http://bugs.winehq.org/show_bug.cgi?id=29004
Bug #: 29004 Summary: Crash in winhttp Product: Wine Version: 1.3.32 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winhttp AssignedTo: wine-bugs@winehq.org ReportedBy: rosslagerwall@gmail.com Classification: Unclassified
My application segfaults when it tries to use the winhttp dll. With the native windows winhttp.dll, it works perfectly.
Attached is the log from the program with WINEDEBUG=+winhttp.
To reproduce: Download http://www.numberwise.com/files/Numberwise-1.13.exe Install it. Run the program and enter random values for AccountNo, FirstName and Surname and then try and logon. The program will then segfault.
Compile by hand on Opensuse 11.4 64 bit with ./configure --prefix=/tmp
Thanks!
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #1 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-06 06:38:58 CST --- Created attachment 37333 --> http://bugs.winehq.org/attachment.cgi?id=37333 debug output
http://bugs.winehq.org/show_bug.cgi?id=29004
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #37333|application/octet-stream |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=29004
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|winhttp |-unknown Summary|Crash in winhttp |Unknown application crashes
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru 2011-11-06 08:32:59 CST --- The crash is not in winhttp.
http://bugs.winehq.org/show_bug.cgi?id=29004
ocean04@suomi24.fi changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ocean04@suomi24.fi
--- Comment #3 from ocean04@suomi24.fi 2011-11-06 09:02:54 CST --- winetricks winhttp helps, so winhttp is correct component
http://bugs.winehq.org/show_bug.cgi?id=29004
Vitaliy Margolen vitaliy-bugzilla@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.numberwise.com/f | |iles/Numberwise-1.13.exe Summary|Unknown application crashes |Numberwise crashes when | |trying to log-in
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #4 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-07 03:59:51 CST --- While the crash may not be in winhttp, it certainly doesn't happen with the native winhttp vs the builtin winhttp.
Anyway, I think it does happen *during* a call in winhttp. request_send_and_receive() in winhttp/request.c calls VariantChangeType() which eventually calls a bad memcpy(). This can be seen in the backtrace from the log: """ =>0 0xf74f0d16 memcpy+0x46() in libc.so.6 (0x0100e7b8) ... 5 0x7ea0a60c VariantChangeType+0x3b(pvargDest=0x100ea08, pvargSrc=0x1766c0, wFlags=0, vt=0x2011) [/home/ross/Downloads/wine-1.3.32/dlls/oleaut32/variant.c:982] in oleaut32 (0x0100e9b8) 6 0x7e2e2b0d request_send_and_receive+0x17c(request=<is not available>) [/home/ross/Downloads/wine-1.3.32/dlls/winhttp/request.c:2879] in winhttp (0x0100ea38) """
Thanks for the winetricks tip.
http://bugs.winehq.org/show_bug.cgi?id=29004
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |oleaut32
http://bugs.winehq.org/show_bug.cgi?id=29004
Hans Leidekker hans@meelstraat.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|oleaut32 |winhttp
--- Comment #5 from Hans Leidekker hans@meelstraat.net 2011-11-08 05:46:23 CST --- The crash in oleaut32 is a separate bug. It turns out that native winhttp has special treatment for string data; it will convert to utf-8 and set a content type header.
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #6 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-09 00:20:35 CST ---
It turns out that native winhttp has special treatment for string data; it will convert to utf-8 and set a content type header.
Right. Does this mean it's an easy fix?
Thanks
http://bugs.winehq.org/show_bug.cgi?id=29004
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |dank@kegel.com Ever Confirmed|0 |1
--- Comment #7 from Dan Kegel dank@kegel.com 2011-11-09 08:26:48 CST --- For Hans, maybe: http://www.winehq.org/pipermail/wine-patches/2011-November/108659.html http://www.winehq.org/pipermail/wine-patches/2011-November/108660.html http://www.winehq.org/pipermail/wine-patches/2011-November/108661.html
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #8 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-09 12:40:09 CST --- Thanks. I tried the patches and while they fix the crash happening, the behavior is still different.
Attached are two tcpdump logs, one from the builtin winhttp and another from the native winhttp.
As can be seen, the builtin winhttp has an additional "; charset=utf-8" in the content-type. More importantly, the content-lengths differ and the builtin winhttp does not appear to transmit the correct data.
There is a curious line in the builtin winhttp tcpdump: ".lB..?.TW.i.n.H.t.t.p.R.e.q.u.e.s.t...5.)...me=R....USE.H.o.s.t...all&Unique...." which looks like it may be sending data from a bad location in memory.
Cheers
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #9 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-09 12:40:30 CST --- Created attachment 37405 --> http://bugs.winehq.org/attachment.cgi?id=37405 builtin tcpdump
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #10 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-09 12:40:47 CST --- Created attachment 37406 --> http://bugs.winehq.org/attachment.cgi?id=37406 native tcpdump
http://bugs.winehq.org/show_bug.cgi?id=29004
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch CC| |adys.wh@gmail.com
--- Comment #11 from Jerome Leclanche adys.wh@gmail.com 2011-11-09 16:20:54 CST --- Two out of three patches committed.
82965248d141042ad712a2b6aedd80010ce8a12e 5d6425498695ca26791301f23af5f2ef95f1b07b
Can't mark fixed yet.
http://bugs.winehq.org/show_bug.cgi?id=29004
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |3c9d356bc44c208264c07e7d123 | |a62dfdc068255 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #12 from Austin English austinenglish@gmail.com 2011-11-14 13:46:30 CST --- (In reply to comment #11)
Two out of three patches committed.
82965248d141042ad712a2b6aedd80010ce8a12e 5d6425498695ca26791301f23af5f2ef95f1b07b
Can't mark fixed yet.
http://source.winehq.org/git/wine.git/commitdiff/3c9d356bc44c208264c07e7d123...
http://bugs.winehq.org/show_bug.cgi?id=29004
--- Comment #13 from Ross Lagerwall rosslagerwall@gmail.com 2011-11-15 01:04:58 CST --- Thanks for the fixes.
However, it unfortunately does not post the data correctly. I opened this as a new bug at http://bugs.winehq.org/show_bug.cgi?id=29093
Cheers
http://bugs.winehq.org/show_bug.cgi?id=29004
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #14 from Alexandre Julliard julliard@winehq.org 2011-11-18 13:04:05 CST --- Closing bugs fixed in 1.3.33.
-
wine-bugs@winehq.org