[Bug 45535] New: Rekordbox 5.3.0 terminates with the message " Unexpected application error" (dwrite: dwritetextlayout_Draw out-of-bounds access on empty clustermetrics after failure to resolve layout fonts )
https://bugs.winehq.org/show_bug.cgi?id=45535
Bug ID: 45535 Summary: Rekordbox 5.3.0 terminates with the message "Unexpected application error" (dwrite:dwritetextlayout_Draw out-of-bounds access on empty clustermetrics after failure to resolve layout fonts) Product: Wine Version: 3.13 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: dwrite Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
Prerequisite:
* 'wine_get_version' export must be hidden (use Wine-Staging and 'Hide Wine version from applications' option in 'winecfg' or turn it into '-noname' ordinal export in vanilla Wine) -> bug 45514 (broken Wine awareness)
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Pioneer/rekordbox 5.3.0
$ file *.{exe,dll} edb_streamd.exe: PE32+ executable (console) x86-64, for MS Windows fixrevoke.exe: PE32 executable (console) Intel 80386, for MS Windows kill_daemon.exe: PE32+ executable (console) x86-64, for MS Windows LS-Unity-rekordbox-win-64bit.exe: PE32+ executable (GUI) x86-64, for MS Windows Pioneer_MIX_ASIO_Config.exe: PE32+ executable (GUI) x86-64, for MS Windows PSvLinkSysMgr.exe: PE32+ executable (GUI) x86-64, for MS Windows PSvNFSd.exe: PE32+ executable (GUI) x86-64, for MS Windows rbHttpServer.exe: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows rbinit.exe: PE32 executable (console) Intel 80386, for MS Windows rekordbox.exe: PE32+ executable (GUI) x86-64, for MS Windows Uninstall rekordbox.exe: PE32 executable (GUI) Intel 80386, for MS Windows Upmgr rekordbox.exe: PE32+ executable (GUI) x86-64, for MS Windows vcredist_x64.exe: PE32 executable (GUI) Intel 80386, for MS Windows vcredist_x86.exe: PE32 executable (GUI) Intel 80386, for MS Windows libmpg123.dll: PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows libpulse.dll: PE32+ executable (DLL) (GUI) x86-64, for MS Windows NFSDaemon.dll: PE32+ executable (DLL) (GUI) x86-64, for MS Windows PioneerControllerMIX.dll: PE32+ executable (DLL) (GUI) x86-64, for MS Windows sqlite3.dll: PE32+ executable (DLL) (GUI) x86-64, for MS Windows --- snip ---
--- snip --- $ WINEDEBUG=+seh,+relay,+dwrite wine ./rekordbox.exe >>log.txt 2>&1 ... 0039:trace:dwrite:localizedstrings_GetCount (0x8e8950) 0039:trace:dwrite:localizedstrings_GetString (0x8e8950)->(0 0x23eb30 255) 0039:Call ntdll.RtlFreeHeap(00010000,00000000,00000000) ret=7f3a64018d7c 0039:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f3a64018d7c 0039:warn:dwrite:layout_resolve_fonts [0,17): failed to map family L"Verdana", collection 0x863ff0, hr 0x80004005. 0039:trace:dwrite:dwritefontcollection_Release (0x863ff0)->(5) 0039:trace:dwrite:fontfallback_Release (0x4f70f60) 0039:trace:dwrite:shareddwritefactory_Release (0x7ddd20) 0039:warn:dwrite:layout_compute_runs Failed to resolve layout fonts, hr 0x80004005. 0039:trace:dwrite:layout_compute run [0,16], len 17, bidilevel 0 0039:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028) ret=140e2d7ef 0039:Ret ntdll.RtlAllocateHeap() retval=04f5d670 ret=140e2d7ef 0039:trace:dwrite:dwritetextlayout_Draw (0x20a0870)->(0x1bee370 0x4f5d670 0.00 0.00) 0039:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x7f3a64055bb3 ip=7f3a64055bb3 tid=0039 0039:trace:seh:NtRaiseException info[0]=0000000000000000 0039:trace:seh:NtRaiseException info[1]=00000008032c6e9e 0039:trace:seh:NtRaiseException rax=00000008032c6e98 rbx=0000000004f5d670 rcx=000000007bdc1405 rdx=00000000032c6ea0 0039:trace:seh:NtRaiseException rsi=0000000000000000 rdi=000000000023f200 rbp=000000000023f260 rsp=000000000023f1f0 0039:trace:seh:NtRaiseException r8=0000000000000000 r9=0000000000000001 r10=0000000000000002 r11=0000000000000000 0039:trace:seh:NtRaiseException r12=00000000ffffffff r13=0000000000000001 r14=0000000000000000 r15=0000000000000000 --- snip ---
App code:
--- snip --- ... 00000001412E250B | mov rcx, rdi 00000001412E250E | call rekordbox.1403D8840 00000001412E2513 | mov ecx, 28 00000001412E2518 | call rekordbox.140E2D580 00000001412E251D | mov rbx, rax 00000001412E2520 | mov qword ptr ss:[rsp+50], rax 00000001412E2525 | test rax, rax 00000001412E2528 | je rekordbox.1412E255D 00000001412E252A | lea rax, qword ptr ds:[143326938] 00000001412E2531 | mov qword ptr ds:[rbx], rax 00000001412E2534 | mov dword ptr ds:[rbx+8], 0 00000001412E253B | lea rax, qword ptr ds:[143326BC8] 00000001412E2542 | mov qword ptr ds:[rbx], rax 00000001412E2545 | mov qword ptr ds:[rbx+10], rbp 00000001412E2549 | mov qword ptr ds:[rbx+18], rsi 00000001412E254D | mov dword ptr ds:[rbx+20], FFFFFFFF 00000001412E2554 | mov dword ptr ds:[rbx+24], C61C4000 00000001412E255B | jmp rekordbox.1412E255F 00000001412E255D | xor ebx, ebx 00000001412E255F | mov qword ptr ss:[rsp+58], rbx 00000001412E2564 | test rbx, rbx 00000001412E2567 | je rekordbox.1412E2573 00000001412E2569 | mov rax, qword ptr ds:[rbx] 00000001412E256C | mov rcx, rbx 00000001412E256F | call qword ptr ds:[rax+8] 00000001412E2572 | nop 00000001412E2573 | mov rcx, qword ptr ss:[rsp+40] 00000001412E2578 | mov rax, qword ptr ds:[rcx] 00000001412E257B | xorps xmm3, xmm3 00000001412E257E | movss dword ptr ss:[rsp+20], xmm3 00000001412E2584 | mov r8, rbx 00000001412E2587 | mov rdx, rdi 00000001412E258A | call qword ptr ds:[rax+1D0] ; dwritetextlayout_Draw() 00000001412E2590 | nop 00000001412E2591 | test rbx, rbx 00000001412E2594 | je rekordbox.1412E259F 00000001412E2596 | mov rax, qword ptr ds:[rbx] 00000001412E2599 | mov rcx, rbx 00000001412E259C | call qword ptr ds:[rax+10] 00000001412E259F | mov eax, dword ptr ss:[rsp+80] 00000001412E25A6 | lea rcx, qword ptr ds:[rax+rax*2] ... --- snip ---
Debugger session:
--- snip --- Stopped on breakpoint 1 at 0x00007f41578e6208 dwritetextlayout_Draw [/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453] in dwrite dwritetextlayout_Draw () at /home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453 3453 {
Wine-dbg>bt Backtrace: =>0 0x00007f41578e6208 dwritetextlayout_Draw() [/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453] in dwrite (0x000000000023f7b0) 1 0x00000001412e2590 in rekordbox (+0x12e258f) (0x000000000023f7b0) 2 0x00000001412e2352 in rekordbox (+0x12e2351) (0x000000000023f870) 3 0x000000014133467a in rekordbox (+0x1334679) (0x000000000023f870)
Wine-dbg>info locals 0x00007f41578e6208 dwritetextlayout_Draw: (0023f7b0) struct dwrite_textlayout* This=(nil) (local [RSP+496]) BOOL disabled=0 (local [RSP+204]) BOOL skiptransform=0 (local [RSP+540]) struct layout_effective_inline* inlineobject=0x1100000000 (local [RSP+528]) struct layout_effective_run* run=0x182 (local [RSP+520]) struct layout_strikethrough* s=0x14134802b (local [RSP+512]) struct layout_underline* u=0x678af80 (local [RSP+504]) FLOAT det=0.000000 (local [RSP+200]) FLOAT ppdip=0.000000 (local [RSP+196]) DWRITE_MATRIX m={m11=0.000000, m12=0.000000, m21=0.000000, m22=0.000000, dx=0.000000, dy=0.000000} (local [RSP+160]) HRESULT hr=0 (local [RSP+480]) ...
Wine-dbg>n Unhandled exception: page fault on read access to 0x806ed74ee in 64-bit code (0x00007f41578debb3). 0030:fixme:dbghelp:interpret_function_table_entry PUSH_MACHFRAME 6 0030:fixme:dbghelp:interpret_function_table_entry PUSH_MACHFRAME 6 Register dump: rip:00007f41578debb3 rsp:000000000023f1f0 rbp:000000000023f260 eflags:00010306 ( R- -- IT - -P- ) rax:0000000806ed74e8 rbx:00000000098eeba0 rcx:0000000005be0f30 rdx:0000000006ed74f0 rsi:0000000000000000 rdi:000000000023f200 r8:00000000098eeba0 r9:00000000000000ff r10:0000000007ff94f0 r11:0000000005be0f48 r12:00000000ffffffff r13:0000000000000001 r14:0000000000000000 r15:0000000000000000 Stack dump: 0x000000000023f1f0: 0000034446505853 0000000005be0f30 0x000000000023f200: 0000000000000000 0000000000000000 0x000000000023f210: 0000000000000000 0000000000000000 0x000000000023f220: 0000000000000000 0000000000000000 0x000000000023f230: 0000000000000000 0000000000000000 0x000000000023f240: ffffffff00000000 0000000000000000 0x000000000023f250: 000000000023f360 0000000005be0f30 0x000000000023f260: 000000000023f560 00007f41578e63b9 0x000000000023f270: 000000000023f360 000000007bcadd1c 0x000000000023f280: 8000400500000011 00007fffffea8000 0x000000000023f290: 000000000023f7b0 0000000000000038 0x000000000023f2a0: 00000000098eeb98 0000000205440000 Backtrace: =>0 0x00007f41578debb3 layout_compute_effective_runs+0x376() [/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:2092] in dwrite (0x000000000023f260) 1 0x00007f41578e63b9 dwritetextlayout_Draw+0x1b0() [/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3466] in dwrite (0x000000000023f560) 2 0x00000001412e2590 in rekordbox (+0x12e258f) (0x000000000023f7b0) 3 0x00000001412e2352 in rekordbox (+0x12e2351) (0x000000000023f870) 4 0x000000014133467a in rekordbox (+0x1334679) (0x000000000023f870) 0x00007f41578debb3 layout_compute_effective_runs+0x376 [/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:2092] in dwrite: movzbl 0x0000000000000006(%rax),%eax 2092 else if (layout->clustermetrics[layout->cluster_count - 1].isNewline)
--- snip ---
Additional debug trace before the crash to show the member values (64-bit winedbg is bugged):
--- snip --- 0068:trace:dwrite:layout_compute_effective_runs *** layout->len=17, layout->cluster_count=0, layout->clustermetrics=0x3477570 --- snip ---
Source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/dwrite/layout.c#l2020
--- snip --- 2020 static HRESULT layout_compute_effective_runs(struct dwrite_textlayout *layout) 2021 { 2022 BOOL is_rtl = layout->format.readingdir == DWRITE_READING_DIRECTION_RIGHT_TO_LEFT; 2023 struct layout_effective_run *erun, *first_underlined; 2024 UINT32 i, start, textpos, last_breaking_point; 2025 DWRITE_LINE_METRICS1 metrics; 2026 FLOAT width; 2027 UINT32 line; 2028 HRESULT hr; 2029 2030 if (!(layout->recompute & RECOMPUTE_LINES)) 2031 return S_OK; 2032 2033 free_layout_eruns(layout); 2034 2035 hr = layout_compute(layout); 2036 if (FAILED(hr)) 2037 return hr; ... 2086 /* Add dummy line if: 2087 - there's no text, metrics come from first range in this case; 2088 - last ended with a mandatory break, metrics come from last text position. 2089 */ 2090 if (layout->len == 0) 2091 hr = layout_set_dummy_line_metrics(layout, 0); 2092 else if (layout->clustermetrics[layout->cluster_count - 1].isNewline) 2093 hr = layout_set_dummy_line_metrics(layout, layout->len - 1); 2094 if (FAILED(hr)) 2095 return hr; --- snip ---
-> out of bounds access
Workarounds:
* 'winetricks -q corefonts'
or (less preferred):
* WINEDLLOVERRIDES=dwrite=d wine ./rekordbox.exe
With this in place the app starts and shows the main user interface.
$ sha1sum Install_rekordbox_x64_5_3_0.* da2aac3a54cdbb0122937eab67a8a83942b18679 Install_rekordbox_x64_5_3_0.zip
$ du -sh Install_rekordbox_x64_5_3_0.* 228M Install_rekordbox_x64_5_3_0.zip
$ wine --version wine-3.13
Regards
https://bugs.winehq.org/show_bug.cgi?id=45535
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://rekordbox.com/_app/ | |files/Install_rekordbox_x64 | |_5_3_0.zip Keywords| |download, win64 CC| |bunglehead@gmail.com See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=45514
https://bugs.winehq.org/show_bug.cgi?id=45535
--- Comment #1 from Nikolay Sivov bunglehead@gmail.com --- Created attachment 61945 --> https://bugs.winehq.org/attachment.cgi?id=61945 patch
Strangely I don't see a crash myself, and I don't have Verdana installed. Does this work?
https://bugs.winehq.org/show_bug.cgi?id=45535
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Nikolay,
yes your patch fixes the crash and allows the app to run without 'winetricks -q corefonts'. There are very few UI cases where it doesn't render text without 'corefonts' or 'Verdana' ('~/.cache/winetricks/corefonts/verdan32.exe').
For example 'File' -> 'Library' -> 'Backup Library' -> empty message window (button to dismiss window is shown). But that looks like another (known) problem, maybe font substitution/face name.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Pioneer/rekordbox 5.3.0
$ WINEDEBUG=+seh,+loaddll,+dwrite wine ./rekordbox.exe >>log.txt 2>&1 ... 0030:trace:dwrite:localizedstrings_GetString (0x54e4c10)->(0 0x23eb30 255) 0030:warn:dwrite:layout_resolve_fonts [0,17): failed to map family L"Verdana", collection 0x7d0f30, hr 0x80004005. 0030:trace:dwrite:dwritefontcollection_Release (0x7d0f30)->(5) 0030:trace:dwrite:fontfallback_Release (0x9b5fe20) 0030:trace:dwrite:shareddwritefactory_Release (0x7999d0) 0030:warn:dwrite:layout_compute_runs Failed to resolve layout fonts, hr 0x80004005. 0030:trace:dwrite:layout_compute run [0,16], len 17, bidilevel 0 0030:trace:dwrite:dwritetextlayout_Draw (0x6c9c5f0)->(0x67ea640 0x9907600 0.00 0.00) 0030:trace:dwrite:dwritetextlayout_GetLineMetrics (0x6c9c5f0)->(0x8494020 0 0x23f5f0) 0030:trace:dwrite:dwritetextlayout_Release (0x6c9c5f0)->(0) 0030:trace:dwrite:shareddwritefactory_Release (0x7999d0) 0030:trace:dwrite:dwritefontcollection_Release (0x7d0f30)->(4) 0030:trace:dwrite:dwritefontcollection_Release (0x7d0f30)->(3) 0030:trace:dwrite:dwritefontcollection_Release (0x7d0f30)->(2) 0030:trace:dwrite:dwritefontface_GetGlyphIndices (0x5578ce0)->(0x6f5edb4 17 0x9b4c470) 0030:trace:dwrite:dwritefontface_GetDesignGlyphMetrics (0x5578ce0)->(0x9b4c470 17 0x6c9c5f0 0) 0030:trace:dwrite:dwritefontface_GetGlyphIndices (0x5578ce0)->(0x143233504 0 0x8c26010) 0030:trace:dwrite:dwritefontface_GetDesignGlyphMetrics (0x5578ce0)->(0x8c26010 0 0x9096390 0) 0030:trace:dwrite:dwritefontface_GetGlyphIndices (0x9d347d0)->(0x6e25804 17 0x9b4c470) 0030:trace:dwrite:dwritefontface_GetDesignGlyphMetrics (0x9d347d0)->(0x9b4c470 17 0x6c9c5f0 0) 0030:trace:dwrite:dwritefontcollection_FindFamilyName (0x7d0f30)->(L"Verdana" 0x23f5e0 0x23f5d0) 0030:trace:dwrite:localizedstrings_GetCount (0x7d1af0) 0030:trace:dwrite:localizedstrings_GetString (0x7d1af0)->(0 0x23f180 255) ... --- snip ---
Regards
https://bugs.winehq.org/show_bug.cgi?id=45535
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |470ed3c559c89d7bc9ee3fd3a9a | |fbf19ea6e7aad Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #3 from Nikolay Sivov bunglehead@gmail.com --- This should work now, 470ed3c559c89d7bc9ee3fd3a9afbf19ea6e7aad.
https://bugs.winehq.org/show_bug.cgi?id=45535
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.14.
https://bugs.winehq.org/show_bug.cgi?id=45535
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|bunglehead@gmail.com |
https://bugs.winehq.org/show_bug.cgi?id=45535
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |3.0.x
https://bugs.winehq.org/show_bug.cgi?id=45535
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|3.0.x |---
--- Comment #5 from Michael Stefaniuc mstefani@winehq.org --- Removing the 3.0.x milestone from bug fixes included in 3.0.4.
https://bugs.winehq.org/show_bug.cgi?id=45535
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://rekordbox.com/_app/ |https://web.archive.org/web |files/Install_rekordbox_x64 |/20190405195012/https://rek |_5_3_0.zip |ordbox.com/_app/files/Insta | |ll_rekordbox_x64_5_3_0.zip
-
wine-bugs@winehq.org -
WineHQ Bugzilla