http://bugs.winehq.org/show_bug.cgi?id=36733
Bug ID: 36733 Summary: CodeBlocks fails on exit Product: Wine Version: 1.6.2 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: k1-801@mail.ru
Created attachment 48783 --> http://bugs.winehq.org/attachment.cgi?id=48783 Dump file
CodeBlocks IDE fails when exiting, without saving any configs.
https://bugs.winehq.org/show_bug.cgi?id=36733
--- Comment #1 from Austin English austinenglish@gmail.com ---
00000025 (D) F:\Program Files\CodeBlocks\codeblocks.exe
Why is it mounted as F: drive?
Also, please retest in 1.7.20.
https://bugs.winehq.org/show_bug.cgi?id=36733
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Status|UNCONFIRMED |NEW URL| |http://sourceforge.net/proj | |ects/codeblocks/files/Binar | |ies/13.12/Windows/codeblock | |s-13.12-setup.exe CC| |focht@gmx.net Summary|CodeBlocks fails on exit |CodeBlocks 13.12 crashes on | |exit (broken app plugin) Ever confirmed|0 |1
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The crash is in 'FileManager' plugin, on directory watcher thread teardown.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/CodeBlocks
$ WINEDEBUG=+tid,+seh,+relay,+msvcrt wine ./codeblocks.exe >>log.txt 2>&1 ... 0023:Call msvcrt._beginthreadex(00000000,00000000,6ccba6a4,05563b10,00000004,05563b90) ret=6ccb89b6 0023:trace:msvcrt:_beginthreadex ((nil), 0, 0x6ccba6a4, 0x5563b10, 4, 0x5563b90) 0023:Call KERNEL32.CreateThread(00000000,00000000,6ccba6a4,05563b10,00000004,05563b90) ret=7e9742af 0023:Ret KERNEL32.CreateThread() retval=00000434 ret=7e9742af 0023:Ret msvcrt._beginthreadex() retval=00000434 ret=6ccb89b6 ... 002a:Call KERNEL32.CreateFileW(0559ad04 L"C:\",00000001,00000007,00000000,00000003,42000000,00000000) ret=63081cb2 ... 002a:Ret KERNEL32.CreateFileW() retval=00000460 ret=63081cb2 ... 002a:Call KERNEL32.ReadDirectoryChangesW(00000460,05a54220,00001000,00000000,0000017f,00000000,05584b40,630bf50c) ret=63081afd ... 002a:Ret KERNEL32.ReadDirectoryChangesW() retval=00000001 ret=63081afd ... 0023:Call KERNEL32.SetEvent(000003ac) ret=630c03ed 0023:Ret KERNEL32.SetEvent() retval=00000001 ret=630c03ed ... 002a:Call KERNEL32.WaitForMultipleObjectsEx(00000002,05563b34,00000000,ffffffff,00000001) ret=630bfc0a 002a:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=630bfc0a 002a:Call KERNEL32.GetLastError() ret=630b45e0 002a:Ret KERNEL32.GetLastError() retval=00000000 ret=630b45e0 002a:Call KERNEL32.CancelIo(00000460) ret=63081941 002a:Call KERNEL32.GetLastError() ret=630b45e0 002a:Ret KERNEL32.GetLastError() retval=00000000 ret=630b45e0 002a:Call KERNEL32.GetLastError() ret=630b45e0 002a:Ret KERNEL32.GetLastError() retval=00000000 ret=630b45e0 002a:Call KERNEL32.CloseHandle(00000460) ret=63081b63 002a:Ret KERNEL32.CloseHandle() retval=00000001 ret=63081b63 002a:Call msvcrt.free(05a54220) ret=63081b77 002a:Call ntdll.RtlFreeHeap(00240000,00000000,05a54220) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e94553d 002a:Ret msvcrt.free() retval=00000001 ret=63081b77 002a:Call msvcrt.free(05a53c88) ret=63081b99 002a:Call ntdll.RtlFreeHeap(00240000,00000000,05a53c88) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e94553d 002a:Ret msvcrt.free() retval=00000001 ret=63081b99 002a:Call msvcrt.free(05584b40) ret=630bf76b 002a:Call ntdll.RtlFreeHeap(00240000,00000000,05584b40) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e94553d 002a:Ret msvcrt.free() retval=00000001 ret=630bf76b 002a:Call msvcrt.free(0559acf8) ret=631064ff 002a:Call ntdll.RtlFreeHeap(00240000,00000000,0559acf8) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e94553d 002a:Ret msvcrt.free() retval=00000001 ret=631064ff 002a:Call msvcrt.free(05a53cf0) ret=6310650b 002a:Call ntdll.RtlFreeHeap(00240000,00000000,05a53cf0) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e94553d 002a:Ret msvcrt.free() retval=00000001 ret=6310650b 002a:Ret KERNEL32.CancelIo() retval=00000001 ret=63081941 002a:Call KERNEL32.GetLastError() ret=630b45e0 002a:Ret KERNEL32.GetLastError() retval=00000000 ret=630b45e0 002a:Call KERNEL32.CloseHandle(0559ad04) ret=63081b63 002a:Ret KERNEL32.CloseHandle() retval=00000000 ret=63081b63 002a:Call msvcrt.free(05a53ce8) ret=63081b77 002a:Call ntdll.RtlFreeHeap(00240000,00000000,05a53ce8) ret=7e94553d 002a:Ret ntdll.RtlFreeHeap() retval=00000000 ret=7e94553d 002a:Ret msvcrt.free() retval=00000000 ret=63081b77 002a:trace:seh:raise_exception code=c0000005 flags=0 addr=0x63081b7e ip=63081b7e tid=002a 002a:trace:seh:raise_exception info[0]=00000000 002a:trace:seh:raise_exception info[1]=fffffff4 002a:trace:seh:raise_exception eax=00000000 ebx=05563b10 ecx=0832e860 edx=05a53ce8 esi=0832fb40 edi=003d0f00 002a:trace:seh:raise_exception ebp=0832ea68 esp=0832e880 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210206 002a:trace:seh:call_stack_handlers calling handler at 0x7bc9ecf7 code=c0000005 flags=0 ... wine: Unhandled page fault on read access to 0xfffffff4 at address 0x63081b7e (thread 002a), starting debugger... 002a:trace:seh:start_debugger Starting debugger "winedbg --auto 34 16" 002a:Ret KERNEL32.UnhandledExceptionFilter() retval=00000000 ret=7bc9ed31 002a:trace:seh:call_stack_handlers handler at 0x7bc9ecf7 returned 1 Unhandled exception: page fault on read access to 0xfffffff4 in 32-bit code (0x63081b7e). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:63081b7e ESP:0832e880 EBP:0832ea68 EFLAGS:00210206( R- -- I - -P- ) EAX:00000000 EBX:05563b10 ECX:0832e860 EDX:05a53ce8 ESI:0832fb40 EDI:003d0f00 ... Backtrace: =>0 0x63081b7e in filemanager (+0x1b7e) (0x0832ea68) 1 0x7bc86851 call_thread_func+0x3e(entry=0x6ccba6a4, arg=0x5563b10, frame=0x832eb68) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2630] in ntdll (0x0832eb48) 2 0x7bc867e6 call_thread_entry_point+0x11() in ntdll (0x0832eb68) 3 0x7bc8dc31 start_thread+0x11a(info=0x7ffbcfb8) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/thread.c:428] in ntdll (0x0832f3a8) 4 0xf754c9da start_thread+0xc9() in libpthread.so.0 (0x0832f468) 5 0xf747ebfe __clone+0x5d() in libc.so.6 (0x00000000) ... 0x63081b7e: movl 0xfffffff4(%eax),%edx Modules: Module Address Debug info Name (175 modules) PE 400000- 5a2000 Deferred codeblocks PE 15f0000- 160e000 Deferred cccc PE 1620000- 1647000 Deferred editorconfig PE 27f0000- 286c000 Deferred headerfixup PE 2870000- 28fd000 Deferred lib_finder PE 2900000- 29fb000 Deferred wxflatnotebook PE 2a00000- 2a2a000 Deferred occurrenceshighlighting PE 2a30000- 2a7b000 Deferred toolsplus PE 2a80000- 2aa8000 Deferred reopeneditor PE 2ab0000- 2b61000 Deferred spellchecker PE 37e0000- 38fe000 Deferred wxsmithcontribitems PE 3900000- 39e8000 Deferred wxkwic PE 39f0000- 3a92000 Deferred wxtreelist ELF 4eb20000-4eb3d000 Deferred libgcc_s.so.1 PE 61500000-6151d000 Deferred smartindentlua PE 617c0000-61d19000 Deferred codeblocks PE 61d40000-61d5e000 Deferred smartindentxml PE 62300000-6231d000 Deferred xpmanifest PE 62840000-6285d000 Deferred copystrings PE 62980000-629cd000 Deferred keybinder PE 62e00000-62edb000 Deferred hexeditor PE 63080000-63139000 Export filemanager ... Threads: process tid prio (all id:s are in hex) ... 00000022 (D) C:\Program Files\CodeBlocks\codeblocks.exe 0000002b 0 0000002a 0 <== 00000028 0 00000027 0 00000026 0 00000025 0 00000024 0 00000023 0 --- snip ---
The source code is available: http://sourceforge.net/projects/codeblocks/files/Sources/13.12/codeblocks_13...
The code quality is so-so (very politely spoken).
The directory watcher issues read request(s) and puts the thread in alertable state by calling 'WaitForMultipleObjectsEx'. This is needed to allow completion routines to be delivered via APC.
On teardown, the outstanding read request is cancelled through 'CancelIo'. The completion routine gets called which frees up instance data and removes the watcher path/mon object from std::map.
--- snip --- Wine-dbg>bt
Backtrace: =>0 0x630bf50c in filemanager (+0x3f50c) (0x0832e498) 1 0x7bc41fef read_changes_user_apc+0x4d(arg=<couldn't compute location>, io=<couldn't compute location>, reserved=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/directory.c:3314] in ntdll (0x0832e4e8) 2 0x7bc7faa7 invoke_apc+0xda(call=0x832e674, result=0x832e64c) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/server.c:378] in ntdll (0x0832e5b8) 3 0x7bc806e7 server_select+0x1ac(select_op=(nil), size=0, flags=0x3, timeout=0x832e7d8) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/server.c:599] in ntdll (0x0832e6c8) 4 0x7bc89f20 NtDelayExecution+0x4e(alertable=1, timeout=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/sync.c:916] in ntdll (0x0832e728) 5 0x7bc4b855 NtCancelIoFile+0x127(hFile=<couldn't compute location>, io_status=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/file.c:3120] in ntdll (0x0832e808) 6 0x7b83e2c5 CancelIo+0x23(handle=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/file.c:672] in kernel32 (0x0832e848) 7 0x63081941 in filemanager (+0x1940) (0x0832ea68) 8 0x7bc86851 call_thread_func+0x3e(entry=0x6ccba6a4, arg=0x5563af8, frame=0x832eb68) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2630] in ntdll (0x0832eb48) 9 0x7bc867e6 call_thread_entry_point+0x11() in ntdll (0x0832eb68) 10 0x7bc8dc31 start_thread+0x11a(info=0x7ffbcfb8) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/thread.c:428] in ntdll (0x0832f3a8) 11 0xf755c9da start_thread+0xc9() in libpthread.so.0 (0x0832f468) ... --- snip ---
Upon return, a check for cancellation failure is done which removes/destroys the monitor data object.
--- snip --- for(MonMap::iterator it=m_monmap.begin();it!=m_monmap.end();++it) { it->second->ReadCancel(); if(it->second->m_fail) { delete it->second; m_monmap.erase(it); } } --- snip ---
Problem: the instance is no longer valid because the object destructor was called and the item was removed from std::map within the completion routine (APC).
Why does this broken code work in Windows? Well, could be a couple of reasons...
Maybe the completion routine (APC) wasn't called during 'CancelIO' hence the object is still alive in the std::map after return. It will get called during next WaitForMultipleObjectsEx/SleepEx() call (while loop).
Another reason could be differences in NT heap manager/msvcrt runtime which tends to hide use-after-free bugs (block management/metadata).
My personal preference would be 'INVALID'.
$ sha1sum codeblocks-13.12-setup.exe 2d908cbcea04408fe5869584e49097c288936b27 codeblocks-13.12-setup.exe
$ du -sh codeblocks-13.12-setup.exe 30M codeblocks-13.12-setup.exe
$ wine --version wine-1.7.20
Regards
https://bugs.winehq.org/show_bug.cgi?id=36733
hydro joshatthehelpdesk@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |joshatthehelpdesk@gmail.com
--- Comment #3 from hydro joshatthehelpdesk@gmail.com --- The newest Code::blocks version 16.01 (released January 2016) crashes on exit. The cause is likely related to the 13.12 version's issues.
Observed on: Xubuntu 16.04lts up-to-date as of Aug. 31, 2016 Wine 1.6.2
https://bugs.winehq.org/show_bug.cgi?id=36733
Rafał Mikrut mikrutrafal@protonmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mikrutrafal@protonmail.com
--- Comment #4 from Rafał Mikrut mikrutrafal@protonmail.com --- With 5.18 devel I can't reproduce any crash
https://bugs.winehq.org/show_bug.cgi?id=36733
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED
--- Comment #5 from Gijs Vermeulen gijsvrm@gmail.com --- Let's go with INVALID (in reference to Comment #2).
https://bugs.winehq.org/show_bug.cgi?id=36733
--- Comment #6 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=36733
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=36733
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://sourceforge.net/proj |https://web.archive.org/web |ects/codeblocks/files/Binar |/20210212164330if_/https:// |ies/13.12/Windows/codeblock |netcologne.dl.sourceforge.n |s-13.12-setup.exe |et/project/codeblocks/Binar | |ies/13.12/Windows/codeblock | |s-13.12-setup.exe
-
wine-bugs@winehq.org -
WineHQ Bugzilla