[Bug 37005] New: Serif WebPlus Starter Edition crashes on startup (wincodecs:BitmapEncoderInfo_GetFileExtensions)

List overview All Threads

newer

older

[Bug 52070] New: error messages...

[Bug 52121] New: Smaller fixes to...

wine-bugs＠winehq.org

31 Jul 2014 31 Jul '14

12:32 a.m.

https://bugs.winehq.org/show_bug.cgi?id=37005

Bug ID: 37005 Summary: Serif WebPlus Starter Edition crashes on startup (wincodecs:BitmapEncoderInfo_GetFileExtensions) Product: Wine Version: 1.7.23 Hardware: x86 URL: http://download.cnet.com/Serif-WebPlus-Starter-Edition /3000-10248_4-75558786.html OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: windowscodecs Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com

Created attachment 49163 --> https://bugs.winehq.org/attachment.cgi?id=49163 WINEDEBUG=relay,seh,tid,wincodecs

Installing the application works fine. Note you'll need winetricks mfc42 vcrun2008 (bug 35286)

starting the application, however, quickly fails: austin@aw25 ~/.wine/drive_c/Program Files/Serif/WebPlus Starter Edition/3.0/Program $ wine WebPlus\ Starter\ Edition.exe fixme:msg:ChangeWindowMessageFilter 323 00000001 fixme:msg:ChangeWindowMessageFilter 326 00000001 fixme:system:SetProcessDPIAware stub! fixme:wincodecs:BitmapEncoderInfo_GetFileExtensions (0x1d37b0,1024,0x33f238,0x33ea0c): stub wine: Unhandled exception 0xc0000409 in thread 41 at address 0x2223ddf5 (thread 0041), starting debugger...

winetricks windowscodecs lets it start.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

31 Jul 31 Jul

12:32 a.m.

New subject: [Bug 37005] Serif WebPlus Starter Edition crashes on startup (wincodecs:BitmapEncoderInfo_GetFileExtensions)

https://bugs.winehq.org/show_bug.cgi?id=37005

--- Comment #1 from Austin English austinenglish@gmail.com --- austin@aw25 ~ $ sha1sum ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe e5be6c7ee01928fa1a6114d8dded8b6696ad2e7f ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe austin@aw25 ~ $ du -h ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe 134M ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe austin@aw25 ~ $ wine --version wine-1.7.23-33-gc654b7b

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:07 p.m.

New subject: [Bug 37005] Serif WebPlus Starter Edition crashes on startup (IPropertyBag2::GetPropertyInfo returns more properties than the caller requested, leading to stack smashing)

https://bugs.winehq.org/show_bug.cgi?id=37005

Anastasius Focht focht@gmx.net changed:

--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

The problem is not related to any stubs.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Serif/WebPlus/X5/Program

$ WINEDEBUG=+tid,+seh,+relay,+wincodecs wine ./WebPlus.exe >>log.txt 2>&1 ... 002c:Call PE DLL (proc=0x222c7d7f,module=0x22200000 L"SerifImgU.dll",reason=PROCESS_ATTACH,res=0x1) ... 002c:trace:wincodecs:BitmapEncoderInfo_CreateInstance (0x19e690,0x33e918) ... 002c:trace:wincodecs:TiffEncoder_CreateInstance ({00000103-a8f2-4877-ba0a-fd2b6645fb94},0x33e918) ... 002c:Ret ole32.CoCreateInstance() retval=00000000 ret=7ce95c5a ... 002c:trace:wincodecs:TiffEncoder_Initialize (0x3b5a0f0,0x1ff7f48,2) ... 002c:trace:wincodecs:TiffEncoder_CreateNewFrame (0x3b5a0f0,0x33e91c,0x33e920) ... 002c:trace:wincodecs:PropertyBag_Write (0x1a1a10,1,0x33e840,0x33e880) ... 002c:trace:wincodecs:BitmapEncoderInfo_GetPixelFormats (0x19e690,0,(nil),0x33e924) ... 002c:trace:wincodecs:BitmapEncoderInfo_GetPixelFormats (0x19e690,9,0x1ff8590,0x33e924) ... 002c:trace:wincodecs:PropertyBag_CountProperties (0x1a1a10,0x33e938) 002c:trace:wincodecs:PropertyBag_GetPropertyInfo (0x1a1a10,0,1,0x33e958,0x33e954) ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"InterlaceOption",03b591f0 L"TiffCompressionMethod") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=fffffff5 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"ImageQuality",03b591f0 L"TiffCompressionMethod") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=fffffff5 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"UseCodecOptions",03b591f0 L"TiffCompressionMethod") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000001 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"TiffCompressionMethod",03b591f0 L"TiffCompressionMethod") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000000 ret=78a679c1 ... 002c:trace:wincodecs:PropertyBag_GetPropertyInfo (0x1a1a10,1,1,0x33e958,0x33e954) ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"InterlaceOption",03b59258 L"CompressionQuality") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000006 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"ImageQuality",03b59258 L"CompressionQuality") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000006 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"UseCodecOptions",03b59258 L"CompressionQuality") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000012 ret=78a679c1 ... 002c:Call msvcr90._wcsicmp(01ff85a0 L"TiffCompressionMethod",03b59258 L"CompressionQuality") ret=78a679c1 002c:Ret msvcr90._wcsicmp() retval=00000011 ret=78a679c1 ... 002c:trace:wincodecs:TiffFrameEncode_Release (0x3b591b0) refcount=0 002c:trace:wincodecs:TiffEncoder_Release (0x3b5a0f0) refcount=1 ... 002c:trace:wincodecs:TiffEncoder_Release (0x3b5a0f0) refcount=0 ... 002c:trace:wincodecs:PropertyBag_Release (0x1a1a10) refcount=0 ... 002c:Call KERNEL32.IsDebuggerPresent() ret=222c7f93 002c:Ret KERNEL32.IsDebuggerPresent() retval=00000000 ret=222c7f93 002c:Call KERNEL32.RaiseException(80000100,00000001,00000002,0033e5b8) ret=7e790d71 002c:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b83ae8f ip=7b83ae8f tid=002c 002c:trace:seh:raise_exception info[0]=7e7911a0 002c:trace:seh:raise_exception info[1]=7e791700 wine: Call from 0x7b83ae8f to unimplemented function msvcr90.dll._crt_debugger_hook, aborting 002c:err:seh:raise_exception Exception frame is not in stack limits => unable to dispatch exception. --- snip ---

What's not visible through tracing: the debugger hook is invoked because a stack smashing is detected (canary/cookie destroyed).

--- snip --- 2223DBB5 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C] 2223DBB9 8B08 MOV ECX,DWORD PTR DS:[EAX] 2223DBBB 8D5424 50 LEA EDX,DWORD PTR SS:[ESP+50] 2223DBBF 52 PUSH EDX 2223DBC0 8D5424 58 LEA EDX,DWORD PTR SS:[ESP+58] 2223DBC4 52 PUSH EDX 2223DBC5 6A 01 PUSH 1 2223DBC7 57 PUSH EDI 2223DBC8 50 PUSH EAX 2223DBC9 8B41 18 MOV EAX,DWORD PTR DS:[ECX+18] 2223DBCC FFD0 CALL EAX ; PropertyBag_GetPropertyInfo --- snip ---

Argument stack before the call:

--- snip --- 0033E8F0 03B30528 ; IPropertyBag2 *iface 0033E8F4 00000000 ; ULONG iProperty 0033E8F8 00000001 ; ULONG cProperties 0033E8FC 0033E958 ; PROPBAG2 *pPropBag 0033E900 0033E954 ; ULONG *pcProperties ... 0033E954 78A336C3 ; cProperties (out) 0033E958 6FDDC324 ; PROPBAG2 PropBag (out) 0033E95C 4BFE4E03 0033E960 773D85B1 0033E964 1CC98D76 0033E968 01FFD730 0033E96C 78C3DF60 0033E970 0033E988 0033E974 78A33793 0033E978 78A3379D 0033E97C A855F990 ; stack cookie 0033E980 0033FA40 --- snip ---

After the call:

--- snip --- ... 0033E954 00000002 ; cProperties (out) 0033E958 00000001 ; PROPBAG2 PropBag (out) 0033E95C 00000011 0033E960 00000001 0033E964 03B360B0 ; UNICODE "TiffCompressionMethod" 0033E968 00000000 0033E96C 00000000 0033E970 00000000 0033E974 00000000 0033E978 00000001 0033E97C 00000004 ; destroyed stack cookie 0033E980 00000002 --- snip ---

Source: http://source.winehq.org/git/wine.git/blob/2ee3e8073fe5b5adc2b48f382eec50c21...

--- snip --- 237 static HRESULT WINAPI PropertyBag_GetPropertyInfo(IPropertyBag2 *iface, ULONG iProperty, 238 ULONG cProperties, PROPBAG2 *pPropBag, ULONG *pcProperties) 239 { 240 HRESULT res = S_OK; 241 ULONG i; 242 PropertyBag *This = impl_from_IPropertyBag2(iface); 243 244 TRACE("(%p,%u,%u,%p,%p)\n", iface, iProperty, cProperties, pPropBag, pcProperties); 245 246 if (iProperty >= This->prop_count && iProperty > 0) 247 return WINCODEC_ERR_VALUEOUTOFRANGE; 248 if (iProperty+cProperties > This->prop_count ) 249 return WINCODEC_ERR_VALUEOUTOFRANGE; 250 251 *pcProperties = max(cProperties, This->prop_count-iProperty); 252 253 for (i=0; i < *pcProperties; i++) 254 { 255 res = copy_propbag2(pPropBag+i, This->properties+iProperty+i, TRUE); 256 if (FAILED(res)) 257 { 258 do { 259 CoTaskMemFree( pPropBag[--i].pstrName ); 260 } while (i); 261 break; 262 } 263 } 264 265 return res; 266 } --- snip ---

Line 251 is obviously wrong. You can't return/fill more properties than the caller requested hence the stack smasher.

$ wine --version wine-1.7.23-33-gc654b7b

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

7 Aug 7 Aug

9:13 p.m.

New subject: [Bug 37005] Serif WebPlus Starter Edition crashes on startup (IPropertyBag2::GetPropertyInfo returns more properties than the caller requested, leading to stack smashing)

https://bugs.winehq.org/show_bug.cgi?id=37005

Anastasius Focht focht@gmx.net changed:

--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,

this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/23988fef9cfc0c91d2770f66786...

Thanks Michael

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8 Aug 8 Aug

8:29 p.m.

New subject: [Bug 37005] Serif WebPlus Starter Edition crashes on startup (IPropertyBag2::GetPropertyInfo returns more properties than the caller requested, leading to stack smashing)

https://bugs.winehq.org/show_bug.cgi?id=37005

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.24.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

27 Nov 27 Nov

12:31 p.m.

New subject: [Bug 37005] Serif WebPlus Starter Edition crashes on startup (IPropertyBag2::GetPropertyInfo returns more properties than the caller requested, leading to stack smashing)

https://bugs.winehq.org/show_bug.cgi?id=37005

Anastasius Focht focht@gmx.net changed:

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,

adding stable download link via Internet Archive for documentation.

Unfortunately it turns out being an ugly CDN link:

https://web.archive.org/web/20211127120619/https://prod.downloadnow.com/s/12...

I'm putting a short version into URL field to have Bugzilla search filters work properly ("bug has archive.org snapshot"). The full working link is here with my comment.

https://www.virustotal.com/gui/file/3a7e20cdb59a2e0f967835fb4877af3e3d662b9f...

$ sha1sum ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe e5be6c7ee01928fa1a6114d8dded8b6696ad2e7f ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe

$ du -sh ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe 134M ESDPK-WLX5U-DWN12-WebPlusStarterEdition_Setup.exe

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1223

Age (days ago)

3899

Last active (days ago)

wine-bugs@winehq.org

5 comments

2 participants

tags (0)

participants (2)

wine-bugs＠winehq.org
WineHQ Bugzilla