[Bug 48738] New: When running certain Batch files, my Wine cmd.exe reproducible crashes with "page fault on read access" or with "stack overflow in 32-bit code".
https://bugs.winehq.org/show_bug.cgi?id=48738
Bug ID: 48738 Summary: When running certain Batch files, my Wine cmd.exe reproducible crashes with "page fault on read access" or with "stack overflow in 32-bit code". Product: Wine Version: 5.3 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: cmd Assignee: wine-bugs@winehq.org Reporter: temp2004@freenet.de Distribution: ---
Created attachment 66628 --> https://bugs.winehq.org/attachment.cgi?id=66628 Two batch files and the crashdump
I think the problem is new since middle of last year, at least reproducible with Wine 5.2 and 5.3.
Find attached two small batch files: they should set some environment variables and look for some directories, but they don't reach their end. At real Windows (also when running at VirtualBox) they work properly instead.
Scenario: create a directory and store one.bat and two.bat into it. run: wineconsole one.bat If the problem occurs, Wine crashes immediately. ("wine: Unhandled page fault on read access to FFFFFFF0 at address F7D2D3AB (thread 01a8), starting debugger...")
The behavior depends very much on the content of the batch files: adding commands or changing the variable's names may prevent it from crashing or may shift the crash to a different line.
https://bugs.winehq.org/show_bug.cgi?id=48738
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xerox.xerox2000x@gmail.com Status|UNCONFIRMED |NEW Keywords| |download, regression, | |source Ever confirmed|0 |1 Component|cmd |-unknown
--- Comment #1 from Louis Lenders xerox.xerox2000x@gmail.com --- Confirming
Works fine in an old wine-4.0 (Staging) I have lying around here, so indeed a regression. Also visible when first doing "wine cmd", and then "one.bat"
@OP: Any chance you could do a regression test?
Note: + relay shows this below, but trying to use native ucrtbase seems not possible anymore as wineboot fails then/depends on it
0058:Ret ucrtbase.wcschr() retval=00000000 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000053) ret=0040155e 0009:Ret gdi32.SetBkColor() retval=00000000 ret=7e9ceb42 0058:Ret ucrtbase.wcschr() retval=00000000 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000054) ret=0040155e 0058:Ret ucrtbase.wcschr() retval=00000000 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000020) ret=0040155e 0058:Ret ucrtbase.wcschr() retval=004250d0 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000020) ret=00401519 0058:Ret ucrtbase.wcschr() retval=004250d0 ret=00401519 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000022) ret=00401519 0058:Ret ucrtbase.wcschr() retval=00000000 ret=00401519 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000022) ret=0040155e 0058:Ret ucrtbase.wcschr() retval=00000000 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000020) ret=0040155e 0058:Ret ucrtbase.wcschr() retval=004250d0 ret=0040155e 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000020) ret=00401519 0058:Ret ucrtbase.wcschr() retval=004250d0 ret=00401519 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000028) ret=00401519 0058:Ret ucrtbase.wcschr() retval=00000000 ret=00401519 0058:Call ucrtbase.wcschr(004250d0 L" \t,=;",00000028) ret=0040155e 0058:Ret ucrtbase.wcschr() retval=00000000 ret=0040155e 0058:Call ucrtbase.memcpy(0074a388,0082b268,ff7d4d98) ret=0041ca95 0058:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf7cadc50 ip=f7cadc50 tid=0058
https://bugs.winehq.org/show_bug.cgi?id=48738
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |cmd Regression SHA1| |f238e846e701d2039eceb51f2f6 | |e9d936f8c791c CC| |bernhardu@mailbox.org
--- Comment #2 from Louis Lenders xerox.xerox2000x@gmail.com --- (In reply to Louis Lenders from comment #1)
Confirming
Works fine in an old wine-4.0 (Staging) I have lying around here, so indeed a regression. Also visible when first doing "wine cmd", and then "one.bat"
@OP: Any chance you could do a regression test?
Had some cpu-cycles left so did it myself; Patch can still be reverted cleanly against current git
regards
f238e846e701d2039eceb51f2f6e9d936f8c791c is the first bad commit commit f238e846e701d2039eceb51f2f6e9d936f8c791c Author: Bernhard Übelacker bernhardu@mailbox.org Date: Tue Aug 20 17:04:58 2019 +0200
cmd.exe: Change parsing of the if command to avoid parsing the operators.
https://bugs.winehq.org/show_bug.cgi?id=48738
--- Comment #3 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 66666 --> https://bugs.winehq.org/attachment.cgi?id=66666 Attempt to fix regression in if condition parsing
https://bugs.winehq.org/show_bug.cgi?id=48738
--- Comment #4 from Bernhard Übelacker bernhardu@mailbox.org --- Sorry for introducing this issue. It looks like bug #47770 is the same issue. Maybe you could check if the attached patch fixes the issue for you?
https://bugs.winehq.org/show_bug.cgi?id=48738
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
https://bugs.winehq.org/show_bug.cgi?id=48738
--- Comment #5 from Louis Lenders xerox.xerox2000x@gmail.com --- (In reply to Bernhard Übelacker from comment #4)
Sorry for introducing this issue. It looks like bug #47770 is the same issue. Maybe you could check if the attached patch fixes the issue for you?
Hi Bernhard,
The attached patch fixes the issue/bug for me (so I guess also for the original reporter of this bug).
Thanks and regards
https://bugs.winehq.org/show_bug.cgi?id=48738
--- Comment #6 from Bernhard Übelacker bernhardu@mailbox.org --- Thanks for testing. I submitted the patch here: https://www.winehq.org/pipermail/wine-devel/2020-March/162158.html
https://bugs.winehq.org/show_bug.cgi?id=48738
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|When running certain Batch |cmd.exe crashes when |files, my Wine cmd.exe |running certain batch files |reproducible crashes with | |"page fault on read access" | |or with "stack overflow in | |32-bit code". |
https://bugs.winehq.org/show_bug.cgi?id=48738
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |b1e91a36a75fd8ae27a999248aa | |034e69227bc02 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #7 from Louis Lenders xerox.xerox2000x@gmail.com --- This works fine again after b1e91a36a75fd8ae27a999248aa034e69227bc02, no crash in current git
Thanks Bernhard!!
https://bugs.winehq.org/show_bug.cgi?id=48738
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.8.
https://bugs.winehq.org/show_bug.cgi?id=48738
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |5.0.x
https://bugs.winehq.org/show_bug.cgi?id=48738
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|5.0.x |---
--- Comment #9 from Michael Stefaniuc mstefani@winehq.org --- Removing the 5.0.x milestone from bug fixes included in 5.0.2.
-
WineHQ Bugzilla