[Bug 32169] New: page fault on read access to 0x013ed370 in 64-bit code (0x00000000004096e9)
http://bugs.winehq.org/show_bug.cgi?id=32169
Bug #: 32169 Summary: page fault on read access to 0x013ed370 in 64-bit code (0x00000000004096e9) Product: Wine Version: 1.5.16 Platform: x86-64 URL: http://www.powergrep.com/download.html OS/Version: Linux Status: UNCONFIRMED Severity: blocker Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: WineHQBugzilla.sn3akyp3t3@spamgourmet.com Classification: Unclassified
Created attachment 42441 --> http://bugs.winehq.org/attachment.cgi?id=42441 Crash dump
Caused when running PowerGrep version 4.4 64 Bit portable Binary. Unfortunately, this is not a free product so may be difficult to correct.
A debugger version of PowerGrep4 64 bit is also available, but unfortunately it refuses to run which I will submit another bug report for.
I'm currently working with the developer after experiencing an access violation error using the 32 bit version which I was able to run the debugger and submit a bug. I don't know if that bug is related to this one. I'm doubting it because the trigger of the error for the 32 bit experienced is not at process startup like this one I experience here.
The GUI of the application for this issue fails to present itself on startup. All that is given is the dump.
I've had previous experience with this application running without fail on Ubuntu 10.04.
http://bugs.winehq.org/show_bug.cgi?id=32169
Rosanne DiMesio dimesio@earthlink.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|blocker |normal
--- Comment #1 from Rosanne DiMesio dimesio@earthlink.net 2012-11-08 08:21:28 CST --- Not a blocker. http://bugs.winehq.org/page.cgi?id=fields.html#importance
http://bugs.winehq.org/show_bug.cgi?id=32169
--- Comment #2 from Sn3akyP3t3 WineHQBugzilla.sn3akyp3t3@spamgourmet.com 2012-11-08 11:57:18 CST --- I apologize for incorrect severity. It was late when I submitted and failed to locate definitions of severity classifications. It should be "normal".
http://bugs.winehq.org/show_bug.cgi?id=32169
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, win64
http://bugs.winehq.org/show_bug.cgi?id=32169
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |kernel32 Summary|page fault on read access |PowerGrep v4.x 64-bit |to 0x013ed370 in 64-bit |crashes on startup |code (0x00000000004096e9) |(GetLocaleInfo() returns | |improper TCHAR count for | |LOCALE_IFIRSTDAYOFWEEK) Ever Confirmed|0 |1
--- Comment #3 from Anastasius Focht focht@gmx.net 2013-04-28 13:54:46 CDT --- Hello folks,
confirming.
--- snip --- ... 0024:Call KERNEL32.IsWow64Process(ffffffffffffffff,0022fb9c) ret=0066566d 0024:Ret KERNEL32.IsWow64Process() retval=00000001 ret=0066566d 0024:Call KERNEL32.GetThreadLocale() ret=00665b66 0024:Ret KERNEL32.GetThreadLocale() retval=00000409 ret=00665b66 0024:Call KERNEL32.GetLocaleInfoW(00000409,0000100c,00000000,00000000) ret=00665ac2 0024:Ret KERNEL32.GetLocaleInfoW() retval=00000003 ret=00665ac2 0024:Call KERNEL32.GetLocaleInfoW(00000409,0000100c,013ee600,00000003) ret=00665afc 0024:Ret KERNEL32.GetLocaleInfoW() retval=00000002 ret=00665afc 0024:Call user32.LoadStringW(00400000,0000ff40,0022da60,00001000) ret=00412a97 0024:Ret user32.LoadStringW() retval=00000023 ret=00412a97 0024:Call KERNEL32.RaiseException(0eedfade,00000001,00000007,0022fa58) ret=0040b716 0024:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b84a251 ip=7b84a251 tid=0024 0024:trace:seh:raise_exception info[0]=00000000004304a2 0024:trace:seh:raise_exception info[1]=0000000001412d00 0024:trace:seh:raise_exception info[2]=0000000000000000 0024:trace:seh:raise_exception info[3]=0000000000000000 0024:trace:seh:raise_exception info[4]=0000000000000000 0024:trace:seh:raise_exception info[5]=0000000000000000 0024:trace:seh:raise_exception info[6]=0000000000000000 0024:trace:seh:raise_exception rax=000000000022f690 rbx=000000007bae1f9d rcx=000000000022f690 rdx=00000036fed43ff2 0024:trace:seh:raise_exception rsi=000000000022fa58 rdi=000000000022f6b0 rbp=000000000022f7e0 rsp=000000000022f670 0024:trace:seh:raise_exception r8=0000000000000038 r9=000000000022fa58 r10=0020002700270000 r11=00000036fed7bc80 0024:trace:seh:raise_exception r12=0000000000014bcc r13=00007ffff6d7c180 r14=0000000000000000 r15=0000000000000000 --- snip ---
The app uses GetLocaleInfo() with LCType = LOCALE_IFIRSTDAYOFWEEK to query for first day of week. It seems there is a misconception in Wine regarding data buffer sizes (TCHAR counting).
MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/dd318101%28v=vs.85%2...
--- quote --- Parameters
... lpLCData [out, optional]
Pointer to a buffer in which this function retrieves the requested locale information. This pointer is not used if cchData is set to 0. For more information, see the Remarks section. cchData [in]
Size, in TCHAR values, of the data buffer indicated by lpLCData. Alternatively, the application can set this parameter to 0. In this case, the function does not use the lpLCData parameter and returns the required buffer size, including the terminating null character.
... Return value
Returns the number of characters retrieved in the locale data buffer if successful and cchData is a nonzero value. If the function succeeds, cchData is nonzero, and LOCALE_RETURN_NUMBER is specified, the return value is the size of the integer retrieved in the data buffer; that is, 2 for the Unicode version of the function or 4 for the ANSI version. If the function succeeds and the value of cchData is 0, the return value is the required size, in characters including a null character, for the locale data buffer. --- quote ---
As seen in trace log:
Wine returns 3 on first call (= fetch size, NULL terminator included). Wine returns 2 on second call (app supplies cchData=3, null terminator included).
I expected 2 and 1 respectively: 1 TCHAR stringified LOCALE_IFIRSTDAYOFWEEK + 1 TCHAR null terminator.
The app parser code uses some ascii char -> decimal conversion and doesn't expect to parse a null character (Wine returns 2), hence the exception/crash.
With corrected TCHAR count the app starts properly.
$ du -sh SetupPowerGREPDemo.exe 14M SetupPowerGREPDemo.exe
$ sha1sum SetupPowerGREPDemo.exe aee9d7d313d7fa7a9fcd859425e4a43068df0ff3 SetupPowerGREPDemo.exe
$ wine --version wine-1.5.29-38-g8e4317c
Regards
http://bugs.winehq.org/show_bug.cgi?id=32169
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com 2013-08-18 17:03:14 CDT --- I sent a patch http://www.winehq.org/pipermail/wine-patches/2013-August/125893.html. According to tests return value on second call is the same, so could you please retest?
http://bugs.winehq.org/show_bug.cgi?id=32169
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gaming4jc2@yahoo.com
--- Comment #5 from Anastasius Focht focht@gmx.net 2013-08-31 11:51:52 CDT --- *** Bug 34404 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=32169
--- Comment #6 from Sn3akyP3t3 WineHQBugzilla.sn3akyp3t3@spamgourmet.com 2013-11-03 22:14:02 CST --- I'm sorry I posted to bug id 32169, I had thought the bug I created was numbered 32170 so not sure whats going on there.
I'm available to provide testing if someone could kindly let me know how to apply the patch.
Also, I posted this in the other 32170 bug id and thought it wasn't answered.
From the developer of PowerGREP, Jan Goyvaerts,
"If I correctly interpret the meaning of "stub" in the the dump you posted at http://bugs.winehq.org/show_bug.cgi?id=32170 then it seems that the debug build crashes because WINE does ot implement the GetLogicalProcessorInformation API call.
PowerGREP itself (or any of our other products) never calls GetLogicalProcessorInformation. But the 3rd party component that we use to add the bug logging system to our debug builds does call GetLogicalProcessorInformation.
If my observations are correct, then you won't be able to use any of our (64-bit) debug builds until (64-bit) WINE implements GetLogicalProcessorInformation. You also won't be able to run any other (64-bit) applications that use Eurekalog for bug logging. This is a fairly popular component among Delphi developers. We only use it in our debug builds, but some developers like to include it in their release builds too. I can build a dummy application that includes the bug logging system as we use it if that would be helpful to the WINE developers."
Would there be any need for a bug logging system for testing with WINE? I'm not sure all of what that entails.
http://bugs.winehq.org/show_bug.cgi?id=32169
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|PowerGrep v4.x 64-bit |Multiple 64-bit |crashes on startup |applications crash on |(GetLocaleInfo() returns |startup (GetLocaleInfo() |improper TCHAR count for |returns improper TCHAR |LOCALE_IFIRSTDAYOFWEEK) |count for | |LOCALE_IFIRSTDAYOFWEEK) | |(PowerGrep v4.x, RegexBuddy | |4.x)
--- Comment #7 from Anastasius Focht focht@gmx.net 2013-12-09 11:50:26 CST --- Hello folks,
the 64-bit version of RegexBuddy 4.0.x also suffers from this.
There is a section on the website "Running RegexBuddy on Linux Using Wine" (http://www.regexbuddy.com/wine.html), stating "The 64-bit version of wine has bugs that break 64-bit RegexBuddy." so I investigated this.
Download: http://www.regexbuddy.com/cgi-bin/SetupRegexBuddyDemo.exe (combined 32-bit and 64-bit installer)
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Just Great Software/RegexBuddy4
$ file *.exe RegexBuddy4.exe: PE32+ executable (GUI) x86-64, for MS Windows UnDeploy64.exe: PE32+ executable (GUI) x86-64, for MS Windows
$ WINEDEBUG=+tid,+seh,+relay,+resource wine ./RegexBuddy4.exe >>log.txt 2>&1 ... 0026:Call KERNEL32.IsWow64Process(ffffffffffffffff,0023fbac) ret=006e442d 0026:Ret KERNEL32.IsWow64Process() retval=00000001 ret=006e442d 0026:Call KERNEL32.GetThreadLocale() ret=006e47a6 0026:Ret KERNEL32.GetThreadLocale() retval=00000409 ret=006e47a6 0026:Call KERNEL32.GetLocaleInfoW(00000409,0000100c,00000000,00000000) ret=006e4702 0026:Ret KERNEL32.GetLocaleInfoW() retval=00000003 ret=006e4702 0026:Call KERNEL32.GetLocaleInfoW(00000409,0000100c,0137e8a0,00000003) ret=006e473c 0026:Ret KERNEL32.GetLocaleInfoW() retval=00000002 ret=006e473c 0026:Call user32.LoadStringW(00400000,0000ff6a,0023da70,00001000) ret=00412687 0026:trace:resource:LoadStringW instance = 0x400000, id = ff6a, buffer = 0x23da70, length = 4096 0026:trace:resource:FindResourceExW 0x400000 #0006 #0ff7 0000 0026:trace:resource:LdrFindResource_U module 0x400000 type #0006 name #0ff7 lang 0000 level 3 0026:trace:resource:find_entry_by_id root 0x1040000 dir 0x1040000 id 0006 ret 0x10403d0 0026:trace:resource:find_entry_by_id root 0x1040000 dir 0x10403d0 id 0ff7 ret 0x1042538 0026:trace:resource:find_entry_by_id root 0x1040000 dir 0x1042538 id 0000 ret 0x1043f68 0026:trace:resource:LoadResource 0x400000 0x1043f68 0026:trace:resource:LoadStringW strlen = 35 0026:trace:resource:LoadStringW L"''%s'' is not a valid integer value" loaded ! 0026:Ret user32.LoadStringW() retval=00000023 ret=00412687 0026:Call KERNEL32.RaiseException(0eedfade,00000001,00000007,0023fa68) ret=0040b676 0026:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b849fff ip=7b849fff tid=0026 0026:trace:seh:raise_exception info[0]=000000000042b432 0026:trace:seh:raise_exception info[1]=0000000001390e30 0026:trace:seh:raise_exception info[2]=0000000000000000 0026:trace:seh:raise_exception info[3]=0000000000000000 0026:trace:seh:raise_exception info[4]=0000000000000000 0026:trace:seh:raise_exception info[5]=0000000000000000 0026:trace:seh:raise_exception info[6]=0000000000000000 0026:trace:seh:raise_exception rax=000000000023f7d0 rbx=0000000001390e30 rcx=000000000023f7d0 rdx=0000003c95f49fb2 0026:trace:seh:raise_exception rsi=000000000023fa68 rdi=000000000023f7f0 rbp=000000000023f920 rsp=000000000023f7b0 0026:trace:seh:raise_exception r8=0000000000000007 r9=000000000023fa68 r10=0000000000000000 r11=0000003c95f807e0 0026:trace:seh:raise_exception r12=000000007bf00c50 r13=00007fff6fd4ff30 r14=0000000000000000 r15=0000000000000000 ... Backtrace: =>0 0x0000000000409659 in regexbuddy4 (+0x9659) (0x000000000023faa0) 1 0x0000000000437438 in regexbuddy4 (+0x37437) (0x000000000023faa0) 2 0x000000000040b656 in regexbuddy4 (+0xb655) (0x000000000023faa0) 3 0x000000000040b6f8 in regexbuddy4 (+0xb6f7) (0x000000000023fbf0) 4 0x000000000040b95c in regexbuddy4 (+0xb95b) (0x000000000023fbf0) 5 0x000000000040b9da in regexbuddy4 (+0xb9d9) (0x000000000023fcb0) 6 0x0000000000412eb2 in regexbuddy4 (+0x12eb1) (0x000000000023fcb0) 7 0x0000000000dd7d45 in regexbuddy4 (+0x9d7d44) (0x000000000023fcb0) ... 0x0000000000409659: movq (%rcx),%rcx Modules: Module Address Debug info Name (91 modules) PE 400000- 1260600 Export regexbuddy4 ELF 7b800000- 7bc83000 Dwarf kernel32<elf> -PE 7b820000- 7bc83000 \ kernel32 ELF 7be00000- 7c103000 Dwarf <wine-loader> ... Threads: process tid prio (all id:s are in hex) ... 00000025 (D) C:\Program Files\Just Great Software\RegexBuddy4\RegexBuddy4.exe 00000026 0 <== --- snip ---
$ sha1sum SetupRegexBuddyDemo.exe b100d449df722b4c841eaeeb530c88566ab137e0 SetupRegexBuddyDemo.exe
$ du -sh SetupRegexBuddyDemo.exe 12M SetupRegexBuddyDemo.exe
$ wine --version wine-1.7.8-128-g37460b6
Regards
http://bugs.winehq.org/show_bug.cgi?id=32169
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=32169
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ngupta@umiacs.umd.edu
--- Comment #8 from Anastasius Focht focht@gmx.net --- *** Bug 37718 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=32169
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #9 from Sebastian Lackner sebastian@fds-team.de --- The following patch fixes the issue for me (with RegexBuddy):
https://github.com/wine-compholio/wine-staging/tree/master/patches/kernel32-...
The patch from Nikolay in comment 4 works also, but the included tests pass even without the change applied, and moreover the special cases with ret == 0 or non-nullterminated strings are not handled properly.
https://bugs.winehq.org/show_bug.cgi?id=32169
--- Comment #10 from Sebastian Lackner sebastian@fds-team.de --- Should be fixed with:
http://source.winehq.org/git/wine.git/commit/8826ba1bc86fefa22c543608585ae8f...
https://bugs.winehq.org/show_bug.cgi?id=32169
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8826ba1bc86fefa22c543608585 | |ae8f3b4310a5f Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/8826ba1bc86fefa22c543608585...
Thanks Sebastian
Regards
https://bugs.winehq.org/show_bug.cgi?id=32169
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #12 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.34.
-
wine-bugs@winehq.org