http://bugs.winehq.org/show_bug.cgi?id=26389
Summary: Win3.1 Notepad crashes when opening a large file Product: Wine Version: 1.2.2 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: spammis@spam.la
Created an attachment (id=33605) --> (http://bugs.winehq.org/attachment.cgi?id=33605) DOSBox (left) and Wine (right)
This bug applies to the version of Notepad bundled with Windows 3.1.
Old versions of Notepad can't open big text files. Instead, Notepad displays a message saying "The file FILENAME is too large for Notepad. Use another editor to edit the file." Wine crashes instead of displaying this message.
A giant file can be created in numerous ways. I used a small python script: for i in range(1999999): print i "python script.py > giant.txt" gives a giant file.
I tried opening the file using Wine running Notepad and using DOSBox running Windows 3.1 running Notepad. Windows 3.1 is just a normal DOS application, so it runs fine under DOSBox. I'm attaching a PNG file displaying the differences between Wine and DOSBox. In this case, DOSBox is correct while Wine is wrong.
http://bugs.winehq.org/show_bug.cgi?id=26389
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
--- Comment #1 from André H. nerv@dawncrow.de 2011-03-13 08:56:22 CDT --- please try again with wine-1.3.15
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #2 from Spammer spammis@spam.la 2011-03-14 11:01:01 CDT --- I'm not too happy about installing beta software, but never mind: I installed Wine 1.3.15 anyway. The bug is still present.
I tried opening the file in two ways: by using "wine notepad" and clicking on "File: Open" and by using "wine notepad filename". The terminal output depends on how I try to run Notepad. I only see the Notepad window if I'm using "wine notepad"; if I'm using "wine notepad filename", the only window I see is the one informing me of the crash.
$ wine --version wine-1.3.15
Option 1 (wine notepad): $ wine notepad wine: Unhandled page fault on read access to 0x00000000 at address 0x6821a925 (thread 0022), starting debugger... fixme:dbghelp:addr_to_linear Failed to linearize address c011:df01 (mode 0)
Option 2 (wine notepad filename): $ wine notepad ../giant.txt wine: Unhandled page fault on read access to 0x00000000 at address 0x6839d925 (thread 0022), starting debugger... fixme:dbghelp:addr_to_linear Failed to linearize address ea11:e704 (mode 0) fixme:dbghelp:addr_to_linear Failed to linearize address 0111:df0c (mode 0) fixme:dbghelp:addr_to_linear Failed to linearize address 8100:123 (mode 0) err:ntdll:RtlpWaitForCriticalSection section 0x6860e700 "syslevel.c: Win16Mutex" wait timed out in thread 0021, blocked by 0022, retrying (60 sec)
Regardless of how I'm starting Wine, the only way to stop it seems to be to press ^C in the terminal I started it from.
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #3 from Bruno Jesus 00cpxxx@gmail.com 2011-11-19 17:02:31 CST --- Created attachment 37537 --> http://bugs.winehq.org/attachment.cgi?id=37537 crash in 1.3.33
Still present in 1.3.33. The backtrace seems to be helpful.
http://bugs.winehq.org/show_bug.cgi?id=26389
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |00cpxxx@gmail.com Ever Confirmed|0 |1
--- Comment #4 from Bruno Jesus 00cpxxx@gmail.com 2011-11-19 17:03:35 CST --- I can confirm this issue in 1.3.33.
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #5 from André H. nerv@dawncrow.de 2011-11-20 06:25:34 CST --- (In reply to comment #3)
Created attachment 37537 [details] crash in 1.3.33
Still present in 1.3.33. The backtrace seems to be helpful.
seems to me like EDIT_EM_SetHandle calling get_text_length which calls and crashes in strlenW could you pls debug this further by adding some TRACEs or ERRs in that functions
http://bugs.winehq.org/show_bug.cgi?id=26389
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #37537|0 |1 is obsolete| |
--- Comment #5 from André H. nerv@dawncrow.de 2011-11-20 06:25:34 CST --- (In reply to comment #3)
Created attachment 37537 [details] crash in 1.3.33
Still present in 1.3.33. The backtrace seems to be helpful.
seems to me like EDIT_EM_SetHandle calling get_text_length which calls and crashes in strlenW could you pls debug this further by adding some TRACEs or ERRs in that functions
--- Comment #6 from Bruno Jesus 00cpxxx@gmail.com 2011-11-20 10:56:10 CST --- Created attachment 37552 --> http://bugs.winehq.org/attachment.cgi?id=37552 +user32 -O0
After recompiling with -O0 I reached the crash point. The function get_text_length (edit.c:258) is called with a NULL es->text parameter making strlenW crash. Better backtrace attached.
The "hide the bug" solution works very well and makes wine behave correctly:
static inline UINT get_text_length(EDITSTATE *es) { - if(es->text_length == (UINT)-1) + if(!es->text) + es->text_length = 0; + else if(es->text_length == (UINT)-1) es->text_length = strlenW(es->text); return es->text_length; }
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #7 from Bruno Jesus 00cpxxx@gmail.com 2011-11-20 11:09:50 CST --- The agressor is in EDIT_LockBuffer:
Line 1195 es->text = LocalLock(es->hloc32W);
This memory alloc fails and is not tested, fortunately the next function called (MultiByteToWideChar) protects itself agains NULL pointers.
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #8 from Bruno Jesus 00cpxxx@gmail.com 2011-12-03 07:55:09 CST --- Created attachment 37766 --> http://bugs.winehq.org/attachment.cgi?id=37766 1.3.34 +edit log
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #9 from Bruno Jesus 00cpxxx@gmail.com 2013-05-27 21:22:25 CDT --- Still in wine 1.5.31.
http://bugs.winehq.org/show_bug.cgi?id=26389
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |win16 CC| |damjan.jov@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=26389
hanska2@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hanska2@luukku.com
--- Comment #10 from hanska2@luukku.com --- I know Bruno that you are busy but maybe you should look into this bug because you have so much analyzed the problem already.
http://bugs.winehq.org/show_bug.cgi?id=26389
--- Comment #11 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to hanska2 from comment #10)
I know Bruno that you are busy but maybe you should look into this bug because you have so much analyzed the problem already.
My solution to this bug was wrong so it was rejected, I have no idea what else it could be.
https://bugs.winehq.org/show_bug.cgi?id=26389
Detlef Riekenberg wine.dev@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wine.dev@web.de
https://bugs.winehq.org/show_bug.cgi?id=26389
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
https://bugs.winehq.org/show_bug.cgi?id=26389
Alex Bradbury asb@asbradbury.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |asb@asbradbury.org
--- Comment #12 from Alex Bradbury asb@asbradbury.org --- I can't reproduce this on wine 6.15 - I'm getting the expected "file is too large" error.
-
wine-bugs@winehq.org -
WineHQ Bugzilla