http://bugs.winehq.org/show_bug.cgi?id=19241
Summary: winemenubuilder crashes when running any application including notepad Product: Wine Version: 1.1.25 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: tmhikaru@gmail.com
Created an attachment (id=22260) --> (http://bugs.winehq.org/attachment.cgi?id=22260) snapshot of the crash dialog
whenever I run any application, winemenubuilder crashes. Disabling it via winecfg in the libraries section (specifically putting winemenubuilder.exe and toggling it to disabled) makes wine complain that it can't find the component but it no longer crashes.
For a basic reproducable test I'll be running 'wine notepad' as an example here.
I don't know what this component does or what it's a part of, but this crash did not happen under any previous version of wine.
I'll be attaching a picture of the crash dialog as well as the stderr information.
http://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #1 from tmhikaru@gmail.com 2009-07-08 14:05:49 --- Created an attachment (id=22261) --> (http://bugs.winehq.org/attachment.cgi?id=22261) output from running notepad on the command line
http://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #2 from Austin English austinenglish@gmail.com 2009-07-08 14:51:19 --- (In reply to comment #1)
Created an attachment (id=22261)
--> (http://bugs.winehq.org/attachment.cgi?id=22261) [details]
output from running notepad on the command line
Can you retry in a clean ~/.wine. Also, that output lacks a backtrace, so it's impossible to know where the crash is...
http://bugs.winehq.org/show_bug.cgi?id=19241
tmhikaru@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #3 from tmhikaru@gmail.com 2009-07-08 17:50:43 --- Whoops. Should have tried that, apparently there was something bad in my .wine configuration or something, thank you for pointing that out.
http://bugs.winehq.org/show_bug.cgi?id=19241
Ken Sharp kennybobs@o2.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Ken Sharp kennybobs@o2.co.uk 2009-07-08 19:52:00 --- Invalid.
http://bugs.winehq.org/show_bug.cgi?id=19241
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |UNCONFIRMED CC| |dank@kegel.com Resolution|INVALID |
--- Comment #5 from Dan Kegel dank@kegel.com 2011-08-08 21:12:41 CDT --- I see winemenubuilder crash occasionally, even on clean .wine directories. Here's a backtrace:
Unhandled exception: page fault on read access to 0x003f68c8 in 32-bit code (0x68684fd6). Backtrace: 0 add_module_icons_to_stream+0x26(iconData16=(nil), hModule=0x3d0001, grpIconDir=0x3f68c4) [programs/winemenubuilder/winemenubuilder.c:619] fixme:dbghelp_dwarf:compute_location Unhandled attr op: 9e 1 open_module_icon+0xc2(szFileName=<?>, nIndex=<?>, ppStream=0x33fc74) [programs/winemenubuilder/winemenubuilder.c:882] 2 open_icon+0x28(filename="C:\windows\system32\notepad.exe", index=<?>, bWait=0, ppStream=0x33fc74) [programs/winemenubuilder/winemenubuilder.c:1025] 3 extract_icon+0x44(icoPathW="C:\windows\system32\notepad.exe", index=0, destFilename=0x0(nil), bWait=0) [programs/winemenubuilder/winemenubuilder.c:1315] 4 wWinMain+0x13ae(hInstance=0x68680000, prev=(nil), cmdline="-a", show=0x1) [programs/winemenubuilder/winemenubuilder.c:2613] 5 wmain+0xb0(argc=0x3, argv=0x110380) [dlls/winecrt0/exe_wmain.c:50] ... 0x68684fd6 add_module_icons_to_stream+0x26 [programs/winemenubuilder/winemenubuilder.c:619] 619 for (i = 0; i < grpIconDir->idCount; i++)
http://bugs.winehq.org/show_bug.cgi?id=19241
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |programs
http://bugs.winehq.org/show_bug.cgi?id=19241
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #6 from Dan Kegel dank@kegel.com 2012-07-02 12:29:52 CDT --- This is happening reliably now, with backtrace
Unhandled exception: page fault on read access to 0x005ef000 in 32-bit code (0x7ea59d50). Backtrace: =>0 add_module_icons_to_stream+0x40(iconData16=(nil), hModule=0x3d0001, grpIconDir=0x52bfcc) [programs/winemenubuilder/winemenubuilder.c:624] 1 open_module_icon+0xc2(szFileName=<?>, nIndex=<is not available>, ppStream=0x33fc48) [programs/winemenubuilder/winemenubuilder.c:886] 2 open_icon+0x26(filename="C:\Program Files\StepMania 5\Program\StepMania.exe", index=<?>, bWait=0, ppStream=0x33fc48) [programs/winemenubuilder/winemenubuilder.c:1030] 3 extract_icon+0x43(icoPathW="C:\Program Files\StepMania 5\Program\StepMania.exe", index=0x1, destFilename="application-x-wine-extension-smzip", bWait=0) [programs/winemenubuilder/winemenubuilder.c:1320]
after installing StepMania 5 from http://code.google.com/p/sm-ssc/downloads/list
http://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #7 from Ruslan Kabatsayev b7.10110111@gmail.com 2013-06-11 12:26:02 CDT --- Created attachment 44755 --> http://bugs.winehq.org/attachment.cgi?id=44755 Backtrace
I still have this crash in wine-1.6-rc1-18-gb82a5ab. It happens sometimes after I upgrade wine and try launching an app. The prefix upgrade window appears and the crash occurs.
http://bugs.winehq.org/show_bug.cgi?id=19241
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, Installer URL| |http://www.innosetup.com/do | |wnload.php/is.exe CC| |austinenglish@gmail.com, | |damjan.jov@gmail.com
--- Comment #8 from Austin English austinenglish@gmail.com 2013-08-13 13:09:28 CDT --- I found an installer that reliably triggers this: http://www.innosetup.com/download.php/is.exe
http://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #9 from Austin English austinenglish@gmail.com 2013-08-13 13:10:08 CDT --- austin@aw25 ~/oldbugs/19241 $ du -h isetup-5.5.3.exe 1.9M isetup-5.5.3.exe austin@aw25 ~/oldbugs/19241 $ sha1sum isetup-5.5.3.exe b7bf3ac443d86e016412e570d1e55b11af5f365c isetup-5.5.3.exe austin@aw25 ~/oldbugs/19241 $ wine --version wine-1.7.0
http://bugs.winehq.org/show_bug.cgi?id=19241
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|winemenubuilder crashes |winemenubuilder crashes |when running any |during extraction of |application including |high-res Windows Vista+ |notepad |256x256 PNG compressed icon | |resources
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming. Embarrassingly this bug exists for some years now.
I have 'winemenubuilder' disabled by default hence I didn't get those occasional crashes other people reported.
New bug reports with 'winemenubuilder' crashes appeared recently so I took an interest in this :)
In the case of the 'InnoSetup' installer there exist two icon groups in resource directory:
#1 "MAINICON"
--- snip --- 16 x 16 (256 colors) - Ordinal name: 1 32 x 32 (256 colors) - Ordinal name: 2 48 x 48 (256 colors) - Ordinal name: 3 16 x 16 (16.8mil colors) - Ordinal name: 4 32 x 32 (16.8mil colors) - Ordinal name: 5 48 x 48 (16.8mil colors) - Ordinal name: 6 128 x 128 (16.8mil colors) - Ordinal name: 7 256 x 256 (16.8mil colors) - Ordinal name: 8 --- snip ---
#2 "1"
--- snip --- 16 x 16 (256 colors) - Ordinal name: 9 32 x 32 (256 colors) - Ordinal name: 10 48 x 48 (256 colors) - Ordinal name: 11 16 x 16 (16.8mil colors) - Ordinal name: 12 32 x 32 (16.8mil colors) - Ordinal name: 13 48 x 48 (16.8mil colors) - Ordinal name: 14 128 x 128 (16.8mil colors) - Ordinal name: 15 256 x 256 (16.8mil colors) - Ordinal name: 16 --- snip ---
Relevant part of trace log:
--- snip --- ... 0028:Call KERNEL32.LoadLibraryExW(0033e71c L"C:\Program Files\Inno Setup 5\Compil32.exe",00000000,00000002) ret=7edb5790 0028:Ret KERNEL32.LoadLibraryExW() retval=00340001 ret=7edb5790 0028:Call KERNEL32.EnumResourceNamesW(00340001,0000000e,7edb56f2,0033d9c0) ret=7edb5934 0028:trace:resource:EnumResourceNamesW 0x340001 #000e 0x7edb56f2 33d9c0 0028:trace:resource:LdrFindResourceDirectory_U module 0x340001 type #000e name lang 0000 level 1 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 000e ret 0x3a58a8 0028:Call KERNEL32.FindResourceW(00340001,00136c88 L"MAINICON",0000000e) ret=7edb573d 0028:trace:resource:FindResourceExW 0x340001 #000e L"MAINICON" 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #000e name L"MAINICON" lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 000e ret 0x3a58a8 0028:trace:resource:find_entry_by_name root 0x3a5600 dir 0x3a58a8 name L"MAINICON" ret 0x3a5ec8 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5ec8 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5ec8 id 0409 ret 0x3a6308 0028:Ret KERNEL32.FindResourceW() retval=003a6308 ret=7edb573d 0028:Ret KERNEL32.EnumResourceNamesW() retval=00000000 ret=7edb5934 0028:Call KERNEL32.LoadResource(00340001,003a6308) ret=7edb59b5 0028:trace:resource:LoadResource 0x340001 0x3a6308 0028:Ret KERNEL32.LoadResource() retval=003fa5dc ret=7edb59b5 0028:Call KERNEL32.LockResource(003fa5dc) ret=7edb59d0 0028:Ret KERNEL32.LockResource() retval=003fa5dc ret=7edb59d0 0028:Call ntdll.RtlAllocateHeap(00110000,00000000,00055fc0) ret=7edb494b 0028:Ret ntdll.RtlAllocateHeap() retval=00137200 ret=7edb494b 0028:Call ntdll.RtlAllocateHeap(00110000,00000000,00000080) ret=7edb49dc 0028:Ret ntdll.RtlAllocateHeap() retval=0018d1c8 ret=7edb49dc 0028:Call ole32.CreateStreamOnHGlobal(00000000,00000001,0033d8ec) ret=7edb4a59 ... --- snip ---
Icon group "MAINICON" resources #1 .. #8
--- snip --- ... 0028:Call KERNEL32.FindResourceW(00340001,00000001,00000003) ret=7edb4699 0028:trace:resource:FindResourceExW 0x340001 #0003 #0001 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #0003 name #0001 lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 0003 ret 0x3a5708 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5708 id 0001 ret 0x3a5aa8 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0409 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5aa8 id 0009 not found 0028:Ret KERNEL32.FindResourceW() retval=003a6048 ret=7edb4699 0028:Call KERNEL32.LoadResource(00340001,003a6048) ret=7edb46bb 0028:trace:resource:LoadResource 0x340001 0x3a6048 0028:Ret KERNEL32.LoadResource() retval=003a81f0 ret=7edb46bb 0028:Call KERNEL32.LockResource(003a81f0) ret=7edb46d6 0028:Ret KERNEL32.LockResource() retval=003a81f0 ret=7edb46d6 0028:Call KERNEL32.FreeResource(003a81f0) ret=7edb4889 0028:Ret KERNEL32.FreeResource() retval=00000000 ret=7edb4889 ... 0028:trace:resource:FindResourceExW 0x340001 #0003 #0008 0000 0028:trace:resource:LdrFindResource_U module 0x340001 type #0003 name #0008 lang 0000 level 3 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5600 id 0003 ret 0x3a5708 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5708 id 0008 ret 0x3a5b50 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0000 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0409 not found 0028:trace:resource:find_entry_by_id root 0x3a5600 dir 0x3a5b50 id 0009 not found 0028:Ret KERNEL32.FindResourceW() retval=003a60b8 ret=7edb4699 0028:Call KERNEL32.LoadResource(00340001,003a60b8) ret=7edb46bb 0028:trace:resource:LoadResource 0x340001 0x3a60b8 0028:Ret KERNEL32.LoadResource() retval=003be188 ret=7edb46bb 0028:Call KERNEL32.LockResource(003be188) ret=7edb46d6 0028:Ret KERNEL32.LockResource() retval=003be188 ret=7edb46d6 0028:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf74c88e6 ip=f74c88e6 tid=0028 0028:trace:seh:raise_exception info[0]=00000000 0028:trace:seh:raise_exception info[1]=003fb000 0028:trace:seh:raise_exception eax=003faf90 ebx=f753a000 ecx=000031a0 edx=00189fa0 esi=00000800 edi=00003800 0028:trace:seh:raise_exception ebp=0033d898 esp=0033d850 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0028:trace:seh:call_stack_handlers calling handler at 0x7bc9dbe3 code=c0000005 flags=0 ... Unhandled exception: page fault on read access to 0x003fb000 in 32-bit code (0xf74c88e6). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f74c88e6 ESP:0033d850 EBP:0033d898 EFLAGS:00010206( R- -- I - -P- ) EAX:003faf90 EBX:f753a000 ECX:000031a0 EDX:00189fa0 ESI:00000800 EDI:00003800 ... Backtrace: =>0 0xf74c88e6 __memcpy_ssse3_rep+0x286() in libc.so.6 (0x0033d898) 1 0x7edb485a populate_module_icons+0x21e(hModule=0x340001, grpIconDir=0x3fa5dc, iconDirEntries=0x18d1c8, icons="(", iconOffset=0x33d8dc) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:624] in winemenubuilder (0x0033d898) 2 0x7edb4b27 add_module_icons_to_stream+0x279(iconData16=(nil), hModule=0x340001, grpIconDir=0x3fa5dc) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:675] in winemenubuilder (0x0033d998) 3 0x7edb59f6 open_module_icon+0x29b(szFileName="C:\Program Files\Inno Setup 5\Compil32.exe", nIndex=0, ppStream=0x33da98) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:911] in winemenubuilder (0x0033da28) 4 0x7edb6135 open_icon+0x2a(filename="C:\Program Files\Inno Setup 5\Compil32.exe", index=0, bWait=0x1, ppStream=0x33da98) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:1055] in winemenubuilder (0x0033da68) 5 0x7edb696b extract_icon+0xb0(icoPathW="C:\Program Files\Inno Setup 5\Compil32.exe", index=0, destFilename=0x0(nil), bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:1367] in winemenubuilder (0x0033dac8) 6 0x7edbbc7e InvokeShellLinker+0x6f8(sl=0x136dfc, link="C:\users\Public\Start Menu\Programs\Inno Setup 5\Inno Setup Compiler.lnk", bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:2865] in winemenubuilder (0x0033fa48) 7 0x7edbd6fc Process_Link+0x2d3(linkname="C:\users\Public\Start Menu\Programs\Inno Setup 5\Inno Setup Compiler.lnk", bWait=0x1) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:3250] in winemenubuilder (0x0033fce8) 8 0x7edbef43 wWinMain+0x26d(hInstance=<couldn't compute location>, prev=<couldn't compute location>, cmdline=<couldn't compute location>, show=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/programs/winemenubuilder/winemenubuilder.c:3703] in winemenubuilder (0x0033fd68) 9 0x7edbf67a wmain+0x109(argc=0x3, argv=0x115258) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_wmain.c:51] in winemenubuilder (0x0033fde8) 10 0x7edbf555 __wine_spec_exe_wentry+0x74(peb=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_wentry.c:36] in winemenubuilder (0x0033fe18) 11 0x7b86404c call_process_entry+0xb() in kernel32 (0x0033fe38) ... 0xf74c88e6 __memcpy_ssse3_rep+0x286 in libc.so.6: Modules: Module Address Debug info Name (52 modules) ELF 7b800000-7ba62000 Dwarf kernel32<elf> -PE 7b810000-7ba62000 \ kernel32 ... ELF 7eda0000-7edcb000 Dwarf winemenubuilder<elf> -PE 7edb0000-7edcb000 \ winemenubuilder ... Threads: process tid prio (all id:s are in hex) ... 00000027 (D) C:\windows\system32\winemenubuilder.exe 00000028 0 <== --- snip ---
Hex dump of the raw data from first icon group:
(sorry for the DWORD dump, but you get the idea)
--- snip --- 003FA5DC 00010000 003FA5E0 10100008 003FA5E4 00010000 003FA5E8 05680008 ; group entry #1 size = 0x568 == icon res size (ok) 003FA5EC 00010000 003FA5F0 00002020 003FA5F4 00080001 003FA5F8 000008A8 ; group entry #2 size = 0x8A8 == icon res size (ok) 003FA5FC 30300002 003FA600 00010000 003FA604 0EA80008 ; group entry #3 size = 0xEA8 == icon res size (ok) 003FA608 00030000 003FA60C 00001010 003FA610 00200001 003FA614 00000468 ; group entry #4 size = 0x468 == icon res size (ok) 003FA618 20200004 003FA61C 00010000 003FA620 10A80020 ; group entry #5 size = 0x10A8 == icon res size (ok) 003FA624 00050000 003FA628 00003030 003FA62C 00200001 003FA630 000025A8 ; group entry #6 size = 0x25A8 == icon res size (ok) 003FA634 00800006 003FA638 00010000 003FA63C 08280020 ; group entry #7 size = 0x10828 == icon res size (ok) 003FA640 00070001 003FA644 00000000 003FA648 00200001 003FA64C 00040028 ; group entry #8 size = 0x40028 != icon res size = 0x90E4 (!) 003FA650 00000008 --- snip ---
Icon #8 is PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced.
Newer Windows versions, starting with Windows Vista+ support these, for example in large thumbnail view.
Some information here: http://www.axialis.com/tutorials/tutorial-vistaicons.html
The large size value from icon group entry #8 triggers an out-of-bounds exception on resource section (unmapped area) -> 'src' of icon data 'memcpy'.
Actually, the number 0x40028 could be a magic or hint for this new stuff.
I tested other installers with my patch/hacks that dumped a bit more information about resource processing, especially inconsistencies.
Whenever the executable resource section contained 256x256 icons, the magic number was there but the actual icon resource (PNG) had different sizes.
'winemenubuilder' needs to cope with these large icons and their peculiarities (at least avoid the crash).
--- snip --- trace:menubuilder:extract_icon path=[L"C:\Program Files\Inno Setup 5\Compil32.exe"] index=0 destFilename=[(null)] trace:menubuilder:platform_write_icon [0]: 16 x 16 @ 8 trace:menubuilder:platform_write_icon Selected: 3 trace:menubuilder:platform_write_icon [1]: 32 x 32 @ 8 trace:menubuilder:platform_write_icon Selected: 4 trace:menubuilder:platform_write_icon [2]: 48 x 48 @ 8 trace:menubuilder:platform_write_icon Selected: 5 trace:menubuilder:platform_write_icon [3]: 16 x 16 @ 32 trace:menubuilder:platform_write_icon [4]: 32 x 32 @ 32 trace:menubuilder:platform_write_icon [5]: 48 x 48 @ 32 trace:menubuilder:platform_write_icon [6]: 128 x 0 @ 32 trace:menubuilder:platform_write_icon Selected: 6 trace:menubuilder:platform_write_icon [7]: 0 x 0 @ 32 trace:menubuilder:platform_write_icon Selected: 7 --- snip ---
$ sha1sum isetup-5.5.4.exe 6ddc6db3a85882711470e0eeba861249b64edaf8 isetup-5.5.4.exe
$ du -sh isetup-5.5.4.exe 1.9M isetup-5.5.4.exe
$ wine --version wine-1.7.21-61-gf9f3b21
Regards
http://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hibi.sasahara@gmail.com
--- Comment #11 from Anastasius Focht focht@gmx.net --- *** Bug 36852 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mary22sat@gmail.com
--- Comment #12 from Anastasius Focht focht@gmx.net --- *** Bug 35759 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |JamesR777@hotmail.co.uk
--- Comment #13 from Anastasius Focht focht@gmx.net --- *** Bug 30315 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |josephmbennett@hotmail.com
--- Comment #14 from Anastasius Focht focht@gmx.net --- *** Bug 37031 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=19241
Indrek efbiaiinzinz@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |efbiaiinzinz@hotmail.com
--- Comment #15 from Indrek efbiaiinzinz@hotmail.com --- Created attachment 49409 --> https://bugs.winehq.org/attachment.cgi?id=49409 fix for out-of-bounds read
This patch should help for InnoSetup issue.
Issue seems to be GRPICONDIRENTRY with invalid information. The dwBytesInRes has a value that exceeds the Size value in IMAGE_RESOURCE_DATA_ENTRY, causing out-of-bounds memcpy and thus crash. Added check+clipping against the out-of-bounds read.
As per MSDN blog, icon resources can contain raw PNG information instead of regular BITMAPINFO, but due to weird decisions, only way to differentiate between them is to check if the resource starts with PNG header bytes. http://blogs.msdn.com/b/oldnewthing/archive/2010/10/22/10079192.aspx Added check+skip for PNG icons to avoid issues arising from invalid BITMAPINFO since I did not see that winemenubuilder supports/checks PNG icons anywhere.
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #16 from Indrek efbiaiinzinz@hotmail.com --- It was pointed out to me that the PNG bytes were actually correctly handled in windowscodecs, so only resource size check was needed. I resent the smaller patch https://source.winehq.org/patches/data/106261 After patching the crash is gone for me.
https://bugs.winehq.org/show_bug.cgi?id=19241
hanska2@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hanska2@luukku.com
--- Comment #17 from hanska2@luukku.com --- I see your patch as committed so this should be fixed then...?
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |c205e6800a63a5df9960d8484a2 | |e67687d53bc50 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #18 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/c205e6800a63a5df9960d8484a2...
Thanks Indrek
Regards
https://bugs.winehq.org/show_bug.cgi?id=19241
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |UNCONFIRMED CC| |nerv@dawncrow.de Resolution|FIXED |--- Ever confirmed|1 |0
--- Comment #19 from André H. nerv@dawncrow.de --- (In reply to Anastasius Focht from comment #18)
Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/ c205e6800a63a5df9960d8484a2e67687d53bc50
Thanks Indrek
Regards
I just found this bug while having it with latest git. This bug is about the for loop:
(In reply to Dan Kegel from comment #5)
I see winemenubuilder crash occasionally, even on clean .wine directories. Here's a backtrace:
Unhandled exception: page fault on read access to 0x003f68c8 in 32-bit code (0x68684fd6). Backtrace: ... 0x68684fd6 add_module_icons_to_stream+0x26 [programs/winemenubuilder/winemenubuilder.c:619] 619 for (i = 0; i < grpIconDir->idCount; i++)
It's now line 651, but the same problem
https://bugs.winehq.org/show_bug.cgi?id=19241
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #20 from André H. nerv@dawncrow.de --- So, confirming
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #21 from Indrek efbiaiinzinz@hotmail.com --- If segfault appears on line 651, this is perhaps yet another issue because it should mean broken grpIconDir value. What programs do you have installed/copied into wine? Or did it happen in clean prefix? In case of clean prefix, what is your main system configuration? Do you see in the backtrace what executable/file is causing this crash?
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #22 from André H. nerv@dawncrow.de --- (In reply to Indrek from comment #21)
If segfault appears on line 651, this is perhaps yet another issue because it should mean broken grpIconDir value. What programs do you have installed/copied into wine? Or did it happen in clean prefix? In case of clean prefix, what is your main system configuration? Do you see in the backtrace what executable/file is causing this crash?
sorry for the delay I have a 32-bit prefix on ubuntu 12.04 with a self compiled 32-bit wine from last Fridays git (b10b39185dd9). Inside the prefix is only a modified eclipse (or call it an eclipse based app). I tried to reproduce this bug with different ideas and i wasn't able to produce it again... I stupidly haven't saved the backtrace, therefor i can't tell which executable caused this...
I'll keep trying to reproduce it and will save a backtrace as soon as i get one.
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #23 from Indrek efbiaiinzinz@hotmail.com --- (In reply to André H. from comment #22)
(In reply to Indrek from comment #21)
If segfault appears on line 651, this is perhaps yet another issue because it should mean broken grpIconDir value. What programs do you have installed/copied into wine? Or did it happen in clean prefix? In case of clean prefix, what is your main system configuration? Do you see in the backtrace what executable/file is causing this crash?
sorry for the delay I have a 32-bit prefix on ubuntu 12.04 with a self compiled 32-bit wine from last Fridays git (b10b39185dd9). Inside the prefix is only a modified eclipse (or call it an eclipse based app). I tried to reproduce this bug with different ideas and i wasn't able to produce it again... I stupidly haven't saved the backtrace, therefor i can't tell which executable caused this...
I'll keep trying to reproduce it and will save a backtrace as soon as i get one.
Is this eclipse based app publicly available for downloading and installing? It would help with the debugging a lot.
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #24 from André H. nerv@dawncrow.de --- Created attachment 49598 --> https://bugs.winehq.org/attachment.cgi?id=49598 backtrace
(In reply to Indrek from comment #23)
Is this eclipse based app publicly available for downloading and installing? It would help with the debugging a lot.
More testing shows that it was in a different prefix, sorry for the confusion. The prefix is empty. It happens at prefix update. What i guess is that notepad.exe still get's overwritten while the menubuilder tries to read data from that file.
I'll also attach the fake notepad.exe while i still think it's fine
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #25 from André H. nerv@dawncrow.de --- Created attachment 49599 --> https://bugs.winehq.org/attachment.cgi?id=49599 fake notepad.exe
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |vrajiva@gmail.com
--- Comment #26 from Anastasius Focht focht@gmx.net --- *** Bug 38126 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=19241
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #27 from super_man@post.com --- If the crash happens at prefix update then this feels like a duplicate of
https://bugs.winehq.org/show_bug.cgi?id=38162
https://bugs.winehq.org/show_bug.cgi?id=19241
--- Comment #28 from Anastasius Focht focht@gmx.net --- Hello Jarkko,
--- quote --- If the crash happens at prefix update then this feels like a duplicate of
https://bugs.winehq.org/show_bug.cgi?id=38162 --- quote ---
No, see my comment #10 for the original reason the bug was opened for. Unfortunately some folks decided to reopen/recycle it for entirely different issue which I described in bug 38162
Regards
https://bugs.winehq.org/show_bug.cgi?id=19241
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.innosetup.com/do |http://files.jrsoftware.org |wnload.php/is.exe |/is/5/isetup-5.5.4.exe Keywords| |patch Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #29 from Anastasius Focht focht@gmx.net --- Hello folks,
resolving again.
This was fixed a long time ago, with commit https://source.winehq.org/git/wine.git/commitdiff/c205e6800a63a5df9960d8484a...
$ wine winemenubuilder "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5\Inno Setup Compiler.lnk"
The 'winemenubuilder' startup race condition, leading to crash still occasionally happens. Covered by bug 38162
http://files.jrsoftware.org/is/5/
$ sha1sum isetup-5.5.4.exe 6ddc6db3a85882711470e0eeba861249b64edaf8 isetup-5.5.4.exe
$ du -sh isetup-5.5.4.exe 1.9M isetup-5.5.4.exe
$ wine --version wine-3.5-70-g2986e89501
Regards
https://bugs.winehq.org/show_bug.cgi?id=19241
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #30 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.6.
-
wine-bugs@winehq.org