https://bugs.winehq.org/show_bug.cgi?id=49029
Bug ID: 49029 Summary: ABBYY FineReader 12 Professional crashes in trial mode Product: Wine Version: 5.7 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: msxml6 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
continuation from bug 43454 ("Multiple installers and applications crash on unhandled exception 0x000006ba inside NdrAsyncClientCall (ABBYY FineReader 12 Professional)").
Clicking 'Run Program' (= run app in trial mode) causes a crash.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/ABBYY FineReader 12
$ WINEDEBUG=+seh,+relay,+msxml wine ./FineReader.exe >>log.txt 2>&1 ... 0055:Call ole32.CoCreateInstance(2f815e1c,00000000,00000017,2f815e2c,0032d544) ret=2f7ab6e9 ... 0055:Ret msxml3.DllGetClassObject() retval=00000000 ret=00ad5801 ... 0055:trace:msxml:DOMClassFactory_CreateInstance (nil) {00000000-0000-0000-c000-000000000046} 0x32d460 0055:trace:msxml:DOMDocument_create (60, 0x32d41c) ... 0055:trace:msxml:xmldoc_add_refs (0xf76c2d20)->(1) 0055:trace:msxml:get_domdoc_from_xmldoc returning iface 0x28b3f38 0055:trace:msxml:domdoc_QueryInterface (0x28b3f20)->({00000000-0000-0000-c000-000000000046} 0x32d460) 0055:trace:msxml:domdoc_AddRef (0x28b3f20)->(2) 0055:trace:msxml:domdoc_Release (0x28b3f20)->(1) 0055:trace:msxml:DOMClassFactory_Release (0x28d6120) ref = 0 ... 0055:Ret ole32.CoCreateInstance() retval=00000000 ret=2f7ab6e9 ... 0055:trace:msxml:domdoc_createProcessingInstruction (0x28b3f20)->(L"xml" L"version="1.0" encoding="UTF-8"" 0x32d46c) ... 0055:trace:msxml:node_set_content (0x29856e0)->(L"version="1.0" encoding="UTF-8"") ... 0055:trace:msxml:domdoc_createNode (0x28b3f20)->(0x32d3e0 {VT_INT: 1} L"root" L"http://www.abbyy.com/FineReader/BatchOptions/0" 0x32d468) ... 0055:trace:msxml:domdoc_createNode node_type 1 ... 0055:trace:msxml:domdoc_get_documentElement (0x28b3f20)->(0x32d480) 0055:trace:msxml:create_node type 1 ... 0055:trace:msxml:xmldoc_add_refs (0xf76c2d20)->(2) 0055:trace:msxml:domelem_QueryInterface (0x29856e0)->({2933bf80-7b36-11d2-b20e-00c04f983e60} 0x32d42c) 0055:trace:msxml:domelem_AddRef (0x29856e0)->(2) 0055:trace:msxml:domelem_Release (0x29856e0)->(1) 0055:trace:msxml:domelem_QueryInterface (0x29856e0)->({2933bf86-7b36-11d2-b20e-00c04f983e60} 0x32d480) 0055:trace:msxml:domelem_AddRef (0x29856e0)->(2) 0055:trace:msxml:domelem_Release (0x29856e0)->(1) 0055:trace:msxml:domelem_AddRef (0x29856e0)->(2) 0055:trace:msxml:domelem_AddRef (0x29856e0)->(3) 0055:trace:msxml:domelem_Release (0x29856e0)->(2) ... 0055:trace:msxml:domelem_setAttribute (0x29856e0)->(L"type" 0x32d400 {VT_BSTR: L""}) ... 0055:trace:msxml:domelem_setAttribute (0x29856e0)->(L"languages" 0x32d400 {VT_BSTR: L"English"}) 0055:Call KERNEL32.WideCharToMultiByte(0000fde9,00000000,028b8ecc L"English",ffffffff,00000000,00000000,00000000,00000000) ret=f799f4a2 0055:Call ntdll.RtlUnicodeToUTF8N(00000000,00000000,0032d324,028b8ecc,00000010) ret=7b0198f4 0055:Ret ntdll.RtlUnicodeToUTF8N() retval=00000000 ret=7b0198f4 0055:Ret KERNEL32.WideCharToMultiByte() retval=00000008 ret=f799f4a2 0055:Call ntdll.RtlAllocateHeap(00110000,00000000,00000009) ret=f799f4c1 0055:Ret ntdll.RtlAllocateHeap() retval=028d6120 ret=f799f4c1 0055:Call KERNEL32.WideCharToMultiByte(0000fde9,00000000,028b8ecc L"English",ffffffff,028d6120,00000009,00000000,00000000) ret=f799f4ea 0055:Call ntdll.RtlUnicodeToUTF8N(028d6120,00000009,0032d324,028b8ecc,00000010) ret=7b0198f4 0055:Ret ntdll.RtlUnicodeToUTF8N() retval=00000000 ret=7b0198f4 0055:Ret KERNEL32.WideCharToMultiByte() retval=00000008 ret=f799f4ea 0055:Call KERNEL32.WideCharToMultiByte(0000fde9,00000000,028310bc L"languages",ffffffff,00000000,00000000,00000000,00000000) ret=f799f3a3 0055:Call ntdll.RtlUnicodeToUTF8N(00000000,00000000,0032d324,028310bc,00000014) ret=7b0198f4 0055:Ret ntdll.RtlUnicodeToUTF8N() retval=00000000 ret=7b0198f4 0055:Ret KERNEL32.WideCharToMultiByte() retval=0000000a ret=f799f3a3 0055:Call ntdll.RtlAllocateHeap(00110000,00000000,0000000b) ret=f799f3c2 0055:Ret ntdll.RtlAllocateHeap() retval=028b5a50 ret=f799f3c2 0055:Call KERNEL32.WideCharToMultiByte(0000fde9,00000000,028310bc L"languages",ffffffff,028b5a50,0000000b,00000000,00000000) ret=f799f3e3 0055:Call ntdll.RtlUnicodeToUTF8N(028b5a50,0000000b,0032d324,028310bc,00000014) ret=7b0198f4 0055:Ret ntdll.RtlUnicodeToUTF8N() retval=00000000 ret=7b0198f4 0055:Ret KERNEL32.WideCharToMultiByte() retval=0000000a ret=f799f3e3 0055:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf7bd80b2 ip=f7bd80b2 tid=0055 0055:trace:seh:raise_exception info[0]=00000000 0055:trace:seh:raise_exception info[1]=a5317000 0055:trace:seh:raise_exception eax=7d125010 ebx=f7cfb000 ecx=7d12501c edx=a5317000 esi=00000030 edi=0000003f 0055:trace:seh:raise_exception ebp=00000003 esp=0032d370 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010283 0055:trace:seh:call_stack_handlers calling handler at 0x2f7bc908 code=c0000005 flags=0 0055:trace:seh:call_stack_handlers handler at 0x2f7bc908 returned 1 ... wine: Unhandled page fault on read access to A5317000 at address F7BD80B2 (thread 0055), starting debugger... --- snip ---
Tidbit: The app installer bundles Microsoft MSXML 6.0 x64 redist installer.
From 'AbbyyMsiLog.txt':
--- snip -- ... Get prerequisites...
Prerequisites: Z:\home\focht\Downloads\FR12_PE\MSXML\msxml6_x64.msi Checking related Product for UpgradeCode: {5BBED1F8-E6F3-4A02-BC97-26D35BE200CA} Prerequisite MaxUpdateVersion is: 6.10.1129.0 No related products for this UpgradeCode [Setup] Run="C:\windows\system32\msiexec.exe" /i "Z:\home\focht\Downloads\FR12_PE\MSXML\msxml6_x64.msi" /passive /Liwrmo!vepacu "C:\users\focht\Temp\msxml6_x64.log"
[Setup] RunExitCode=0 ... --- snip ---
Due to the presence of Wine's MSXML 6.0 PE builtins, the redist installer does not overwrite them. Only binaries that don't exist in Wine, such as 'msxml6r.dll' get installed in SysWOW64 and System32 respectively. It wouldn't work anyway as Wine always prefers msxml builtins for good reason.
'winetricks -q msxml6' prevents the crash.
$ sha1sum ABBYY_FR12_PRO_TRIAL.exe cd209916f9f13486a6d8f6fc6276eeb761b30803 ABBYY_FR12_PRO_TRIAL.exe
$ du -sh ABBYY_FR12_PRO_TRIAL.exe 340M ABBYY_FR12_PRO_TRIAL.exe
$ wine --version wine-5.7
Regards
https://bugs.winehq.org/show_bug.cgi?id=49029
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Hardware|x86 |x86-64 Keywords| |download URL| |https://web.archive.org/web | |/20160519045152/http://down | |load.abbyyeu.com/trials/ABB | |YY_FR12_PRO_TRIAL.exe
https://bugs.winehq.org/show_bug.cgi?id=49029
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
+heap trace to show preceding heap corruption, causing crash later.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/ABBYY FineReader 12
$ WINEDEBUG=+seh,+loaddll,+process,+msxml,+msvcrt,+heap wine ./FineReader.exe
log_heap.txt 2>&1
... 01b0:trace:msxml:domdoc_put_async (04208538)->(0) 01b0:trace:msxml:domdoc_put_preserveWhiteSpace (04208538)->(-1) ... 01b0:trace:msxml:domdoc_loadXML (04208538)->(L"<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?><advertisement><messages id="0" date="2021-11-14" /><messages_to_delete id="94"><message_id>1100</message_id><message_id>991</message_id><message_id>971</message_id><message_id>970</message_id><message_id>969</message_id><"... 0032F8A8) ... 01b0:trace:msxml:domdoc_loadXML parsed document 024E08D0 ... 01b0:trace:msxml:domdoc_get_documentElement (04208538)->(0032F8CC) 01b0:trace:msxml:create_node type 1 ... 01b0:trace:msxml:domelem_selectNodes (007799F8)->(L"messages_to_delete" 0032F754) ... 01b0:trace:msxml:create_selection (024E0940, "messages_to_delete", 0032F754) 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(3) 01b0:trace:msxml:registerNamespaces (024EB3F8) ... 01b0:trace:msxml:create_selection found 1 matches ... 01b0:trace:msxml:domelem_getAttributeNode (007907E8)->(L"id" 0032F770) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0072CEA8 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0072CEA8): returning TRUE 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000024): returning 042055E0 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(4) 01b0:trace:msxml:domattr_QueryInterface (042055E0)->({2933bf85-7b36-11d2-b20e-00c04f983e60} 0032F770) 01b0:trace:msxml:domattr_AddRef (042055E0)->(2) 01b0:trace:msxml:domattr_Release (042055E0)->(1) 01b0:trace:heap:RtlSizeHeap (00700000,70000062,0074DF10): returning 00000010 01b0:trace:heap:RtlFreeHeap (02890000,70000062,02D353B0): returning TRUE 01b0:trace:msxml:domattr_AddRef (042055E0)->(2) 01b0:trace:msxml:domattr_AddRef (042055E0)->(3) 01b0:trace:msxml:domattr_Release (042055E0)->(2) 01b0:trace:msxml:domattr_AddRef (042055E0)->(3) 01b0:trace:msxml:domattr_Release (042055E0)->(2) 01b0:trace:msxml:domattr_Release (042055E0)->(1) 01b0:trace:msxml:domattr_get_text (042055E0)->(0032F78C) ... 01b0:trace:msxml:node_get_text 042055E0 L"94" ... 01b0:trace:msxml:domelem_removeAttribute (007907E8)->(L"id") 01b0:trace:msxml:domelem_get_attributes (007907E8)->(0032F75C) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000028): returning 0074DBF8 01b0:trace:msxml:xmldoc_add_refs (024E08D0)->(5) 01b0:trace:msxml:xmlnodemap_removeNamedItem (0074DBF8)->(L"id" 00000000) 01b0:trace:msxml:domelem_remove_named_item (024E0B98)->(L"id" 00000000) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0072B748 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0072B748): returning TRUE 01b0:trace:msxml:domelem_remove_qualified_item (024E0B98)->(L"id" (null) 00000000) 01b0:trace:heap:RtlAllocateHeap (00700000,70000062,00000004): returning 0079D6C8 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0079D6C8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,0248AFC8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,024E0C28): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,02509DB8): returning TRUE 01b0:trace:heap:RtlFreeHeap (02460000,70000062,024E0BE8): returning TRUE 01b0:trace:msxml:xmlnodemap_Release (0074DBF8)->(0) 01b0:trace:msxml:xmldoc_release_refs (024E08D0)->(4) 01b0:trace:heap:RtlFreeHeap (00700000,70000062,0074DBF8): returning TRUE 01b0:trace:heap:RtlSizeHeap (00700000,70000062,0079F598): returning 00000010 01b0:trace:heap:RtlFreeHeap (02890000,70000062,039FABF0): returning TRUE 01b0:trace:msxml:domattr_Release (042055E0)->(0) 01b0:trace:seh:dispatch_exception code=c0000005 flags=0 addr=03EBC68F ip=03ebc68f tid=01b0 01b0:trace:seh:dispatch_exception info[0]=00000000 01b0:trace:seh:dispatch_exception info[1]=feeefeee 01b0:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception (code=c0000005) raised 01b0:trace:seh:dispatch_exception eax=00000001 ebx=042055f8 ecx=042055e0 edx=00000000 esi=00000000 edi=feeefeee 01b0:trace:seh:dispatch_exception ebp=0032f774 esp=0032f748 cs=0023 ss=002b ds=002b es=002b fs=0063 gs=006b flags=00010206 01b0:trace:seh:call_stack_handlers calling handler at 005D4481 code=c0000005 flags=0 01b0:trace:seh:call_stack_handlers handler at 005D4481 returned 1 --- snip ---
$ wine --version wine-6.21-214-gbe0684dad50
Regards
-
WineHQ Bugzilla