http://bugs.winehq.org/show_bug.cgi?id=29614
Bug #: 29614 Summary: WinRAR viewer crashes on a particular file Product: Wine Version: 1.3.37 Platform: x86 URL: http://www.rarlabs.com/rar/wrar401.exe OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: richedit AssignedTo: wine-bugs@winehq.org ReportedBy: t.artem@mailcity.com Classification: Unclassified
Created attachment 38365 --> http://bugs.winehq.org/attachment.cgi?id=38365 Test file
When trying to view the attached file, WinRAR crashes.
Steps to reproduce, download the file, install and run WinRAR, click Commands -> View File (Alt + V).
(Viewer settings: view as Windows text, word wrap enabled).
caret.c:208: ME_GetCursorCoordinates: Assertion `~para->member.para.nFlags & 0x01' failed. wine: Assertion failed at address 0xb776f424 (thread 0046), starting debugger... Unhandled exception: assertion failed in 32-bit code (0xb776f424). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:b776f424 ESP:00322904 EBP:0032291c EFLAGS:00000202( - -- I - - - ) EAX:00000000 EBX:00006589 ECX:00006589 EDX:00000006 ESI:b758b74a EDI:b75c7ff4 Stack dump: 0x00322904: 0032291c 00000006 00006589 b746d2f1 0x00322914: b75c7ff4 00322a3c 00322a44 b746ed5e 0x00322924: 00000006 003229bc 00000000 b75c7ff4 0x00322934: 00000060 00000001 00322a54 00322980 0x00322944: 00000000 00000068 0000005c b75c93a0 0x00322954: b75c7ff4 0000005c 0000005b 00322a2c Backtrace: =>0 0xb776f424 __kernel_vsyscall+0x10() in [vdso].so (0x0032291c) 1 0xb746d2f1 gsignal+0x50() in libc.so.6 (0x0032291c) 2 0xb746ed5e abort+0x17d() in libc.so.6 (0x00322a44) 3 0xb7465c08 __assert_fail+0xf7() in libc.so.6 (0x00322a8c) 4 0x7dbc5657 ME_MoveCaret+0x496() in riched20 (0x00322b5c) 5 0x7dbd79c2 ME_PaintContent+0xc1() in riched20 (0x00322c0c) 6 0x7dbd399d RichEditWndProc_common+0x3bc() in riched20 (0x00322ccc) 7 0x7dbd3ccc RichEditWndProcW+0x2b() in riched20 (0x00322cfc) 8 0x7ec2b4ea WINPROC_wrapper+0x19() in user32 (0x00322d2c) 9 0x7ec2bc3c call_window_proc+0x5b() in user32 (0x00322d7c) 10 0x7ec2e10d WINPROC_call_window+0x10c() in user32 (0x00322dcc) 11 0x7ebf0b0e DispatchMessageW+0x9d() in user32 (0x00322ebc) 12 0x0049aa76 in winrar (+0x9aa75) (0x00328308) 13 0x7dbcf53b ME_HandleMessage+0xcba() in riched20 (0x00328c48) 14 0x7dbd3764 RichEditWndProc_common+0x183() in riched20 (0x00328d08) 15 0x7dbd3ccc RichEditWndProcW+0x2b() in riched20 (0x00328d38) 16 0x7ec2b4ea WINPROC_wrapper+0x19() in user32 (0x00328d68) 17 0x7ec2bc3c call_window_proc+0x5b() in user32 (0x00328db8) 18 0x7ec2e10d WINPROC_call_window+0x10c() in user32 (0x00328e08) 19 0x7ebeec61 call_window_proc+0x90() in user32 (0x00328e78) 20 0x7ebf5456 send_message+0x205() in user32 (0x00328ef8) 21 0x7ebf58cc SendMessageW+0x4b() in user32 (0x00328f48) 22 0x0049dbf5 in winrar (+0x9dbf4) (0x7ebf5880) 23 0x458b48ec (0x83e58955) 0xb776f424 __kernel_vsyscall+0x10 in [vdso].so: popl %ebp Modules: ... Backtrace: =>0 0xb776f424 __kernel_vsyscall+0x10() in [vdso].so (0x0032291c) 1 0xb746d2f1 gsignal+0x50() in libc.so.6 (0x0032291c) 2 0xb746ed5e abort+0x17d() in libc.so.6 (0x00322a44) 3 0xb7465c08 __assert_fail+0xf7() in libc.so.6 (0x00322a8c) 4 0x7dbc5657 ME_MoveCaret+0x496() in riched20 (0x00322b5c) 5 0x7dbd79c2 ME_PaintContent+0xc1() in riched20 (0x00322c0c) 6 0x7dbd399d RichEditWndProc_common+0x3bc() in riched20 (0x00322ccc) 7 0x7dbd3ccc RichEditWndProcW+0x2b() in riched20 (0x00322cfc) 8 0x7ec2b4ea WINPROC_wrapper+0x19() in user32 (0x00322d2c) 9 0x7ec2bc3c call_window_proc+0x5b() in user32 (0x00322d7c) 10 0x7ec2e10d WINPROC_call_window+0x10c() in user32 (0x00322dcc) 11 0x7ebf0b0e DispatchMessageW+0x9d() in user32 (0x00322ebc) 12 0x0049aa76 in winrar (+0x9aa75) (0x00328308) 13 0x7dbcf53b ME_HandleMessage+0xcba() in riched20 (0x00328c48) 14 0x7dbd3764 RichEditWndProc_common+0x183() in riched20 (0x00328d08) 15 0x7dbd3ccc RichEditWndProcW+0x2b() in riched20 (0x00328d38) 16 0x7ec2b4ea WINPROC_wrapper+0x19() in user32 (0x00328d68) 17 0x7ec2bc3c call_window_proc+0x5b() in user32 (0x00328db8) 18 0x7ec2e10d WINPROC_call_window+0x10c() in user32 (0x00328e08) 19 0x7ebeec61 call_window_proc+0x90() in user32 (0x00328e78) 20 0x7ebf5456 send_message+0x205() in user32 (0x00328ef8) 21 0x7ebf58cc SendMessageW+0x4b() in user32 (0x00328f48) 22 0x0049dbf5 in winrar (+0x9dbf4) (0x7ebf5880) 23 0x458b48ec (0x83e58955)
http://bugs.winehq.org/show_bug.cgi?id=29614
Artem S. Tashkinov t.artem@mailcity.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #1 from Bruno Jesus 00cpxxx@gmail.com 2012-01-15 12:46:50 CST --- Created attachment 38369 --> http://bugs.winehq.org/attachment.cgi?id=38369 1.3.37 backtrace with debug symbols
http://bugs.winehq.org/show_bug.cgi?id=29614
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |00cpxxx@gmail.com Ever Confirmed|0 |1
--- Comment #2 from Bruno Jesus 00cpxxx@gmail.com 2012-01-15 12:48:47 CST --- I can confirm this issue and can confirm winetricks riched20 works around it.
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #3 from Bruno Jesus 00cpxxx@gmail.com 2012-04-15 15:27:58 CDT --- Still present in wine 1.5.2.
http://bugs.winehq.org/show_bug.cgi?id=29614
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com
--- Comment #4 from GyB gyebro69@gmail.com 2012-09-23 03:12:58 CDT --- According to my testing, this bug has been fixed in Wine 1.5.13, thanks to this commit: http://source.winehq.org/git/wine.git/commitdiff/2eebedf38e4d5fd49075f8f89e6...
I should add that the crash happened only in full screen mode (but not in virtual desktop mode).
Please retest with 1.5.13 or newer and confirm the fixed state.
Fedora 17 X.Org X Server 1.12.3 Gnome 3.4.2
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #5 from Artem S. Tashkinov t.artem@mailcity.com 2012-09-23 11:44:19 CDT --- Created attachment 41790 --> http://bugs.winehq.org/attachment.cgi?id=41790 Wine 1.5.13 backtrace
(In reply to comment #4)
Please retest with 1.5.13 or newer and confirm the fixed state.
Fedora 17 X.Org X Server 1.12.3 Gnome 3.4.2
Not fixed in Wine 1.5.13 here:
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #6 from Artem S. Tashkinov t.artem@mailcity.com 2012-09-29 06:59:11 CDT --- This bug is reproducible in Wine 1.5.14 as well.
http://bugs.winehq.org/show_bug.cgi?id=29614
Ken Sharp kennybobs@o2.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |kennybobs@o2.co.uk Resolution| |FIXED
--- Comment #7 from Ken Sharp kennybobs@o2.co.uk 2013-07-14 19:02:05 CDT --- No crash here in wine-1.6-rc4.
http://bugs.winehq.org/show_bug.cgi?id=29614
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Alexandre Julliard julliard@winehq.org 2013-08-02 13:18:14 CDT --- Closing bugs fixed in 1.7.0.
http://bugs.winehq.org/show_bug.cgi?id=29614
Artem S. Tashkinov t.artem@mailcity.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED |
--- Comment #9 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-18 16:29:31 CDT --- Crashes in Wine 1.7.1 here as well.
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #10 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 01:46:22 CDT --- Created attachment 45995 --> http://bugs.winehq.org/attachment.cgi?id=45995 backtrace for wine 1.7.2
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #11 from Ken Sharp kennybobs@o2.co.uk 2013-09-19 03:58:03 CDT --- Still works fine.
Architecture: amd64 Source: eglibc Version: 2.15-0ubuntu10.4
What version of libc6 are you using?
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #12 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 05:00:04 CDT --- (In reply to comment #11)
Still works fine.
Architecture: amd64 Source: eglibc Version: 2.15-0ubuntu10.4
What version of libc6 are you using?
I'm on CentOS 6.4, that is glibc-2.12-1.107.el6_4.4.i686
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #13 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 05:12:14 CDT --- Created attachment 45999 --> http://bugs.winehq.org/attachment.cgi?id=45999 backtrace for wine 1.7.2 with debug symbols
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #14 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 05:13:59 CDT --- *** Bug 34548 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #15 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 05:15:40 CDT --- This is missing from a backtrace:
err:listview:LISTVIEW_WindowProc unknown msg 108c wp=00000000 lp=00000000 err:listview:LISTVIEW_WindowProc unknown msg 108c wp=00000000 lp=00000000 err:shell:SHGetFileInfoW pidl is null! fixme:richedit:ME_HandleMessage EM_GETLANGOPTIONS: stub fixme:richedit:ME_HandleMessage EM_SETLANGOPTIONS: stub caret.c:211: ME_GetCursorCoordinates: Assertion `~para->member.para.nFlags & 0x01' failed. wine: Assertion failed at address 0xb77b7424 (thread 0009), starting debugger...
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #16 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 05:20:00 CDT --- This bug is definitely not fixed - I've just run WinRAR with native riched{2|3}0.dll's and everything works fine.
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #17 from Austin English austinenglish@gmail.com 2013-09-19 18:12:49 CDT --- In bug 34548, you mentioned the bug only occurring if -g is not used. I compiled riched20/riched32 without -g, but it still works fine. I also tried compiling all of wine without -g, still works.
What gcc version are you using (I'm on 4.8.1). Can you narrowing down what file has the issue?
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #18 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-19 23:53:01 CDT --- (In reply to comment #17)
In bug 34548, you mentioned the bug only occurring if -g is not used. I compiled riched20/riched32 without -g, but it still works fine. I also tried compiling all of wine without -g, still works.
What gcc version are you using (I'm on 4.8.1). Can you narrowing down what file has the issue?
-g is irrelevant - it worked by pure luck, i.e. it doesn't really work.
My compiler is different - I'm using GCC 4.5.4 vanilla straight from gcc.gnu.org
My arch is i686, I'm using these complication flags: "-march=native -O2 -pipe".
BTW, I guess
caret.c:211: ME_GetCursorCoordinates: Assertion `~para->member.para.nFlags & 0x01' failed. wine: Assertion failed at address 0xb77b7424 (thread 0009), starting debugger...
is the reason Wine is crashing here, it's still strange you don't hit this code.
And this bug absolutely depends on my registry settings - with a clean ~/.wine WinRAR doesn't crash. I can send you my system.reg and user.reg if you're interested - I won't post them here, as they may contain private information.
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #19 from Austin English austinenglish@gmail.com 2013-09-20 02:23:23 CDT --- Can you try with march please?
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #20 from Artem S. Tashkinov t.artem@mailcity.com 2013-09-20 02:30:48 CDT --- (In reply to comment #19)
Can you try with march please?
What -march? ;-)
http://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #21 from Austin English austinenglish@gmail.com 2013-09-23 13:24:09 CDT --- (In reply to comment #20)
(In reply to comment #19)
Can you try with march please?
What -march? ;-)
Without*
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #22 from Artem S. Tashkinov t.artem@mailcity.com --- (In reply to Austin English from comment #21)
(In reply to comment #20)
(In reply to comment #19)
Can you try with march please?
What -march? ;-)
Without*
Unhandled exception: assertion failed in 32-bit code (0xb77d4cac). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:b77d4cac ESP:003258b4 EBP:003258cc EFLAGS:00000202( - -- I - - - ) EAX:00000000 EBX:00003aa4 ECX:00003aa4 EDX:00000006 ESI:00000000 EDI:b75b6ff4 Stack dump: 0x003258b4: 003258cc 00000006 00003aa4 b744e861 0x003258c4: b75b6ff4 003259ec 003259f4 b745013a 0x003258d4: 00000006 0032596c 00000000 7d9e7690 0x003258e4: b75b83d0 b75b6ff4 b75b83a0 00000000 0x003258f4: 00325914 00000001 b75b83a0 00000078 0x00325904: 7d9e7690 b75b6ff4 0000006e 0000006d Backtrace: =>0 0xb77d4cac __kernel_vsyscall+0x10() in [vdso].so (0x003258cc) 1 0xb744e861 gsignal+0x50() in libc.so.6 (0x003258cc) 2 0xb745013a abort+0x179() in libc.so.6 (0x003259f4) 3 0xb7447b7b __assert_fail_base+0x14a() in libc.so.6 (0x00325a38) 4 0xb7447c36 __assert_fail+0x55() in libc.so.6 (0x00325a58) 5 0x7ac1765a ME_MoveCaret+0x369() in riched20 (0x00325ae8) 6 0x7ac2a651 ME_PaintContent+0xc0() in riched20 (0x00325b78) 7 0x7ac26475 RichEditWndProc_common+0x3b4() in riched20 (0x00325c38) 8 0x7ac267ef RichEditWndProcW+0x2e() in riched20 (0x00325c68) 9 0x7eb1f06a WINPROC_wrapper+0x19() in user32 (0x00325c98) 10 0x7eb1f7ec call_window_proc+0x5b() in user32 (0x00325ce8) 11 0x7eb21cd0 WINPROC_call_window+0x10f() in user32 (0x00325d38) 12 0x7eae1962 DispatchMessageW+0xb1() in user32 (0x00325e48) 13 0x004c1612 in winrar (+0xc1611) (0x7eaac830) 14 0xfff0e483 (0x04244c8d) 0xb77d4cac __kernel_vsyscall+0x10 in [vdso].so: popl %ebp
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #23 from Artem S. Tashkinov t.artem@mailcity.com --- *** Bug 35070 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=29614
Marco klasse@partyheld.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |klasse@partyheld.de
--- Comment #24 from Marco klasse@partyheld.de --- On a side note, the same assertion fails in bug 39293 and bug 39342.
https://bugs.winehq.org/show_bug.cgi?id=29614
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #25 from winetest@luukku.com --- (In reply to Marco from comment #24)
On a side note, the same assertion fails in bug 39293 and bug 39342.
I think this bug somehow at somepoint evulated into a new bug which seems to be a dupe.
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #26 from Ken Sharp imwellcushtymelike@gmail.com --- Three years since the last try. Worth another try? Can you try a newer GCC too if it's still broken?
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #27 from Artem S. Tashkinov t.artem@mailcity.com --- Created attachment 59988 --> https://bugs.winehq.org/attachment.cgi?id=59988 Wine 3.0-rc1 backtrace
(In reply to Ken Sharp from comment #26)
Three years since the last try. Worth another try? Can you try a newer GCC too if it's still broken?
gcc-7.2.1-2.fc27.x86_64 WinRAR 5.5 x86 CFLAGS="-O2 -march=pentium-m -m32 -pipe"
Actually it didn't crash immediately but once I switched to the DOS encoding it did.
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #28 from Artem S. Tashkinov aros@gmx.com --- Wine 4.10 - no changes:
Backtrace: =>0 0xf7f4a112 length_mismatch+0xffffffff() in ld-linux.so.2 (0x0032685c) 1 0xf7bd5796 int_mallinfo+0xffffffff() in libc.so.6 (0x0032685c) 2 0xf7bbf37b int_mallinfo+0xffffffff() in libc.so.6 (0xf7d4ace0) 3 0xf7bbf27b int_mallinfo+0xffffffff() in libc.so.6 (0xf7d4ace0) 4 0xf7bcd57f int_mallinfo+0xffffffff() in libc.so.6 (0x00326b88) 5 0x7ac259e9 ME_GetCursorCoordinates+0x2b8() in riched20 (0x00326b88) 6 0x7ac25b29 update_caret.part+0x58() in riched20 (0x00326bc8) 7 0x7ac357ae RichEditWndProc_common+0x1ed() in riched20 (0x00326c78) 8 0x7ac35ceb RichEditWndProcW+0x2a() in riched20 (0x00326c98) 9 0x7ed9d15c WINPROC_wrapper+0x1b() in user32 (0x00326cc8) 10 0x7ed9d803 call_window_proc+0x62() in user32 (0x00326d28) 11 0x7ed9fb76 WINPROC_call_window+0x205() in user32 (0x00326d78) 12 0x7ed5faca DispatchMessageW+0xa9() in user32 (0x00326e88) 13 0x004e0e86 EntryPoint+0xffffffff() in winrar (0x7ed22930) 14 0xfff0e483 (0x04244c8d) 0xf7f4a112 length_mismatch+0xffffffff in ld-linux.so.2: ret
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #29 from Artem S. Tashkinov aros@gmx.com --- Wine 7.5 x86 + WinRAR 5.5 x86 (MD5SUM 62eab80792db53bf945ff0f835790d36 wrar-x86-550.exe): no crash with DOS/Windows/UTF-16/UTF-8 encodings.
However Wine still crashes this way:
1. View the file 2. Switch to UTF-16 3. Switch to UTF-8
Crash:
Assertion failed: ~para->nFlags & MEPF_REWRAP, file dlls/riched20/caret.c, line 232
https://bugs.winehq.org/show_bug.cgi?id=29614
--- Comment #30 from Artem S. Tashkinov aros@gmx.com --- Another issue (not sure if it warrants a separate bug report): switching between encodings takes forever vs. Windows where it's near instant.
https://bugs.winehq.org/show_bug.cgi?id=29614
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
--- Comment #31 from Austin English austinenglish@gmail.com --- (In reply to Artem S. Tashkinov from comment #29)
Wine 7.5 x86 + WinRAR 5.5 x86 (MD5SUM 62eab80792db53bf945ff0f835790d36 wrar-x86-550.exe): no crash with DOS/Windows/UTF-16/UTF-8 encodings.
However Wine still crashes this way:
- View the file
- Switch to UTF-16
- Switch to UTF-8
Crash:
Assertion failed: ~para->nFlags & MEPF_REWRAP, file dlls/riched20/caret.c, line 232
The same thing happens in the 'Speech' control panel applet installed by 'winetricks speechsdk'.
$ WINEARCH=win32 winetricks -q speechsdk $ wine control
Open 'Speech', then click 'Text to Speech' tab. Then click in the 'Use the following text to preview the voice:' box. => Assertion failed.
-
wine-bugs@winehq.org -
WineHQ Bugzilla