https://bugs.winehq.org/show_bug.cgi?id=57306
Bug ID: 57306 Summary: Commit 5924ab4c515 breaks Nikon NX studio due to memory corruption Product: Wine Version: 9.19 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: christoph.bartoschek@gmail.com Distribution: ---
Nikion NX Studio is crashing with errors like the following one since commit 5924ab4c515:
0024:fixme:uxtheme:BufferedPaintInit Stub () double free or corruption (out) 0024:err:seh:call_seh_handlers invalid frame 00007FFFFE0FECD0 (0000000000022000-0000000000120000) 0024:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception.
By adding enough debug logs I see that:
- In function dibdrv_RoundRect from dlls/win32u/dibdrv/graphics.c max_points becomes 30. - Then top_points is allocated at size 15. - The first call to get_arc_points returns 4: count = get_arc_points( dc, AD_CLOCKWISE, &rect, start, end, top_points ); - The second call time it is called with top_points + counter which is &top_points[4]. - Inside get_arc_points count becomes 8: count = generate_ellipse_top_half( dc, width, height, points ); - Then the loop to calculate points starts with pos = count and it has 4 iterations. - The last write is to points[8+3] = points[11] = top_points[11 + 4] = top_points[15]. - top_points[15] is beyond the allocated array and it corrupts memory metadata.
https://bugs.winehq.org/show_bug.cgi?id=57306
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Regression SHA1| |5924ab4c5155d97f4b23a33e972 | |58c1ec382ea02 CC| |z.figura12@gmail.com Keywords| |regression
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de Summary|Commit 5924ab4c515 breaks |Multiple programs crash due |Nikon NX studio due to |to memory corruption since |memory corruption |5924ab4c515 (Nikon NX | |studio, Profit, Falcosoft's | |Soundfont Midi Player, | |IBExpert) Ever confirmed|0 |1 Status|UNCONFIRMED |NEW
--- Comment #1 from Fabian Maurer dark.shadow4@web.de --- Confirming and collecting duplicates.
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |danielbermond@yahoo.com
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57307 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |1293660441@qq.com
--- Comment #3 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57298 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |msmucr@gmail.com
--- Comment #4 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57299 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=57296
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #5 from Fabian Maurer dark.shadow4@web.de --- Same regression in bug 57296, but no crash there.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #6 from Jactry Zeng jactry92@gmail.com --- Bug 57301 probably is another duplication.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #7 from sondre.husevold@tietoevry.com --- Created attachment 77266 --> https://bugs.winehq.org/attachment.cgi?id=77266 dib trace of proprietary application for 5924ab4c515 regression
Partial application log (dib trace)
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #8 from sondre.husevold@tietoevry.com --- Comment on attachment 77266 --> https://bugs.winehq.org/attachment.cgi?id=77266 dib trace of proprietary application for 5924ab4c515 regression
Our proprietary application also crashes due to this commit (5924ab4c515). By opening any internal "browse" MDI window the application will promptly crash due to an assert in win32u/dibdrv/objects.c:812 in the function solid_pen_lines.
Reverting the commit 5924ab4c515 on the latest HEAD will resolve the issue and make the application work properly again.
If this is not related to this issue, I can make another bug report. Or if you need a more detailed log I can flesh out the details.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #9 from sondre.husevold@tietoevry.com --- Comment on attachment 77266 --> https://bugs.winehq.org/attachment.cgi?id=77266 dib trace of proprietary application for 5924ab4c515 regression
Our proprietary application also crashes due to this commit (5924ab4c515). By opening any internal "browse" MDI window the application will promptly crash due to an assert in win32u/dibdrv/objects.c:812 in the function solid_pen_lines.
Reverting the commit 5924ab4c515 on the latest HEAD will resolve the issue and make the application work properly again.
If this is not related to this issue, I can make another bug report. Or if you need a more detailed log I can flesh out the details.
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |andreas.franz@arcor.de
--- Comment #10 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57301 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #11 from Rafał Mużyło galtgendo@o2.pl --- Given what was said in OP, perhaps sufficient solution would be something like from:
top_points = malloc( max_points / 2 * sizeof(*points) );
to:
top_points = malloc( (max_points + 1) / 2 * sizeof(*points) );
What do you think ?
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #12 from Rafał Mużyło galtgendo@o2.pl --- The way I see it, generate_ellipse_top_half is just badly commented - it seem to make some implicit assumptions about its inputs, but doesn't seem to state those assumptions anywhere.
The algorithm is likely correct is all but 'points[pos++] = pt;' line, that is it never states what size it expects that array to be - well, the original algorithm likely just drawn a point at that point, instead of storing it.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #13 from Zeb Figura z.figura12@gmail.com --- Thanks for the feedback, Rafał. What exactly would you do differently?
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #14 from Rafał Mużyło galtgendo@o2.pl --- (In reply to Zeb Figura from comment #13)
Thanks for the feedback, Rafał. What exactly would you do differently?
Gee, I don't know, pass the size of that array ?
Do we really need to have a sarcasm spar ?
Or did I perhaps miss a commit where you did explicitly state the assumptions the code makes, given that as the original algorithm was made for drawing, not storing, so doesn't have any inherent limits on how many points it would be able to handle ?
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |asciioct146125103153g00gle@ | |gmail.com
--- Comment #15 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57317 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #16 from Zeb Figura z.figura12@gmail.com --- Well, Rafał, I think if you read the surrounding code, it becomes clear that the "max_points" variable, returned by a function called "get_arc_max_points", is supposed to hold the maximum possible number of points returned from get_arc_points().
I think if you're familiar with code idioms, you might understand that this kind of pattern is not uncommon, and it's typically used when you want to avoid allocating more than once (an expensive action) and performing an expensive calculation more than once.
I think if you read the regression commit, you might notice that the code used this pattern already.
Is the pattern fragile? Probably. Is it to blame for the regression in this case? I would say so. Did I consider this possibility when writing it? Why, yes, I did, and I decided to leave the code as-is, because I'm not about to change more than I absolutely need to.
But yet another wildly uninformed, wildly incorrect diagnosis, that demonstrates little to no understanding of the code in question, given with a know-it-all attitude, really irks me. I must nevertheless apologize for letting it get to me.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #17 from Rafał Mużyło galtgendo@o2.pl --- If 'it becomes clear' could you explain the existence of mr6662 ? Cause it seems even more frequent contributors got confused by this code...
And frankly, you've just wrote the code, how certain are you you'll still understand it in 4-5 years ? That's my point on why an additional comment would be welcome.
https://bugs.winehq.org/show_bug.cgi?id=57306
DarkOK dark@darkok.xyz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark@darkok.xyz
--- Comment #18 from DarkOK dark@darkok.xyz --- I'm also experiencing this issue with Viena, where I get the following assertion after clicking the sidebar to select samples, instruments or presets:
wine-9.19/dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Assertion `num >= 2' failed.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #19 from Zeb Figura z.figura12@gmail.com --- (In reply to Rafał Mużyło from comment #17)
If 'it becomes clear' could you explain the existence of mr6662 ? Cause it seems even more frequent contributors got confused by this code...
If you read the merge request, you'll note that what's confusing Aida is clearly not the fact that the overallocation pattern is used. She's guessing at the way in which get_arc_max_points() is not returning a high enough value.
And frankly, you've just wrote the code, how certain are you you'll still understand it in 4-5 years ? That's my point on why an additional comment would be welcome.
Pretty certain, given that I understood the pattern when I first approached it to make this change.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #20 from Rafał Mużyło galtgendo@o2.pl --- ...are you aware of that that little thing called 'bus factor' ? You know, that thing that metaphorically happen at least once in wine history. Or if you were to quit the project for whatever the reason.
But you do you, whatevs...
https://bugs.winehq.org/show_bug.cgi?id=57306
Vijay Kamuju infyquest@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |infyquest@gmail.com
--- Comment #21 from Vijay Kamuju infyquest@gmail.com --- Can we close this as fix is committed - https://gitlab.winehq.org/wine/wine/-/commit/f4b46cef3fa7db1dbca332049d4b14b...
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #22 from Fabian Maurer dark.shadow4@web.de --- Even with latest git I can reproduce a crash with HeidiSQL 7.0:
https://web.archive.org/web/20130612145220/http://heidisql.googlecode.com/fi...
Just run the heidisql.exe, and click the "New" button.
Reverting 5924ab4c5155d97f4b23a33e97258c1ec382ea02 fixes the issue, so this is not yet fully fixed.
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wpha@aol.com
--- Comment #23 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57352 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #24 from Fabian Maurer dark.shadow4@web.de --- Also still affects mspaint from WinXP, see bug 57306.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #25 from Fabian Maurer dark.shadow4@web.de --- I mean, bug 57352.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #26 from Michal Smucr msmucr@gmail.com --- (In reply to Fabian Maurer from comment #22)
Even with latest git I can reproduce a crash with HeidiSQL 7.0:
I can confirm the exact same behavior also with the last stable version of HeidiSQL 12.8.
https://bugs.winehq.org/show_bug.cgi?id=57306
Jérôme Groven jerome.groven@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jerome.groven@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #27 from Christoph Bartoschek christoph.bartoschek@gmail.com --- HeidSQL calls the function
BOOL dibdrv_RoundRect( PHYSDEV dev, INT left, INT top, INT right, INT bottom, INT ellipse_width, INT ellipse_height )
with ellipse_width == 0 and ellipse_height == 0, resulting in max_points == 0. Then in get_arc_poitns the empty top_points array is written to.
I guess, either the function has to return early in such a case or one needs to check why the ellipse_width and ellipse_height are both 0 and fix the calling location.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #28 from Zeb Figura z.figura12@gmail.com --- (In reply to Christoph Bartoschek from comment #27)
HeidSQL calls the function
BOOL dibdrv_RoundRect( PHYSDEV dev, INT left, INT top, INT right, INT bottom, INT ellipse_width, INT ellipse_height )
with ellipse_width == 0 and ellipse_height == 0, resulting in max_points == 0. Then in get_arc_poitns the empty top_points array is written to.
I guess, either the function has to return early in such a case or one needs to check why the ellipse_width and ellipse_height are both 0 and fix the calling location.
We should probably restore the forward to Rectangle() in this case. Previously it was applied when the width/height was <= 2, but this is incorrect if there is scaling. But forwarding for 0 is still correct.
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |francisco278herrera@gmail.c | |om
--- Comment #29 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57350 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jpleonard12@gmail.com
--- Comment #30 from Zeb Figura z.figura12@gmail.com --- *** Bug 57316 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
aug augusto7744@aol.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |augusto7744@aol.com
--- Comment #31 from aug augusto7744@aol.com --- Happen exactly that same bug when starting Visual Pinball X and Visual PinMAME settings menu too. I have created an bug report about it with screenshot. https://bugs.winehq.org/show_bug.cgi?id=57379#c0
Thanks very much WINE developers for making WINE.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #32 from Zeb Figura z.figura12@gmail.com --- *** Bug 57379 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #33 from aug augusto7744@aol.com --- Please what is the WINE version was done commit 5924ab4c515 ?
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #34 from F H francisco278herrera@gmail.com --- As of the latest git commit the issue seems to be fixed for notepad++.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #35 from aug augusto7744@aol.com --- WINE 9.21 has fixed thet bug below ? Anyone has tested it ?
0024:fixme:system:SetDisplayAutoRotationPreferences (1): stub dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Assertion `num >= 2' failed. 0024:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception.
https://bugs.winehq.org/show_bug.cgi?id=57306
fhb33435b@postedmail.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fhb33435b@postedmail.net
--- Comment #36 from fhb33435b@postedmail.net --- Pradis6.exe still crashes on 9.21:
0244:err:ole:marshal_object Failed to create an IRpcStubBuffer from IPSFactory for {df0b3d60-548f-101b-8e65-08002b2bd119} with error 0x80004002 OND~5A4\Pradis\pradis6.exe: dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Assertion `num >= 2' failed. 0228:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #37 from aug augusto7744@aol.com --- @fhb33435b@postedmail.net
Thanks very for replying ! I have go back to 9.28 and not more errors crashing and menu settings buttons with wrong graphics. In WINE 9.21 changelog not has any fixes for that bug. About that commit has details about done more code to run "correctly" so that commit not was reverted and not was done test.
Return to 9.18.
https://bugs.winehq.org/show_bug.cgi?id=57306
Dimitrios temp2417@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |temp2417@gmail.com
--- Comment #38 from Dimitrios temp2417@gmail.com --- Also affects "Paintshop Pro 7", since Wine version 9.18
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #39 from Dimitrios temp2417@gmail.com --- Created attachment 77467 --> https://bugs.winehq.org/attachment.cgi?id=77467 Terminal output
Paintshop Pro 7, can attach debug trace if needed.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #40 from fhb33435b@postedmail.net --- Pradis6.exe still crashes on initiation on WINE 9.22 but without the error messages about solid pen lines or frame not in stack limits. Something seems to have been fixed, but a problem remains which prevents the program from running:
01b4:err:ole:marshal_object Failed to create an IRpcStubBuffer from IPSFactory for {df0b3d60-548f-101b-8e65-08002b2bd119} with error 0x80004002 017c:err:ole:CoReleaseMarshalData StdMarshal ReleaseMarshalData failed with error 0x8001011d 01a0:err:ole:CoReleaseMarshalData StdMarshal ReleaseMarshalData failed with error 0x8001011d
https://bugs.winehq.org/show_bug.cgi?id=57306
GDD71 gdd71@abv.bg changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gdd71@abv.bg
--- Comment #41 from GDD71 gdd71@abv.bg --- Multisim also still crashes on WINE 9.22
/.wine/drive_c/Program Files (x86)/National Instruments/Circuit Design Suite 14.3/multisim.exe: dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Пропадна проверката за истина - 'num >= 2'. 0024:err:seh:call_seh_handlers invalid frame 00000001000FF8A0 (0000000100102000-00000001001FFD20) 0024:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception.
I saw that Proteus and LTSpice are also affected from this bug. https://www.reddit.com/r/winehq/comments/1ggdeiu/comment/lv8tiwr/ https://bbs.archlinux.org/viewtopic.php?id=300388
This happens when reading a graph or running an oscilloscope. Other CAD software may also be affected...
I hope this gets fixed soon.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #42 from Dimitrios temp2417@gmail.com --- Paintshop Pro 7 is working now with Wine staging 9.22
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #43 from GDD71 gdd71@abv.bg --- I don't know if it's correct, (I have no experience writing code.)but I changed the file dlls/win32u/dibdrv/objects.c Line 812 assert( num >= 2 ); to be: assert( num >= 0 ); Then I compiled WINE 9.22 with this change and Multisim works again. No more error:.wine/drive_c/Program Files (x86)/National Instruments/Circuit Design Suite 14.3/multisim.exe: dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Пропадна проверката за истина - 'num >= 2'.
https://bugs.winehq.org/show_bug.cgi?id=57306
bugs-winehq@sl.vagnarelli.dev changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bugs-winehq@sl.vagnarelli.d | |ev
--- Comment #44 from bugs-winehq@sl.vagnarelli.dev --- On wine 9.18 Enterprise Architect works flawlessly. From wine 9.19 onwards the program crashes in some specific scenarios consistently (such as opening a certain type of diagram), making the program unusable. I also tried wine 9.22 but the bug is still present. I leave the last two lines of the crash log below.
../wine/dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Assertion `num >= 2' failed. 0024:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #45 from Fabian Maurer dark.shadow4@web.de --- (In reply to GDD71 from comment #43)
I don't know if it's correct, (I have no experience writing code.)but I changed the file dlls/win32u/dibdrv/objects.c Line 812 assert( num >= 2 ); to be: assert( num >= 0 );
I'm 99% sure it's wrong, there is still corruption, just unnoticed. For those who experience still crashes on wine-9.22, can you link a download (if possible) so we can test this?
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #46 from GDD71 gdd71@abv.bg --- Unfortunately, Multisim is difficult to install... winetrics, jet40, gdi+ net ftamework, vcrun, instalations problem and more. And there is no download link. But I was able to reproduce the same crash with MSPaint (XP). Download link For test:
https://archive.org/details/MSPaintWinXP https://archive.org/download/MSPaintWinXP/mspaint%20WinXP%20English.zip
Open mspaint.exe with Latest WINE 9.22. Press the "Ellipse" button and draw/paint in the window.
Here is the output from the terminal: ---------------------------------------------------------------- wine '/home/gdd71/Плот/WinXP English/mspaint.exe' 002c:fixme:winediag:loader_init wine-staging 9.22 is a testing version containing experimental patches. 002c:fixme:winediag:loader_init Please mention your exact version when filing bug reports on winehq.org. 00e0:err:winebth:bluez_dbus_loop Error getting object list from BlueZ: 'org.freedesktop.DBus.Error.ServiceUnknown': 'The name org.bluez was not provided by any .service files' 0024:err:environ:init_peb starting L"D:\home\gdd71\\041f\043b\043e\0442\WinXP English\mspaint.exe" in experimental wow64 mode 0140:fixme:ole:CoInitializeSecurity 0000000000000000, -1, 0000000000000000, 0000000000000000, 1, 3, 0000000000000000, 0, 0000000000000000 stub 0154:fixme:wia:wiadevmgr_QueryInterface interface {00000003-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:wiadevmgr_QueryInterface interface {00000003-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:wiadevmgr_QueryInterface interface {00000019-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:enumwiadevinfo_QueryInterface interface {00000003-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:enumwiadevinfo_QueryInterface interface {00000003-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:enumwiadevinfo_QueryInterface interface {00000019-0000-0000-c000-000000000046} not implemented 0154:fixme:wia:enumwiadevinfo_GetCount (0000000000DCB200, 0000000000DCB1A0): stub 016c:fixme:seh:WerSetFlags (2) stub 016c:fixme:heap:RtlSetHeapInformation HEAP_INFORMATION_CLASS 1 not implemented! 0188:err:environ:init_peb starting L"C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" in experimental wow64 mode 0188:fixme:ntdll:NtQuerySystemInformation info_class SYSTEM_PERFORMANCE_INFORMATION 0188:fixme:seh:WerSetFlags (2) stub 0188:fixme:heap:RtlSetHeapInformation HEAP_INFORMATION_CLASS 1 not implemented! 71/Плот/WinXP English/mspaint.exe: dlls/win32u/dibdrv/objects.c:812: solid_pen_lines: Пропадна проверката за истина - 'num >= 2'. 0024:err:seh:call_seh_handlers invalid frame 00000001000FF8F0 (0000000100102000-00000001001FFD20) 0024:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception. ---------------------------------------------------------------
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #47 from Fabian Maurer dark.shadow4@web.de --- Created attachment 77514 --> https://bugs.winehq.org/attachment.cgi?id=77514 Patch for mspaint
Attached patch should prevent crashes in mspaint. There might be more issues though.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #48 from GDD71 gdd71@abv.bg --- (In reply to Fabian Maurer from comment #47)
Created attachment 77514 [details] Patch for mspaint
I have now tested this patch, Multisim also works with it. No more crashes.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #49 from GDD71 gdd71@abv.bg --- Created attachment 77516 --> https://bugs.winehq.org/attachment.cgi?id=77516 pictures for comparison
I saw that now Multisim it's not drawing a circle in the elements, but a square Something's still not right..
I am attaching two pictures for comparison.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #50 from GDD71 gdd71@abv.bg --- Created attachment 77517 --> https://bugs.winehq.org/attachment.cgi?id=77517 Also affects the DipTrace program too, so it's global.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #51 from Fabian Maurer dark.shadow4@web.de ---
I saw that now Multisim it's not drawing a circle in the elements, but a square Something's still not right..
Can you open a separate bug for that? I don't think that's the same issue. A +gdi log would be good I think, or a way to reproduce it myself. I'd also like to have tests for that, but not sure how that would work.
Do we still got any crashes with my last patch?
https://bugs.winehq.org/show_bug.cgi?id=57306
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |antonytheodorakis@yahoo.com
--- Comment #52 from Fabian Maurer dark.shadow4@web.de --- *** Bug 57490 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #53 from GDD71 gdd71@abv.bg --- (In reply to Fabian Maurer from comment #51) ...Do we still got any crashes with my last patch?
I installed WINE 9.22 without the last patch. DipTrace, which is not affected by this bug, displays the components correctly and they are round, as they should be. Multisim, PaintXP etc.. crash. ..dlls/win32u/dibdrv/objects.c:812: solid_pen_lines... The last patch fixes the crashes. Multisim, PaintXP.. work, but the effect appears with the circles being drawn incorrectly as squares, as I showed with the pictures. It is likely/logical that the effect is caused by it. You can use DipTrace for a test: https://diptrace.com/downloads/dipfree_en64.exe to test the last patch for the effect with the squares. When you start Pcb Layout (Pcb.exe) when selecting housings, the circles are displayed incorrectly at the bottom left., and this happens after applying the last patch, it's ok without it.
- if (!ellipse_width || !ellipse_height) + if (ellipse_width < 2 || !ellipse_height) - last patch What would happen if we did:
if (ellipse_width < 2 || ellipse_height < 2)
to be symmetrical/equal in height and width? Do you think it will work like this? I can test such an option for an experiment.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #54 from GDD71 gdd71@abv.bg --- if (ellipse_width < 2 || ellipse_height < 2) not work. fixes drawing circles, but reverts back erorr ..dlls/win32u/dibdrv/objects.c:812: solid_pen_lines... For now, VINE 9.18 remains my favorite.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #55 from Fabian Maurer dark.shadow4@web.de ---
What would happen if we did:
if (ellipse_width < 2 || ellipse_height < 2)
to be symmetrical/equal in height and width? Do you think it will work like this? I can test such an option for an experiment.
It shouldn't behave like that, it looks like a rectangle in my tests.
if (ellipse_width < 2 || ellipse_height < 2) not work. fixes drawing circles, but reverts back erorr ..dlls/win32u/dibdrv/objects.c:812: solid_pen_lines...
I don't get an error with that, but it's not correct. Can you tell me where exactly the error is reproduced? I'm not familiar with DipTrace.
I guess it should be
if (abs(ellipse_width) < 2 || !ellipse_height)
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #56 from GDD71 gdd71@abv.bg --- Created attachment 77523 --> https://bugs.winehq.org/attachment.cgi?id=77523 DipTrace wine test
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #57 from GDD71 gdd71@abv.bg --- ------------------------------------------------ New test: latest Wine + This patch:
if (abs(ellipse_width) < 2 || !ellipse_height)
It doesn't work for me. DipTrace - OK PaintXP - Not crash, but it draws choppy/but draws in a fragmented manner + window resizing problems Multisim - Crash with ...objects.c:812: solid_pen_lines: .... ------------------------------------------------ WINE 9.22 - 3c50afd2 GPU - NVIDIA GeForce RTX 2080 SUPER OS - EndeavourOS - Arch Linux DE - GNOME 47.1 on x11 ---------------------------------------------- WINE 9.22 - Overall- Decreased speed/performance vs WINE 9.18 ----------------------------------------------
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #58 from Fabian Maurer dark.shadow4@web.de --- (In reply to GDD71 from comment #56)
Created attachment 77523 [details] DipTrace wine test
It seems like the bottom left is always drawn with gdi, so there's that.
I can't reproduce the squares you see with my path, are you sure you applied the patch correctly?
(In reply to GDD71 from comment #57)
New test: latest Wine + This patch:
if (abs(ellipse_width) < 2 || !ellipse_height)
It doesn't work for me. PaintXP - Not crash, but it draws choppy/but draws in a fragmented manner + window resizing problems Multisim - Crash with ...objects.c:812: solid_pen_lines: .... WINE 9.22 - Overall- Decreased speed/performance vs WINE 9.18
That's a lot of things that should not be related to that patch.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #59 from GDD71 gdd71@abv.bg --- Yes, I provided a little more info. in general - it fixes PaintXP but not fixes the basic error ..objects.c:812: solid_pen_lines:.. wholly Multisim - still Crash.
I can't reproduce the squares you see with my path
With this option "if (ellipse_width < 2 || !ellipse_height)" right?
..are you sure you applied the patch correctly?
I think so, but that was 3 days ago, and since then there have been changes in the source code. OK, I'll try again, this option: if (ellipse_width < 2 || !ellipse_height) if something happened then or influenced now, let's see if there will be a difference.
https://bugs.winehq.org/show_bug.cgi?id=57306
Dimitrios temp2417@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|temp2417@gmail.com |
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #60 from GDD71 gdd71@abv.bg --- ---------------------------------------------- New test: latest WINE 9.22 - b0a34b39 + This patch: if (ellipse_width < 2 || !ellipse_height) DipTrace - OK no squares PaintXP - Not crash, but it draws choppy Multisim - Crash with ...objects.c:812: solid_pen_lines: .... ---------------------------------------------- No idea why this happens...?
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #61 from Fabian Maurer dark.shadow4@web.de ---
if (ellipse_width < 2 || !ellipse_height) DipTrace - OK no squares
So it works now? Because you reported back it having squares last time.
PaintXP - Not crash, but it draws choppy
Caused by this patch or happens anyways? Should happen always.
Multisim - Crash with ...objects.c:812: solid_pen_lines: ....
Caused by this patch or happens anyways? Should happen always. Would need to reproduce or have logs to fix.
I created a branch to test: https://gitlab.winehq.org/DarkShadow44/wine/-/tree/win32u_dib
If you still have crashes with that branch, please provide a +dib log and I can take a look.
https://bugs.winehq.org/show_bug.cgi?id=57306
--- Comment #62 from GDD71 gdd71@abv.bg --- Created attachment 77530 --> https://bugs.winehq.org/attachment.cgi?id=77530 multisim-winedbg-terminalout
I downlod source code wine-9.22-add0b65a "git clone -b win32u_dib https://gitlab.winehq.org/DarkShadow44/wine....." I compiled and installed.. The result is exactly the same as the last test. Multisim - Crash with ...objects.c:812: solid_pen_lines: .... I am attaching you winedbg log file. What is it "+dib log" ? I couldn't find any information about what it is.