http://bugs.winehq.org/show_bug.cgi?id=25264
Summary: ExamXML crashes when opening an XML file Product: Wine Version: 1.3.7 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: m.duelli@web.de
There is a 30-day evaluation edition of ExamXML at http://www.a7soft.com/examxml.html
While the installation and the program start-up went fine, the program immediately crashes after selecting an XML file for comparison.
The output from the start-up to the crash is: err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0033f9d8 err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0033fd20 err:rebar:REBAR_MoveChildWindows EndDeferWindowPos returned NULL fixme:font:WineEngCreateFontInstance Untranslated charset 255 wine: Unhandled page fault on write access to 0x20202024 at address 0x7ef927d9 (thread 0009), starting debugger... err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0x7ef927d9
http://bugs.winehq.org/show_bug.cgi?id=25264
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.a7soft.com/examx | |ml.html
--- Comment #1 from Austin English austinenglish@gmail.com 2010-11-22 19:33:17 CST --- Please attach the full backtrace.
http://bugs.winehq.org/show_bug.cgi?id=25264
--- Comment #2 from Michael Duelli m.duelli@web.de 2010-11-23 02:57:10 CST --- Here, is the full backtrace using winedbg as shown on http://wiki.winehq.org/Backtraces
~/.wine/drive_c/Program Files/ExamXML $ wine winedbg ExamXML.exe WineDbg starting on pid 0020 0x7edfd3e9: movl %edi,0x4(%esp) Wine-dbg>set $BreakOnFirstChance=0 Wine-dbg>cont err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0033f9d8 err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0033fd20 err:rebar:REBAR_MoveChildWindows EndDeferWindowPos returned NULL fixme:font:WineEngCreateFontInstance Untranslated charset 255 err:pidl:_ILCreateGuidFromStrW L"DelegateFolders" is not a GUID Unhandled exception: page fault on write access to 0x20202024 in 32-bit code (0x7ef93679). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:7ef93679 ESP:0033ee90 EBP:0033eee8 EFLAGS:00010202( R- -- I - - - ) EAX:20202020 EBX:7efe3ff4 ECX:00000080 EDX:20202020 ESI:00126b68 EDI:00000002 Stack dump: 0x0033ee90: 0033eecc 7efe3ff4 0033eef8 7ef92db3 0x0033eea0: 00110060 00000000 00000000 00110000 0x0033eeb0: 00000080 00000000 00000000 00110000 0x0033eec0: 00146ad0 00154ec0 00158090 00110014 0x0033eed0: 00000257 000001db 00000269 7e82eff4 0x0033eee0: 0033ef74 00000008 0033ef08 7e81c077 Backtrace: =>0 0x7ef93679 RtlAllocateHeap+0xab() in ntdll (0x0033eee8) 1 0x7e81c077 in gdi32 (+0x4c076) (0x0033ef08) 2 0x7e81da92 in gdi32 (+0x4da91) (0x0033ef98) 3 0x7e81df1c in gdi32 (+0x4df1b) (0x0033efc8) 4 0x7e81eec1 CombineRgn+0x25f() in gdi32 (0x0033f068) 5 0x7e7db878 GetClipBox+0x92() in gdi32 (0x0033f0b8) 6 0x7e7dc1ca ExtSelectClipRgn+0xf6() in gdi32 (0x0033f118) 7 0x7e8c424f ExcludeUpdateRgn+0xc8() in user32 (0x0033f158) 8 0x7e0d58e3 in winex11 (+0x558e2) (0x0033f1e8) 9 0x7e0d6c53 X11DRV_WindowPosChanged+0x17e() in winex11 (0x0033f2f8) 10 0x7e8e7484 in user32 (+0x87483) (0x0033f3f8) 11 0x7e8e902e in user32 (+0x8902d) (0x0033f538) 12 0x7e8e9fbc SetWindowPos+0x88() in user32 (0x0033f5b8) 13 0x7e8c701a in user32 (+0x67019) (0x0033f608) 14 0x7e8c70c1 ShowScrollBar+0x30() in user32 (0x0033f628) 15 0x7ea0c4fb in comctl32 (+0x8c4fa) (0x0033f6a8) 16 0x7ea0dfca in comctl32 (+0x8dfc9) (0x0033f718) 17 0x7ea0fba4 in comctl32 (+0x8fba3) (0x0033f768) 18 0x7ea11852 in comctl32 (+0x91851) (0x0033f898) 19 0x7e8ecc9a WINPROC_wrapper+0x19() in user32 (0x0033f8c8) 20 0x7e8ee46e in user32 (+0x8e46d) (0x0033f918) 21 0x7e8ee5a7 CallWindowProcW+0x53() in user32 (0x0033f968) 22 0x0040e8e6 in examxml (+0xe8e5) (0x7e8ee553) 0x7ef93679 RtlAllocateHeap+0xab in ntdll: movl %eax,0x4(%edx)
Thanks in advance.
http://bugs.winehq.org/show_bug.cgi?id=25264
--- Comment #3 from Nikolay Sivov bunglehead@gmail.com 2010-11-27 04:02:26 CST --- Could be a duplicate of bug 25107, at least it crashes after a call that was added by the same commit.
http://bugs.winehq.org/show_bug.cgi?id=25264
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |comctl32 Ever Confirmed|0 |1
--- Comment #4 from Anastasius Focht focht@gmx.net 2011-12-20 11:52:52 CST --- Hello,
confirming, still present. It seems the heap gets corrupted in treeview control.
There is some overly long treeview item text. The "overwrite" pattern 0x20202024 looks like part of treeview item text.
--- snip --- 0023:trace:treeview:TREEVIEW_UpdateDispInfo resulting code 0xfffffe3c 0023:Call KERNEL32.LocalReAlloc(001600f0,00000104,00000042) ret=6835f96b 0023:Ret KERNEL32.LocalReAlloc() retval=001600f0 ret=6835f96b 0023:trace:treeview:TREEVIEW_UpdateDispInfo returned wstr L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"..., len=260 0023:Call gdi32.SelectObject(000012b0,00001214) ret=683efbf3 0023:Ret gdi32.SelectObject() retval=00001214 ret=683efbf3 0023:Call gdi32.GetTextExtentPoint32W(000012b0,001600f0 L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"...,000000a0,0032f550) ret=683ef996 0023:Ret gdi32.GetTextExtentPoint32W() retval=00000001 ret=683ef996 ... 0023:trace:treeview:TREEVIEW_WindowProc hwnd 0x500aa msg 0047 wp=00000000 lp=0032f428 0023:Call user32.DefWindowProcW(000500aa,00000047,00000000,0032f428) ret=683fb197 0023:Call window proc 0x413ab0 (hwnd=0x500aa,msg=WM_SIZE,wp=00000000,lp=026302c7) 0023:Call user32.CallWindowProcW(683fa45e,000500aa,00000005,00000000,026302c7) ret=00413b26 0023:Call window proc 0x683fa45e (hwnd=0x500aa,msg=WM_SIZE,wp=00000000,lp=026302c7) 0023:Call user32.GetWindowLongW(000500aa,00000000) ret=683ee1cd 0023:Ret user32.GetWindowLongW() retval=00147fb8 ret=683ee1cd 0023:trace:treeview:TREEVIEW_WindowProc hwnd 0x500aa msg 0005 wp=00000000 lp=026302c7 0023:trace:treeview:TREEVIEW_SetFirstVisible 0x14e508: L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"... 0023:trace:treeview:TREEVIEW_GetVisibleCount client=611, item=18 0023:Call user32.GetSystemMetrics(00000014) ret=683f3ffa 0023:Ret user32.GetSystemMetrics() retval=00000010 ret=683f3ffa 0023:Call user32.ShowScrollBar(000500aa,00000000,00000001) ret=683f4203 0023:Ret user32.ShowScrollBar() retval=00000001 ret=683f4203 0023:Call user32.SetScrollInfo(000500aa,00000000,0032e900,00000001) ret=683f4239 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc458e0 ip=7bc458e0 tid=0023 0023:trace:seh:raise_exception info[0]=00000001 0023:trace:seh:raise_exception info[1]=20202024 0023:trace:seh:raise_exception eax=20202020 ebx=7bcc0084 ecx=000502b8 edx=20202020 esi=7ffdf000 edi=00000000 0023:trace:seh:raise_exception ebp=0032e388 esp=0032e388 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010216 ... --- snip ---
Small debugging session, immediately before the corruption:
--- snip --- Wine-dbg>bt Backtrace: =>0 0x684b301a GetTextExtentPoint32W(hdc=0x12b0, str="åååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååå", count=0xa0, size=0x33f6cc) [/home/focht/projects/wine/wine-git/dlls/gdi32/font.c:1005] in gdi32 (0x0033f6e4) 1 0x683eac0f TREEVIEW_UpdateSubTree+0x111(infoPtr=0x1374e8, root=0x1622f0) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:998] in comctl32 (0x0033f714) 2 0x683f03e6 TREEVIEW_Expand+0x280(infoPtr=0x1374e8, item=0x1569a0, partial=0, user=0) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3391] in comctl32 (0x0033f7a4) 3 0x683f0960 TREEVIEW_ExpandMsg+0x117(infoPtr=0x1374e8, flag=0x2, item=0x1569a0) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3549] in comctl32 (0x0033f7f4) 4 0x683f59f4 TREEVIEW_WindowProc+0x595(hwnd=0x50084, uMsg=0x1102, wParam=0x2, lParam=0x1569a0) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:5621] in comctl32 (0x0033f854) 5 0x7c77e2d2 WINPROC_wrapper+0x19() in user32 (0x0033f884) 6 0x7c77e427 call_window_proc+0xcd(hwnd=0x50084, msg=0x1102, wp=0x2, lp=0x1569a0, result=0x33f904, arg=0x683f545e) [/home/focht/projects/wine/wine-git/dlls/user32/winproc.c:242] in user32 (0x0033f8d4) 7 0x7c7809a1 CallWindowProcW+0x63(func=0x683f545e, hwnd=0x50084, msg=0x1102, wParam=0x2, lParam=0x1569a0) [/home/focht/projects/wine/wine-git/dlls/user32/winproc.c:980] in user32 (0x0033f914) 8 0x00413b26 in examxmlpro (+0x13b25) (0x7c78093d) Wine-dbg>c Unhandled exception: page fault on write access to 0x20202024 in 32-bit code (0x7bc458e0). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7bc458e0 ESP:0033f134 EBP:0033f134 EFLAGS:00010206( R- -- I - -P- ) EAX:20202020 EBX:7bcc0084 ECX:0003b580 EDX:001100f8 ESI:7ffdf000 EDI:0033f4c8 Stack dump: 0x0033f134: 0033f194 7bc49e2c 0014b448 00000128 0x0033f144: 0033f15c 0012c7d0 7c7b9690 7c7b9690 0x0033f154: 0033f174 7c76b5de 00110014 0033f488 0x0033f164: 0033f174 7bc3342f 6851b024 00000001 0x0033f174: 0014b440 7bc33e58 6851b024 0033f488 0x0033f184: 00110000 00000128 0012c7d0 7c7b9690 000c: sel=0067 base=00000000 limit=00000000 32-bit rw- Backtrace: =>0 0x7bc458e0 list_remove+0xe(elem=0x14b448) [/home/focht/projects/wine/wine-git/include/wine/list.h:98] in ntdll (0x0033f134) 1 0x7bc49e2c RtlAllocateHeap+0x263(heap=0x110000, flags=0x2, size=0x123) [/home/focht/projects/wine/wine-git/dlls/ntdll/heap.c:1699] in ntdll (0x0033f194) 2 0x7c74cb82 update_visible_region+0x6c(dce=0x1394c8) [/home/focht/projects/wine/wine-git/dlls/user32/painting.c:123] in user32 (0x0033f294) 3 0x7c74ebf7 GetDCEx+0x538(hwnd=0x20022, hrgnClip=(nil), flags=0x12) [/home/focht/projects/wine/wine-git/dlls/user32/painting.c:1035] in user32 (0x0033f314) 4 0x68b6b5cb move_window_bits+0xbd(data=0x137a90, old_rect=0x33f594, new_rect=0x33f584, old_client_rect=0x33f3f0) [/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:1620] in winex11 (0x0033f3b4) 5 0x68b6de93 X11DRV_WindowPosChanged+0x2cb(hwnd=0x50084, insert_after=(nil), swp_flags=0x1037, rectWindow=0x33f5b4, rectClient=0x33f5a4, visible_rect=0x33f518, valid_rects=0x33f584) [/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:2524] in winex11 (0x0033f454) 6 0x7c77b9ed set_window_pos+0x39d(hwnd=0x50084, insert_after=(nil), swp_flags=0x1037, window_rect=0x33f5b4, client_rect=0x33f5a4, valid_rects=0x33f584) [/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2006] in user32 (0x0033f554) 7 0x7c77bc93 USER_SetWindowPos+0x29a(winpos=0x33f624) [/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2077] in user32 (0x0033f5e4) 8 0x7c77bfcb SetWindowPos+0x139(hwnd=0x50084, hwndInsertAfter=(nil), x=0, y=0, cx=0, cy=0, flags=0x37) [/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2151] in user32 (0x0033f654) 9 0x7c756239 SCROLL_ShowScrollBar+0x180(hwnd=0x50084, nBar=0, fShowH=0x1, fShowV=0) [/home/focht/projects/wine/wine-git/dlls/user32/scroll.c:1987] in user32 (0x0033f6a4) 10 0x7c7562ac ShowScrollBar+0x49(hwnd=0x50084, nBar=0, fShow=0x1) [/home/focht/projects/wine/wine-git/dlls/user32/scroll.c:2014] in user32 (0x0033f6c4) 11 0x683ef203 TREEVIEW_UpdateScrollBars+0x38c(infoPtr=0x1374e8) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:2825] in comctl32 (0x0033f714) 12 0x683f03f1 TREEVIEW_Expand+0x28b(infoPtr=0x1374e8, item=0x1569a0, partial=0, user=0) [/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3392] in comctl32 (0x0033f7a4) ... --- snip ---
'winetricks comctl32' fixes the crash/corruption.
$ sha1sum examxmlpro.exe ccbd325c3f3e73afbc7d3ccaa8ba6574dc23409c examxmlpro.exe
$ wine --version wine-1.3.35-43-gd9d4a06
Regards
http://bugs.winehq.org/show_bug.cgi?id=25264
--- Comment #5 from Nikolay Sivov bunglehead@gmail.com 2011-12-20 12:06:05 CST --- Okay, that's mine then. Thank you for details.
http://bugs.winehq.org/show_bug.cgi?id=25264
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|wine-bugs@winehq.org |bunglehead@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=25264
--- Comment #6 from Austin English austinenglish@gmail.com --- austin@aw25 ~/.wine/drive_c/Program Files/ExamXML $ wine ExamXML.exe err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0033f9bc fixme:font:freetype_SelectFont Untranslated charset 255 fixme:ole:RemUnknown_QueryInterface No interface for iid {00000019-0000-0000-c000-000000000046} wine: Unhandled page fault on write access to 0x20202024 at address 0x7bc507fb (thread 0027), starting debugger... err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0x7bc507fb
austin@aw25 ~/.wine/drive_c/Program Files/ExamXML $ wine --version wine-1.7.14-234-g6e7440e
austin@aw25 ~ $ sha1sum examxml_32.exe 2b2ddb38103ea91abee5f8e8a670f9e69ff7ca6b examxml_32.exe austin@aw25 ~ $ du -h examxml_32.exe 840K examxml_32.exe
https://bugs.winehq.org/show_bug.cgi?id=25264
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #7 from super_man@post.com --- The issue is still valid with ExamXML Pro 32-bit 5.49
sha1sum d32a4e531f27c9d46c7b0c2a06524c37cb41bd22 examxmlpro_32.exe
wine 1.7.55(up to date git).
https://bugs.winehq.org/show_bug.cgi?id=25264
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bunglehead@gmail.com |wine-bugs@winehq.org
https://bugs.winehq.org/show_bug.cgi?id=25264
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #8 from winetest@luukku.com --- err:rebar:REBAR_WindowProc unknown msg 2002 wp=00000000 lp=0032f94c fixme:font:freetype_SelectFont Untranslated charset 255 wine: Unhandled page fault on write access to 0x20202024 at address 0x7bc528b2 (thread 0009), starting debugger...
The program has been udpated, but 32bit 5.50 version has the same issue.
wine 2.0rc3 and staging 2.0rc3.
https://bugs.winehq.org/show_bug.cgi?id=25264
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |damjan.jov@gmail.com
--- Comment #9 from Damjan Jovanovic damjan.jov@gmail.com --- Still a problem in 4.20.
The cause is a buffer size issue, due to NOT multiplying string length by sizeof(WCHAR) when allocating a wstr. This one line patch fixes the problem:
diff --git a/dlls/comctl32/treeview.c b/dlls/comctl32/treeview.c index 0d2c825714..06c4586fcd 100644 --- a/dlls/comctl32/treeview.c +++ b/dlls/comctl32/treeview.c @@ -754,7 +754,7 @@ TREEVIEW_UpdateDispInfo(const TREEVIEW_INFO *infoPtr, TREEVIEW_ITEM *item, else { int len = max(lstrlenW(callback.item.pszText) + 1, TEXT_CALLBACK_SIZE); - LPWSTR newText = heap_realloc(item->pszText, len); + LPWSTR newText = heap_realloc(item->pszText, len*sizeof(WCHAR));
TRACE("returned wstr %s, len=%d\n", debugstr_w(callback.item.pszText), len);
Other graphical issues in the application still abound. Doing XML -> Collapse Nodes, makes it impossible to expand them by clicking the "+". Right click a node, choose "Key attribute", the resulting dialog's buttons do not react (visually or behaviorally) to mouse clicks, and you have to click the "X" to close the dialog.
https://bugs.winehq.org/show_bug.cgi?id=25264
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Fixed by SHA1| |d558896fff1df9b595cb1d74ce3 | |87852c8a4eaab Summary|ExamXML crashes when |treeview wstr overrun in |opening an XML file |TVN_GETDISPINFOW (ExamXML | |crashes when opening an XML | |file)
--- Comment #10 from Damjan Jovanovic damjan.jov@gmail.com --- Patch committed, resolving fixed.
Thank you for your bug report.
https://bugs.winehq.org/show_bug.cgi?id=25264
--- Comment #11 from Nikolay Sivov bunglehead@gmail.com --- Thanks for the fix, Damjan.
https://bugs.winehq.org/show_bug.cgi?id=25264
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #12 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.21.
https://bugs.winehq.org/show_bug.cgi?id=25264
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x
https://bugs.winehq.org/show_bug.cgi?id=25264
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |---
--- Comment #13 from Michael Stefaniuc mstefani@winehq.org --- Removing the 4.0.x milestone from bug fixes included in 4.0.4.
-
wine-bugs@winehq.org -
WineHQ Bugzilla