http://bugs.winehq.org/show_bug.cgi?id=29646
Bug #: 29646 Summary: Microsoft Wine Guide crashes after playing one video clip Product: Wine Version: 1.3.37 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: msvfw32 AssignedTo: wine-bugs@winehq.org ReportedBy: markk@clara.co.uk Classification: Unclassified
Created attachment 38424 --> http://bugs.winehq.org/attachment.cgi?id=38424 +mci log
This bug applies to Microsoft Wine Guide 1.0a, a multimedia CD-ROM from 1995.
There are various video clips which should play when the user clicks the appropriate icon. The clips are AVI files with names ending .CP, e.g. ACIDITY.CP, ALLABOUT.CP, INTRO.CP. Wine MCI (or msvfw32?) refuses to play them, since the file extension is not .avi. On Windows the videos play as they should.
After adding a registry key to associate the .cp extension with AVI files (in HKLM\Software\Microsoft\Windows NT\CurrentVersion\MCI Extensions), it is possible to play one video clip. However, after doing that, clicking on any link causes the program to crash. Navigating between links/pages works fine before playing a video clip.
The attached +mci log was created (after adding the registry key mentioned above) like this: - Start Microsoft Wine Guide - Click on icon to play introductory video clip - Click again on the video to stop it playing - Click "Wine tasting with Oz"
An extract from the log:
trace:mci:MCIWndProc MCIWNDM_SENDSTRINGA (invalid) wine: Unhandled page fault on read access to 0x12772fce at address 0xf7559bc6 (thread 0026), starting debugger... ... Backtrace: =>0 0xf7559bc6 in libc.so.6 (+0x7cbc6) (0x007bcfa8) 1 0x7bc687fc RtlInitAnsiString+0x2b(target=0x7bcfc8, source="") [/build/buildd/wine1.3-1.3.37/dlls/ntdll/rtlstr.c:105] in ntdll (0x007bcfa8) 2 0x7bc69ce9 RtlCreateUnicodeStringFromAsciiz+0x28(target=0x7bd50c, src="") [/build/buildd/wine1.3-1.3.37/dlls/ntdll/rtlstr.c:301] in ntdll (0x007bcfd8) 3 0x7e1fddd8 MCIWndProc+0xbd7(hWnd=0x2002a, wMsg=0x465, wParam=0, lParam=0x12772fc6) [/build/buildd/wine1.3-1.3.37/dlls/msvfw32/mciwnd.c:980] in msvfw32 (0x007bd578) 4 0x7ecc776a WINPROC_wrapper+0x19() in user32 (0x007bd5a8) ...
https://bugs.winehq.org/show_bug.cgi?id=29646
--- Comment #1 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.16 or newer) wine?
https://bugs.winehq.org/show_bug.cgi?id=29646
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |ABANDONED
--- Comment #2 from Austin English austinenglish@gmail.com --- (In reply to Austin English from comment #1)
This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.16 or newer) wine?
Abandoned.
https://bugs.winehq.org/show_bug.cgi?id=29646
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=29646
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |win16 Status|CLOSED |REOPENED Resolution|ABANDONED |--- Ever confirmed|0 |1
--- Comment #4 from Bruno Jesus 00cpxxx@gmail.com --- Confirming in wine 1.7.51.
https://bugs.winehq.org/show_bug.cgi?id=29646
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW CC| |00cpxxx@gmail.com Summary|Microsoft Wine Guide |Microsoft Wine Guide |crashes after playing one |crashes after playing one |video clip |video clip (app sends | |invalid string address to | |MCIWNDM_SENDSTRINGA)
--- Comment #5 from Bruno Jesus 00cpxxx@gmail.com --- The main issue here is that the application sends an invalid address in the SENDSTRING command, when the DLL tries to access it a crash happens.
trace:mci:MCIWndProc 0x10074 0465 00000000 12772fc6 trace:mci:MCIWndProc MCIWNDM_SENDSTRINGA (invalid)
The backtrace from comment 0 only shifted lines but it's identical to current wine. The invalid address (0x12772fc6) is always the same.
https://bugs.winehq.org/show_bug.cgi?id=29646
--- Comment #6 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Bruno Jesus from comment #5)
The main issue here is that the application sends an invalid address in the SENDSTRING command, when the DLL tries to access it a crash happens.
trace:mci:MCIWndProc 0x10074 0465 00000000 12772fc6 trace:mci:MCIWndProc MCIWNDM_SENDSTRINGA (invalid)
The backtrace from comment 0 only shifted lines but it's identical to current wine. The invalid address (0x12772fc6) is always the same.
The address 0x12772fc6 is not invalid, it's a 16-bit segment:offset pointer (0x1277:2fc6), and needs a translation using MapSL(). For instance have a look at the values in the backtrace: ... 13 0x126f:0x0250 (0x1277:0x94dc) 14 0x101f:0x0468 in krnl386.exe16 (+0x100af) (0x1277:0x9516)
https://bugs.winehq.org/show_bug.cgi?id=29646
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Microsoft Wine Guide |Microsoft Wine Guide |crashes after playing one |crashes after playing one |video clip (app sends |video clip (string sent to |invalid string address to |MCIWNDM_SENDSTRINGA needs |MCIWNDM_SENDSTRINGA) |previous translation from | |16-bit)
--- Comment #7 from Bruno Jesus 00cpxxx@gmail.com --- Thanks, Dmitry. I understand what you said but I don't know where to make that conversion after viewing the backtrace. All uses of MapSL seem to be in 16-bit DLLs so msvfw32 would need to receive the already mapped address.
https://bugs.winehq.org/show_bug.cgi?id=29646
--- Comment #8 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Bruno Jesus from comment #7)
Thanks, Dmitry. I understand what you said but I don't know where to make that conversion after viewing the backtrace. All uses of MapSL seem to be in 16-bit DLLs so msvfw32 would need to receive the already mapped address.
Probably the best fix would be to introduce 16-bit MCIWndProc handler.
https://bugs.winehq.org/show_bug.cgi?id=29646
--- Comment #9 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to Dmitry Timoshkov from comment #8)
Probably the best fix would be to introduce 16-bit MCIWndProc handler.
Thanks, I tried studying where to do that but it is beyond my comprehension.
https://bugs.winehq.org/show_bug.cgi?id=29646
--- Comment #10 from Dmitry Timoshkov dmitry@baikal.ru --- Created attachment 52330 --> https://bugs.winehq.org/attachment.cgi?id=52330 patch
Something like the attached patch may help.
https://bugs.winehq.org/show_bug.cgi?id=29646
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
--- Comment #11 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to Dmitry Timoshkov from comment #10)
Created attachment 52330 [details] patch
Something like the attached patch may help.
PERFECT, thanks so much Dmitry. The patch does fix the bug. The videos in the application work and there are no more crashes.
Now the line looks like: trace:mci:MCIWndProc MCIWNDM_SENDSTRINGA "close wait"
https://bugs.winehq.org/show_bug.cgi?id=29646
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |70161bc134ce8e7198d41c65ff1 | |47630a397f095 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #12 from Bruno Jesus 00cpxxx@gmail.com --- Fixed by http://source.winehq.org/git/wine.git/commitdiff/70161bc134ce8e7198d41c65ff1...
Thanks again, Dmitry.
https://bugs.winehq.org/show_bug.cgi?id=29646
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.52.
-
wine-bugs@winehq.org