https://bugs.winehq.org/show_bug.cgi?id=38639
Bug ID: 38639 Summary: CDex v1.78 no longer works after ubuntu upgrade to 14.04 from 12.04 Product: Wine Version: 1.6.2 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: highflux7@hushmail.com Distribution: ---
Created attachment 51551 --> https://bugs.winehq.org/attachment.cgi?id=51551 backtrace generated during example crash
CDex v1.77 worked perfectly for long time with Ubuntu 12.04. Foolishly "upgraded" to Ubuntu 14.04, installed CDex v1.78 and found it (and CDex v1.77) crash consistently. Even setting preferences results in a crash dialog upon choosing 'OK'.
https://bugs.winehq.org/show_bug.cgi?id=38639
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |RESOLVED URL| |http://cdex.mu/download CC| |focht@gmx.net Resolution|--- |WORKSFORME Summary|CDex v1.78 no longer works |CDex v1.78 crashes on |after ubuntu upgrade to |startup |14.04 from 12.04 |
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
you're using an outdated Wine 1.6.2 version. Upgrade to Wine 1.7.x series, preferably Wine 1.7.43 If you don't know how to that, seek help in WineHQ user forums.
The app works fine here. I've tested by extracting music CD tracks to WAV along with encoding (lame/mp3).
$ sha1sum CDex-1.78-win32.exe 2d7b530ec5fd4eb99a8f1e2b24e90e0a31479c99 CDex-1.78-win32.exe
$ du -sh CDex-1.78-win32.exe 13M CDex-1.78-win32.exe
$ wine --version wine-1.7.43-123-g90ed96a
Regards
https://bugs.winehq.org/show_bug.cgi?id=38639
highflux7@hushmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |UNCONFIRMED Resolution|WORKSFORME |---
--- Comment #2 from highflux7@hushmail.com --- upgraded Wine to latest Ubuntu found https://www.winehq.org/download/ubuntu which seems to be: (not as claimed 1.7.42 for some reason)
$ wine --version wine-1.7.38
CDex still crashing with the "program has encountered a serious problem and needs to close" dialog box with option for backtrace dump.
The version of CDex identical to one you have working: $ sha1sum CDex-1.78-win32.exe 2d7b530ec5fd4eb99a8f1e2b24e90e0a31479c99 CDex-1.78-win32.exe
Was working fine under old wine (whatever was stock ubuntu 12.04) on same hardware, etc. with CDex-1.77 (& yup, have tried 1.77-- with same results).
Any ideas welcome. Kind regards.
https://bugs.winehq.org/show_bug.cgi?id=38639
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com
--- Comment #3 from Béla Gyebrószki gyebro69@gmail.com --- Created attachment 51554 --> https://bugs.winehq.org/attachment.cgi?id=51554 terminal output (wine-1.7.43-142-g98b991f)
I can reproduce the crash when opening the Options menu (press <F4>) and clicking <OK>. The crash happens for me with Wine 1.4/1.6 as well.
wine-1.7.43-142-g98b991f Fedora 21 x86
CDex-1.78-win32.exe 2d7b530ec5fd4eb99a8f1e2b24e90e0a31479c99
https://bugs.winehq.org/show_bug.cgi?id=38639
--- Comment #4 from Béla Gyebrószki gyebro69@gmail.com --- Looks like the crash happens in the options menu when I start the application without a cd/dvd inserted. After inserting and mounting a cd/dvd disk, the crash is gone.
https://bugs.winehq.org/show_bug.cgi?id=38639
--- Comment #5 from highflux7@hushmail.com --- (In reply to Béla Gyebrószki from comment #4)
Looks like the crash happens in the options menu when I start the application without a cd/dvd inserted. After inserting and mounting a cd/dvd disk, the crash is gone.
As above, mine crashes in the Options <F4> menu at pressing <OK>.
With a CD already in the drive, the application crashes shortly after startup without any user input. (perhaps trying to query remote cddb?)
https://bugs.winehq.org/show_bug.cgi?id=38639
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Summary|CDex v1.78 crashes on |CDex v1.78 crashes when |startup |leaving 'options' menu with | |'ok' without media inserted Ever confirmed|0 |1
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello folks,
the information how to exactly reproduce the crash should have been present in first place.
The crash without CD in options menu is likely due to broken app code.
The app issues SCSI_READ_TOC via ASPI layer and ignores any returned SCSI target status (error) under assumption of a previous condition being valid.
To avoid reading the TOC on non-present media, the app issues 'TEST UNIT READY' SCSI command which returns an error as positive value (byte).
ha_stat=0 target_stat=2 sense flags 0x2,0x3A,0x02 ASPI command status 0x4
It looks like the app tries to re-interpret (cast?) the return value as boolean which causes success ("ready" = "media inserted"?) evaluation even in error cases (positive values).
Back to TOC read ... since the SCSI reply buffer was still filled with partially valid data (except for number of tracks), the app calculates the wrong number of maximum tracks from that buffer data. This leads to an out-of-bounds access of some track data structures/records? which seem to be stored as array, causing the actual page fault. It looks like the app has some hard-coded limit of 100 (0x64) tracks.
The returned buffer contents of SCSI_READ_TOC without media inserted in my case:
--- snip --- $ ==> 0033D034 32058005 $+4 0033D038 0000005B $+8 0033D03C 6D696C53 Slim $+C 0033D040 65707974 type $+10 0033D044 20204442 BD $+14 0033D048 44202045 E D $+18 0033D04C 5445344C L4ET $+1C 0033D050 20202053 S $+20 0033D054 31424151 QAB1 $+24 0033D058 30313032 2010 $+28 0033D05C 2D34302D -04- $+2C 0033D060 31203930 09 1 $+30 0033D064 34353A34 4:54 $+34 0033D068 20202020 $+38 0033D06C 00000000 .... $+3C 0033D070 00000000 .... $+40 0033D074 00000000 .... ... --- snip ---
tracks = ((sg_buffer[0] << 8) + sg_buffer[1] - 2) / 8
buf[0] = 0x05 << 8 = 0x500 buf[1] = 0x80 - 2 = 0x7E -> 0x57E >> 3 (/8) = 0xAF
One solution could be to sanitize/zero out the app provided reply buffer upon failure but I tend to say not to touch the buffer contents as returned from the device in any case.
For the second crash with media inserted I don't feel inclined to track that one down now as long as I can't reproduce it.
Also it's one problem per bug report.
Regards
https://bugs.winehq.org/show_bug.cgi?id=38639
--- Comment #7 from highflux7@hushmail.com --- Thank you for much effort tracking this bug. Any idea why wine 1.4 had no problem with same ap?
Additionally tried installing [much] older version (CDex v1.51) with same results. Unfortunate.
Thanks again.
https://bugs.winehq.org/show_bug.cgi?id=38639
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
--- quote --- Any idea why wine 1.4 had no problem with same app? --- quote ---
It might not be userspace (Wine) but running an older Linux kernel at that time. The Wine component in question didn't receive any changes for years that might be relevant here.
https://source.winehq.org/git/wine.git/history/HEAD:/dlls/wnaspi32
You could do a regression test: Wine 1.4 (good) - Wine 1.6.2 (bad)
http://wiki.winehq.org/RegressionTesting
You might encounter build breakages with old Wine versions that need to be worked around on newer distros.
If you don't feel confident for this maybe Béla could help (on current distro and using old Ubuntu 12.04 if doable).
Regards
https://bugs.winehq.org/show_bug.cgi?id=38639
--- Comment #9 from highflux7@hushmail.com --- Thanks. You guys are geniuses!
-
wine-bugs@winehq.org