https://bugs.winehq.org/show_bug.cgi?id=48559
Bug ID: 48559 Summary: The VisioBible software is freezing when you select the Bible module - RST, the book - Esther, chapter 3 Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: leonm@ya.ru Distribution: ---
The program in which the problem is found is VisioBible. To reproduce the error, you need to select the Bible module - RST, the book - Esther, chapter 3, then this leads to the program freezing with the indicated error. In Windows a similar problem it is not observed.
In the text of the module, some pieces of text are surrounded by square brackets. Large inserts of noncanonical text lead to the described problem. Small pieces do not interfere with work. The RST module that is installed with VisioBible by default contains a defect. In the attachment is the corrected Esther RST module book file.
A well-functioning RST module file is embedded in the crash.tar.gz archive named ru17.htm
The location of the installed problem module: ~/.wine/drive_c/ProgramData/VisioBible V2.3/Modules/RST
Links for downloading regular and portable versions of the program: https://www.visiobible.org.ua/index.php?page=getfile&file=SetupVisioBibl... https://www.visiobible.org.ua/index.php?page=getfile&file=VisioBible2.3....
https://bugs.winehq.org/show_bug.cgi?id=48559
leonm leonm@ya.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Distribution|--- |Mint
https://bugs.winehq.org/show_bug.cgi?id=48559
Roman Pišl rpisl@seznam.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rpisl@seznam.cz
--- Comment #1 from Roman Pišl rpisl@seznam.cz --- Created attachment 66393 --> https://bugs.winehq.org/attachment.cgi?id=66393 Crash log
This is probably a kind of buffer overflow. It locks in infinite loop after "*** stack smashing detected ***: <unknown> terminated".
Valgrind didn't help me as it reported too many errors and crashed before program even started.
Problem does not occur after shortening longest paragraphs (i.e. glava3/13, glava4/17..).
https://bugs.winehq.org/show_bug.cgi?id=48559
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xerox.xerox2000x@gmail.com
--- Comment #2 from Louis Lenders xerox.xerox2000x@gmail.com --- (In reply to Roman Pišl from comment #1)
Created attachment 66393 [details] Crash log
This is probably a kind of buffer overflow. It locks in infinite loop after "*** stack smashing detected ***: <unknown> terminated".
0009:trace:seh:raise_exception code=80000101
Hi, quick search for the error on google pointed to (already closed )bugzilla riched20 error. In the log it says:
0009:warn:ntdll:FILE_CreateFile L"\??\C:\VisioBible\riched20.dll" not found (c0000034)
So "winetricks riched20" is worth a try I guess
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #3 from Roman Pišl rpisl@seznam.cz --- Created attachment 66394 --> https://bugs.winehq.org/attachment.cgi?id=66394 Quick fix - patch
I tracked down the problem to winproc.c. The attached workaround/patch fixes the issue.
There are too many fixed buffers in the code. The file would probably need some attention..
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #4 from Roman Pišl rpisl@seznam.cz --- It seems to me that the other fixed buffers are used correctly. I will try to fix this one.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #5 from Roman Pišl rpisl@seznam.cz --- Patch sent: https://source.winehq.org/patches/data/178168
https://bugs.winehq.org/show_bug.cgi?id=48559
François Gouget fgouget@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fgouget@codeweavers.com Keywords| |patch
https://bugs.winehq.org/show_bug.cgi?id=48559
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=48559
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |galtgendo@o2.pl
--- Comment #6 from Zeb Figura z.figura12@gmail.com --- *** Bug 55960 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=48559
temp82@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |temp82@luukku.com
--- Comment #7 from temp82@luukku.com --- this bug report doesn't have component setup right. great find, who knows how many duplicate reports it fixes eventually.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #8 from Rafał Mużyło galtgendo@o2.pl --- Nice find indeed...
Interesting solution, if it works.
Also interesting if other places with such constructs can be similarly triggered.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #9 from Roman Pišl rpisl@seznam.cz --- Created attachment 75642 --> https://bugs.winehq.org/attachment.cgi?id=75642 user32: Avoid buffer overflow on long texts in winproc.
Rebased patch that removes remaining fixed buffers in user32.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #10 from Roman Pišl rpisl@seznam.cz --- Created attachment 75643 --> https://bugs.winehq.org/attachment.cgi?id=75643 user32: Remove superfluous fixme.
This patch removes a dead code.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #11 from Rafał Mużyło galtgendo@o2.pl --- I can't say I really understand the question from mr4682, but my 'msg' LB_ADDSTRING content were lines like:
msg:WINPROC_CallProcAtoW (hwnd=00010072,msg=LB_ADDSTRING,wp=00000000,lp=1a4915c4)
If clarification needed, ask a more detailed question.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #12 from Roman Pišl rpisl@seznam.cz --- (In reply to Rafał Mużyło from comment #11)
I can't say I really understand the question from mr4682, but my 'msg' LB_ADDSTRING content were lines like:
msg:WINPROC_CallProcAtoW (hwnd=00010072,msg=LB_ADDSTRING,wp=00000000,lp=1a4915c4)
If clarification needed, ask a more detailed question.
Does the patch from comment 9 fix the issue for you? Just to be sure it is really a duplicate..
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #13 from Rafał Mużyło galtgendo@o2.pl --- ...:....:...
Yes, that patch seems to work just as well as increasing the buffer size did in this case and is likely better as a concept.
https://bugs.winehq.org/show_bug.cgi?id=48559
--- Comment #14 from Roman Pišl rpisl@seznam.cz --- Created attachment 75718 --> https://bugs.winehq.org/attachment.cgi?id=75718 Trace just before the crash
Trace with WINEDEBUG=+relay,+msg