http://bugs.winehq.org/show_bug.cgi?id=16808
Summary: Password Safe crashes with page fault when renaming entries Product: Wine Version: 1.1.12 Platform: PC-x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: eluminex@gmail.com
Created an attachment (id=18496) --> (http://bugs.winehq.org/attachment.cgi?id=18496) Backtrace of the page fault
Most of the time (not always) Password Safe will crash with a page fault when I press enter after entering renaming mode. The error seems to happen only if I enter renaming (Right Click->Rename Entry) without actually changing the name, and then pressing Enter to confirm. This is where the app crashes. It happens in almost all cases. Once in a while it doesn't crash though seldom.
If you cannot reproduce the error try restarting Password Safe and enter renaming mode again. Password Safe was installed with default settings. Here is the database hierarchy I used (passwords are just random as with name):
Random - fdf (asds) - tster1 (asds)
The version I tested is 3.15.01 (newest as of writing). Backtrace is attached.
Running Ubuntu 8.10 (x64) w. wine32
http://bugs.winehq.org/show_bug.cgi?id=16808
Ole Rasmussen eluminex@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |normal
http://bugs.winehq.org/show_bug.cgi?id=16808
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #18496|application/octet-stream |text/plain mime type| | Attachment #18496|bktrace |backtrace.txt filename| |
--- Comment #1 from Austin English austinenglish@gmail.com 2009-01-05 09:49:41 --- (From update of attachment 18496) Please use .txt extension.
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #2 from Austin English austinenglish@gmail.com 2009-01-05 09:50:19 --- Is this the program? http://passwordsafe.sourceforge.net/
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #3 from Ole Rasmussen eluminex@gmail.com 2009-01-05 10:43:50 --- (In reply to comment #2)
Is this the program? http://passwordsafe.sourceforge.net/
Yes that's the program. Sorry forgot about the txt.
http://bugs.winehq.org/show_bug.cgi?id=16808
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://passwordsafe.sourcefo | |rge.net/ Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=16808
Jeff Zaroyko jeffz@jeffz.name changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #4 from Jeff Zaroyko jeffz@jeffz.name 2009-01-13 18:22:18 --- confirming
http://bugs.winehq.org/show_bug.cgi?id=16808
Niko Sandschneider nsandschn@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nsandschn@gmx.de
--- Comment #5 from Niko Sandschneider nsandschn@gmx.de 2010-03-20 07:08:27 --- Still present in wine 1.1.41 and Password Safe 3.15.01 (the original reported version). The newest version 3.21 still crashes when renaming entries, but the crash is caught by the app itself. It pops up a window with a message "Sorry, but Password Safe has had a problem" and the option to report the bug including some diagnostic information. When I close this window, Password Safe exits.
http://bugs.winehq.org/show_bug.cgi?id=16808
Ole Rasmussen olerass@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://passwordsafe.sourcef |http://sourceforge.net/proj |orge.net/ |ects/passwordsafe/files/pas | |swordsafe/3.15.1/pwsafe-3.1 | |5.1.exe/download
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #6 from GyB gyebro69@gmail.com 2012-02-23 12:08:04 CST --- Created attachment 39028 --> http://bugs.winehq.org/attachment.cgi?id=39028 backtrace (wine-1.4-rc4-56-gf79004c)
Still present as of wine-1.4-rc4-56-gf79004c. I tested with application versions 3.15.1 and 3.28 (the latest version to date).
'winetricks comctl32' is a workaround (adjusting component field).
http://bugs.winehq.org/show_bug.cgi?id=16808
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com Component|-unknown |comctl32
http://bugs.winehq.org/show_bug.cgi?id=16808
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |source CC| |00cpxxx@gmail.com
--- Comment #7 from Bruno Jesus 00cpxxx@gmail.com 2012-03-14 22:12:20 CDT --- It looks like the application uses wxWidgets so it's harder to track through the source code.
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #8 from Hugh Hyatt ps4zrabk8p@snkmail.com 2013-05-20 08:34:37 CDT --- Created attachment 44507 --> http://bugs.winehq.org/attachment.cgi?id=44507 Backtrace
I think this is another occurrence of the same problem described in Bug 16808.
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #9 from Nikolay Sivov bunglehead@gmail.com 2013-05-20 10:52:35 CDT --- Hm, with current wine (head commit d29f6c4) I'm unable to reproduce a crash I'm afraid. It shows a message box saying that such item already exists. Message box text is broken though - it doesn't show item name properly, all I can see is a line of placeholder glyphs in place of a name in message template. Can anyone confirm?
http://bugs.winehq.org/show_bug.cgi?id=16808
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://sourceforge.net/proj |http://sourceforge.net/proj |ects/passwordsafe/files/pas |ects/passwordsafe/files/pas |swordsafe/3.15.1/pwsafe-3.1 |swordsafe/3.1x/3.15/ |5.1.exe/download |
--- Comment #10 from Bruno Jesus 00cpxxx@gmail.com 2013-05-20 21:12:29 CDT --- I still have the crash described in comment 5. To reproduce it's important to add an entry inside a group and the entry must have title + user name. Then try renaming the entry to a single word destroying the format "title [username]". If you rename keeping the format it will not crash. This crash does not happen in Xp, tested version 3.21.
http://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #11 from Nikolay Sivov bunglehead@gmail.com 2013-06-07 02:36:16 CDT --- Yeah, I can see it now. Basically it's enough to just remove both square brackets, removing one bracket works fine.
https://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #12 from Bruno Jesus 00cpxxx@gmail.com --- Still in wine 1.9.6, winetricks comctl32 is still a workaround.
https://bugs.winehq.org/show_bug.cgi?id=16808
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
--- Comment #13 from Fabian Maurer dark.shadow4@web.de --- Tested with wine2.0rc5 and didn't get a backtrace. "winedbg: Internal crash at 0x7ecdcc7b" Can someone confirm?
https://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #14 from Fabian Maurer dark.shadow4@web.de --- As of wine-2.15 this issue is still valid, I too now get a crash as reported.
https://bugs.winehq.org/show_bug.cgi?id=16808
Zhiyi Zhang zzhang@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |zzhang@codeweavers.com
--- Comment #15 from Zhiyi Zhang zzhang@codeweavers.com --- Still in wine-3.5-91-g3263d51a1f
https://bugs.winehq.org/show_bug.cgi?id=16808
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=16808
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |damjan.jov@gmail.com
--- Comment #16 from Damjan Jovanovic damjan.jov@gmail.com --- (In reply to Bruno Jesus from comment #7)
It looks like the application uses wxWidgets so it's harder to track through the source code.
* (HEAD detached at svn-tag-V3_15_1) b02b8096e tag 3.15.01 release (retroactive)
The code for the version reported clearly uses MFC. There's no trace of wxWidgets there (yet anyway).
https://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #17 from Damjan Jovanovic damjan.jov@gmail.com --- Created attachment 65618 --> https://bugs.winehq.org/attachment.cgi?id=65618 treeview callback logging
Crash still happens on latest Git.
Code for the Password Safe version reported can be retrieved with:
git clone https://git.code.sf.net/p/passwordsafe/git-code git checkout svn-tag-V3_15_1
By examining the code for the rename functions, I narrowed it down to the file PWTreeCtrl.cpp. There we see this:
BEGIN_MESSAGE_MAP(CPWTreeCtrl, CTreeCtrl) //{{AFX_MSG_MAP(CPWTreeCtrl) ON_NOTIFY_REFLECT(TVN_BEGINLABELEDIT, OnBeginLabelEdit) ON_NOTIFY_REFLECT(TVN_ENDLABELEDIT, OnEndLabelEdit) ON_NOTIFY_REFLECT(TVN_BEGINDRAG, OnBeginDrag) ON_NOTIFY_REFLECT(TVN_BEGINRDRAG, OnBeginDrag) ON_NOTIFY_REFLECT(TVN_ITEMEXPANDED, OnExpandCollapse) ON_NOTIFY_REFLECT(TVN_SELCHANGED, OnTreeItemSelected) ON_MESSAGE(WM_MOUSELEAVE, OnMouseLeave) ON_WM_DESTROY() ON_WM_TIMER() ON_WM_MOUSEMOVE() ON_WM_ERASEBKGND() //}}AFX_MSG_MAP END_MESSAGE_MAP()
The attached patch logs those callbacks from Wine into the application.
https://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #18 from Damjan Jovanovic damjan.jov@gmail.com --- The last thing logged before the crash is:
0009:fixme:treeview:TREEVIEW_EndEditLabelNow TREEVIEW_EndLabelEditNow in with no corresponding "out" logged.
That calls the TVN_ENDLABELEDITW callback, which goes to: ON_NOTIFY_REFLECT(TVN_ENDLABELEDIT, OnEndLabelEdit)
which is this method: void CPWTreeCtrl::OnEndLabelEdit(LPNMHDR pnmhdr, LRESULT *pLResult)
In a +relay trace we see that execution re-enters comctrl32, calling TVM_SETITEMW and TVM_GETITEMW some time before crashing. That presumably comes from lines 626-628 in that method:
SetItem(&ptvinfo->item); if (IsLeaf(ptvinfo->item.hItem)) { DWORD_PTR itemData = GetItemData(ti);
Both return successfully, so the crash is somewhere later. The method is pretty long and calls other methods.
It's a pity the application is so difficult to compile.
https://bugs.winehq.org/show_bug.cgi?id=16808
--- Comment #19 from Damjan Jovanovic damjan.jov@gmail.com --- Patch sent: https://source.winehq.org/patches/data/173272
The problem is:
comctl32: cchTextMax in TVN_ENDLABELEDIT should be the full buffer size
In Password Safe, when the user edits a tree view label, and removes brackets, the application wants to restore the original, longer string. It does this by editing pszText within the TVITEM. It determines the length of the buffer from cchTextMax. Windows passes 260 and all is well. Wine passes strlenW(pszText)+1, which is of minimal length, and trying to copy a longer string into it causes the MSVC runtime to falsely detect a buffer overflow and raise an exception, crashing the application.
Let's pass 260 like Windows.
https://bugs.winehq.org/show_bug.cgi?id=16808
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED Fixed by SHA1| |80bd7fdd5629a89dec7ee5e14a0 | |5c2ff512301c4
--- Comment #20 from Damjan Jovanovic damjan.jov@gmail.com --- Patches committed, resolving fixed.
Last commit id in the patch set was 80bd7fdd5629a89dec7ee5e14a05c2ff512301c4
Thank you for your bug report!
https://bugs.winehq.org/show_bug.cgi?id=16808
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #21 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.20.
https://bugs.winehq.org/show_bug.cgi?id=16808
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x
https://bugs.winehq.org/show_bug.cgi?id=16808
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |---
--- Comment #22 from Michael Stefaniuc mstefani@winehq.org --- Removing the 4.0.x milestone from bug fixes included in 4.0.4.
-
wine-bugs@winehq.org -
WineHQ Bugzilla