http://bugs.winehq.org/show_bug.cgi?id=35416
Bug ID: 35416 Summary: BSSB-Win crashes with segfault in fm20.dll Product: Wine Version: 1.7.11 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: richedit Assignee: wine-bugs@winehq.org Reporter: floe@butterbrot.org Classification: Unclassified
BSSB-Win ( http://www.bssb.de/2kb-downloads.html ) can be installed without problems, but crashes on first launch with the attached backtrace. This happens both on old Wine 1.4 and on 1.7.11.
Running "winetricks fm20" & adding a native,builtin override for riched20 fixes the problem, so I assume that it is an issue within the Wine-builtin riched20 component.
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #1 from Florian Echtler floe@butterbrot.org --- Created attachment 47266 --> http://bugs.winehq.org/attachment.cgi?id=47266 backtrace
http://bugs.winehq.org/show_bug.cgi?id=35416
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #2 from Bruno Jesus 00cpxxx@gmail.com --- There are 2 files in the site, what is the correct file? (SetupG, SetupV)
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #3 from Florian Echtler floe@butterbrot.org --- Sorry, SetupV.exe is the one I'm talking about. (I assume SetupG has similar issues, but I didn't test that.)
http://bugs.winehq.org/show_bug.cgi?id=35416
Florian Echtler floe@butterbrot.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|1.7.11 |1.7.10
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #4 from Austin English austinenglish@gmail.com --- Using: austin@aw25 ~ $ wine --version wine-1.7.11 austin@aw25 ~ $ sha1sum SetupV.exe 9c02853555cdf5b944944b7b5cd8c9e2d40d86c1 SetupV.exe austin@aw25 ~ $ du -h SetupV.exe 71M SetupV.exe
I get: Run-time error '7': Out of memory
terminal only shows: fixme:olepicture:OleLoadPictureEx (0xf7cd64,774,0,{7bf80980-bf32-101a-8bbb-00aa00300cab},x=0,y=0,f=0,0x33f90c), partially implemented.
native riched20 makes no difference.
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #5 from Florian Echtler floe@butterbrot.org --- This is extremely bad timing, apparently they published an update yesterday (6.2.9); I've been testing with 6.2.8. I've mirrored the previous version at http://floe.butterbrot.org/external/SetupV.exe (sha1 e295011d27b8c79618c800cdbfefcc403bc9b0e4).
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #6 from Florian Echtler floe@butterbrot.org --- I've just tested with the new version (6.2.9) and it shows exactly the same behaviour on my machine: crash in fm20.dll on startup, fixed by native riched20. Fresh wineprefix, OS set to "Windows 7" (otherwise installation won't complete).
http://bugs.winehq.org/show_bug.cgi?id=35416
Florian Echtler floe@butterbrot.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|1.7.10 |1.7.11
http://bugs.winehq.org/show_bug.cgi?id=35416
Florian Echtler floe@butterbrot.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |floe@butterbrot.org
http://bugs.winehq.org/show_bug.cgi?id=35416
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW URL| |http://www.bssb.de/2kb-down | |loads.html CC| |focht@gmx.net Summary|BSSB-Win crashes with |BSSB-Win (VB6 app) crashes |segfault in fm20.dll |on startup (text host | |window/gui control methods | |must not be called during | |CreateTextServices) Ever confirmed|0 |1
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The first problem is locale related.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/BSSB_Win
$ WINEDEBUG=+tid,+seh,+relay,+ole,+variant,+snoop wine ./BSSB_Win.exe >>log.txt 2>&1 ... 0024:trace:ole:COMPOBJ_DllList_Add L"C:\windows\system32\FM20.DLL" 0024:Call KERNEL32.LoadLibraryExW(0033f45e L"C:\windows\system32\FM20.DLL",00000000,00000008) ret=7e98f673 ... 0024:Ret PE DLL (proc=0x7ac4b570,module=0x7ac10000 L"riched20.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0024:Ret KERNEL32.LoadLibraryA() retval=7ac10000 ret=60003485 0024:Call KERNEL32.GetLastError() ret=6000348d 0024:Ret KERNEL32.GetLastError() retval=00000000 ret=6000348d 0024:Call KERNEL32.GetProcAddress(7ac10000,600b3978 "CreateTextServices") ret=6000353f 0024:Ret KERNEL32.GetProcAddress() retval=7ac15644 ret=6000353f ... 0024:Call KERNEL32.LoadLibraryExW(600c3328 L"C:\windows\system32\fm20ENU.DLL",00000000,00000000) ret=6000151b 0024:Ret KERNEL32.LoadLibraryExW() retval=00000000 ret=6000151b ... 0024:Call KERNEL32.RaiseException(c000008f,00000001,00000002,0033fa50) ret=66024d53 0024:trace:seh:raise_exception code=c000008f flags=1 addr=0x7b83a913 ip=7b83a913 tid=0024 0024:trace:seh:raise_exception info[0]=deadcafe 0024:trace:seh:raise_exception info[1]=deadcafe 0024:trace:seh:raise_exception eax=7b826989 ebx=7b8ba000 ecx=deadcafe edx=0033f9a4 esi=0033fa50 edi=0033fa10 0024:trace:seh:raise_exception ebp=0033f9e8 esp=0033f984 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00200283 0024:trace:seh:call_stack_handlers calling handler at 0x660291be code=c000008f flags=1 0024:trace:seh:call_stack_handlers handler at 0x660291be returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x6602e521 code=c000008f flags=1 ... 0024:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0013c2e4 L"Run-time error '7':\n\nOut of memory",ffffffff,00f7d4d8,00000044,00000000,00000000) ret=6601bcb1 --- snip ---
The app doesn't expect to be run on non-german systems. Actually I wouldn't be surprised if there would exist a check for 'Freistaat Bayern', excluding the rest of Germany *g*.
You have to start the app with 'LC_ALL=de_DE'
---- snip --- $ LC_ALL=de_DE WINEDEBUG=+tid,+seh,+relay,+ole,+variant,+snoop wine ./BSSB_Win.exe >>log.txt 2>&1 ... 0024:Ret PE DLL (proc=0x7ac4b570,module=0x7ac10000 L"riched20.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0024:Ret KERNEL32.LoadLibraryA() retval=7ac10000 ret=60003485 0024:Call KERNEL32.GetLastError() ret=6000348d 0024:Ret KERNEL32.GetLastError() retval=00000000 ret=6000348d 0024:Call KERNEL32.GetProcAddress(7ac10000,600b3978 "CreateTextServices") ret=6000353f 0024:Ret KERNEL32.GetProcAddress() retval=7ac15644 ret=6000353f ... 0024:Call riched20.CreateTextServices(0014ed78,0014edd4,0014eddc) ret=600200a1 ... 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6001ac4e ip=6001ac4e tid=0024 0024:trace:seh:raise_exception info[0]=00000000 0024:trace:seh:raise_exception info[1]=00000044 0024:trace:seh:raise_exception eax=00000000 ebx=0033f0c4 ecx=0014edd4 edx=7ac42464 esi=00000044 edi=0033f0c4 0024:trace:seh:raise_exception ebp=0014edd4 esp=0033f034 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210206 0024:trace:seh:call_stack_handlers calling handler at 0x660291be code=c0000005 flags=0 0024:trace:seh:call_stack_handlers handler at 0x660291be returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x6602e521 code=c0000005 flags=0 0024:trace:seh:call_stack_handlers handler at 0x6602e521 returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x660eeead code=c0000005 flags=0 ... Backtrace: =>0 0x6001ac4e in fm20 (+0x1ac4e) (0x0014edd4) 1 0x00000000 (0x600b2598) 2 0x6001afab in fm20 (+0x1afaa) (0x6001afa1) 3 0xf123e94c (0x04246c83) 0x6001ac4e: movsl (%esi),%es:(%edi) Modules: Module Address Debug info Name (88 modules) PE 400000- a50000 Deferred bssb_win ... Threads: process tid prio (all id:s are in hex) ... 00000023 (D) C:\Program Files\BSSB_Win\BSSB_Win.exe 00000024 0 <== --- snip ---
Debugger session:
--- snip --- Wine-dbg>bt Backtrace: =>0 0x7ac22194 ME_SetDefaultFormatRect+0x12(editor=0x14a28e8) [/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:2708] in riched20 (0x0033f138) 1 0x7ac277ad ME_HandleMessage+0x49b5(editor=0x14a28e8, msg=0x1, wParam=0, lParam=0, unicode=0x1, phresult=0x33f6b0) [/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:4006] in riched20 (0x0033f688) 2 0x7ac436cb CreateTextServices+0x1a6(pUnkOuter=<couldn't compute location>, pITextHost=<couldn't compute location>, ppUnk=<couldn't compute location>) [/home/focht/projects/wine/wine-git/dlls/riched20/txtsrv.c:417] in riched20 (0x0033f6d8) 3 0x600200a1 in fm20 (+0x200a0) (0x0033f70c) 4 0x600a64e2 in fm20 (+0xa64e1) (0x0013e184) 5 0x00000000 (0x600b2598) 6 0x6001afab in fm20 (+0x1afaa) (0x6001afa1) 7 0xf123e94c (0x04246c83)
Wine-dbg>l 2708 ITextHost_TxGetClientRect(editor->texthost, &editor->rcFormat); 2709 editor->rcFormat.top += editor->exStyleFlags & WS_EX_CLIENTEDGE ? 1 : 0; 2710 editor->rcFormat.left += 1 + editor->selofs; 2711 editor->rcFormat.right -= 1; 2712 }
p *editor->texthost {lpVtbl=0x600b2598} --- snip ---
The problem is the app (text host) doesn't expect window/ui control methods being called in CreateTextServices().
Source: http://source.winehq.org/git/wine.git/blob/6c1b292f0b781c08041867f2508df5df1...
--- snip --- 392 HRESULT WINAPI CreateTextServices(IUnknown *pUnkOuter, ITextHost *pITextHost, IUnknown **ppUnk) 393 { ... 416 417 ME_HandleMessage(ITextImpl->editor, WM_CREATE, 0, 0, TRUE, &hres); 418 ... --- snip ---
If you leave that part out, the app displays some license dialog hence I couldn't test further.
$ sha1sum SetupV.exe 9c02853555cdf5b944944b7b5cd8c9e2d40d86c1 SetupV.exe
$ du -sh SetupV.exe 71M SetupV.exe
$ wine --version wine-1.7.11-159-gee33839
--- quote --- "winetricks fm20" --- quote ---
As previously mentioned: Not needed unless you run with non-german locale.
--- quote --- Fresh wineprefix, OS set to "Windows 7" (otherwise installation won't complete). --- quote ---
Incorrect, works fine with default "Windows XP" WINEPREFIX.
Regards
http://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #8 from Florian Echtler floe@butterbrot.org --- Thanks for the thorough analysis!
--- snip --- The app doesn't expect to be run on non-german systems. Actually I wouldn't be surprised if there would exist a check for 'Freistaat Bayern', excluding the rest of Germany *g*.
You have to start the app with 'LC_ALL=de_DE' ---- snip ---
So very true :-) (To be fair, the app is probably entirely useless outside of Bavaria.)
https://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #9 from Austin English austinenglish@gmail.com --- Created attachment 50272 --> https://bugs.winehq.org/attachment.cgi?id=50272 workaround
https://bugs.winehq.org/show_bug.cgi?id=35416
--- Comment #10 from Austin English austinenglish@gmail.com --- (In reply to Austin English from comment #9)
Created attachment 50272 [details] workaround
I get this as well with ICQ 7 (bug 28556): http://ftp.icq.com/pub/ICQ7/install_icq7.exe
austin@aw25 ~ $ sha1sum install_icq7.exe 121463e5fd8369922b9a37da386a32737c1e1b85 install_icq7.exe austin@aw25 ~ $ du -h install_icq7.exe 34M install_icq7.exe austin@aw25 ~ $ wine --version wine-1.7.33-50-g7eed378
The atttached patch works around it, though I'm not sure if that's the proper fix (tests still pass, at least).
https://bugs.winehq.org/show_bug.cgi?id=35416
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello folks,
I'm resolving this as dupe of bug 21579 since that one has lots of dupes collected.
I'll copypasta my analysis there.
Regards
*** This bug has been marked as a duplicate of bug 21579 ***
https://bugs.winehq.org/show_bug.cgi?id=35416
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
--- Comment #12 from André H. nerv@dawncrow.de --- closing dup
https://bugs.winehq.org/show_bug.cgi?id=35416
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from André H. nerv@dawncrow.de --- actually closing, sorry for the noise
-
wine-bugs@winehq.org