml: Added support for flag 2 in getAttribute.
https://bugs.winehq.org/show_bug.cgi?id=39892
Anthony Fok anthony@anthonyfok.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #5 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53276 --> https://bugs.winehq.org/attachment.cgi?id=53276 Wine-1.7.32 mshtml trace after first "onclick" (JScript ignored, but no crash)
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #6 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53277 --> https://bugs.winehq.org/attachment.cgi?id=53277 Wine-1.7.33 mshtml trace after first "onclick": IID_ISupportErrorInfo...
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #7 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53278 --> https://bugs.winehq.org/attachment.cgi?id=53278 Wine-1.9.0 mshtml trace after first "onclick": IID_ISupportErrorInfo...
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #8 from Anthony Fok anthony@anthonyfok.org --- The onclick events that apparently leads to the
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm\");'>click here</a>
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_efile_eol.htm\");'>click here</a>
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm#xmit\");'>click here</a>
<p> If you do not use NetFile, you must <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_print.htm\");'>print your tax return</a> and mail it to the government.
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #9 from Anthony Fok anthony@anthonyfok.org --- Sorry, I pressed the wrong key and sent out the last comment prematurely.
It seems that Wine (1.7.33 to Wine-1.9.0) crashes after encountering an "onclick" that looks like the following:
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm\");'>click here</a>
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_efile_eol.htm\");'>click here</a>
<A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_netfile.htm#xmit\");'>click here</a>
<p> If you do not use NetFile, you must <A href='javascript:void(0);' onclick='showHelpWindow(\"hlp_print.htm\");'>print your tax return</a> and mail it to the government.
These strings are extracted from "C:\Program Files\UFile 2013\UB1X13A.dte".
https://bugs.winehq.org/show_bug.cgi?id=39892
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Regression in Wine 1.7.33+ |UFile crashes with runtime |causes UFile to crash with |error when rendering |runtime error when |certain pages |rendering certain pages | Severity|major |normal
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #10 from Nikolay Sivov bunglehead@gmail.com --- Does it have freely available demo/full version to test?
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #11 from Anthony Fok anthony@anthonyfok.org --- (In reply to Nikolay Sivov from comment #10)
Does it have freely available demo/full version to test?
Yes, the full version may be downloaded from:
http://downloads.drtax.ca/ufile/UF2013EGYH34U86GA23WHUS4/UFile2013.exe
(The download URL was found in pages like http://support.drtax.ca/KB/faqs-windows-english/source/webpages/kpt240-20140... and http://community.ufile.ca/index.php?/topic/4931-availability-of-downloadable... .)
It can be installed simply by running "wine UFile2013.exe".
However, UFile for Windows requires an activation key before it can be used...
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #12 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53280 --> https://bugs.winehq.org/attachment.cgi?id=53280 Prevent type mismatch error with getAttribute("onclick", 2)
It appears that UFile tries to do this:
getAttribute("onclick", 2);
However, HTMLElement_get_onclick() somehow gives back an AttributeValue of VT_NULL, which of course fails to be converted to VT_BSTR, thus VariantChangeType() returns a HRESULT of 0x80020005 (Type Mismatch), which HTMLElement_getAttribute() also returns, leading to the runtime error and crash.
In Wine 1.7.32, HTMLElement_getAttribute() did not do any VariantChangeType(), and happily returns S_OK as the HRESULT, so UFile kept on running happily without crashing.
So, the attached patch adds a test case for VT_NULL and change it to a VT_BSTR(NULL) and returns S_OK, reverting to the behaviour in Wine 1.7.32. No more crashing. Yay!
However, I do suspect the real problem lies with HTMLElement_get_onclick() and other JScript-related HTMLElement_get_xxxxxx() functions. Shouldn't it be able to return an AttributeValue as a string (i.e., BSTR)? How did it become VT_NULL?
https://bugs.winehq.org/show_bug.cgi?id=39892
Anthony Fok anthony@anthonyfok.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #13 from Anthony Fok anthony@anthonyfok.org --- Created attachment 53285 --> https://bugs.winehq.org/attachment.cgi?id=53285 Add getAttribute("onclick", 2) test to jstest.html
This new test case in the attached mshtml-jstest-getAttribute-onclick-2.patch would trigger the same problem I saw in UFile 2013:
cd ~/wine-dirs/wine-build/dlls/mshtml/tests WINEDEBUG=+mshtml,+variant make script.ok
except that this WineTest hangs after
err:mshtml:update_window_doc GetDocument failed: 00000000
instead of triggering _CxxThrowException() like UFile does.
After applying prevent-0x80020005-type-mismatch-error-with-getAttribute-onclick-2.patch, this particular WineTest gives an error:
script.c:632: Test failed: L"getAttribute('onclick') = "
instead of giving the string value of the onclick attribute, but WineTest continues merrily on.
Hope this helps!
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #14 from Jacek Caban jacek@codeweavers.com --- Created attachment 53314 --> https://bugs.winehq.org/attachment.cgi?id=53314 A fix for custom attributes
Thank you for the analyse. Does the attached patch help? That's the proper solution for custom attributes. Proper support for event attributes is more tricky to get right, but hopefully this will be enough.
https://bugs.winehq.org/show_bug.cgi?id=39892
--- Comment #15 from Anthony Fok foka@debian.org --- Hello Jacek,
Thank you for your "A fix for custom attributes" patch! And yes, it works! :-)
Your patch has indeed fixed the regression, and all "Interview" forms in UFile can now be displayed without hiccup or crash, just like it was in Wine 1.7.32. :-)
(Alhough getAttribute("onclick", 2) is not yet able to retrieve onclick's string value, and such JavaScript-based buttons do not yet work, these buttons are only used in the help text and do not affect UFile's overall usability.)
So yes, your patch looks very good to me. Many thanks for your expert help!
Cheers, Anthony
https://bugs.winehq.org/show_bug.cgi?id=39892
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #16 from Jacek Caban jacek@codeweavers.com --- Thanks for testing, I sent the patch: http://source.winehq.org/patches/data/117774
https://bugs.winehq.org/show_bug.cgi?id=39892
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |f394dca92a014fa07e0cec59f97 | |fb9fd2ba157da Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #17 from Jacek Caban jacek@codeweavers.com --- Fixed in Git.
https://bugs.winehq.org/show_bug.cgi?id=39892
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #18 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.9.1.
https://bugs.winehq.org/show_bug.cgi?id=39892
Michael Stefaniuc mstefani@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |1.8.x CC| |mstefani@redhat.com
https://bugs.winehq.org/show_bug.cgi?id=39892
Michael Stefaniuc mstefani@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.8.x |---
--- Comment #19 from Michael Stefaniuc mstefani@redhat.com --- Removing 1.8.x milestone from bugs included in 1.8.5.
-
wine-bugs@winehq.org