http://bugs.winehq.org/show_bug.cgi?id=29879
Bug #: 29879 Summary: Wine's help viewer crashes on a particular CHM file Product: Wine Version: 1.4-rc3 Platform: All OS/Version: All Status: UNCONFIRMED Severity: normal Priority: P2 Component: hhctrl.ocx AssignedTo: wine-bugs@winehq.org ReportedBy: t.artem@mailcity.com Classification: Unclassified
Specifically it crashes on nthelp.chm from Windows XP SP3 (English).
Since Wine developers shun files from Windows, I've uploaded it here: http://ompldr.org/vY3NwdQ
Unhandled exception: page fault on read access to 0x00000004 in 32-bit code (0x7eb18dc0). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:7eb18dc0 ESP:0033f110 EBP:0033f128 EFLAGS:00010202( R- -- I - - - ) EAX:0015bfa8 EBX:7eb35e08 ECX:7eb3b704 EDX:00000000 ESI:00154468 EDI:00000000 Stack dump: 0x0033f110: 000004d4 00000000 0033f168 7eb35e08 0x0033f120: 00154468 000004d4 0033f168 7eab62e3 0x0033f130: 000004d4 000004d4 00000000 00000000 0x0033f140: 00000000 00000018 00cc0020 00000168 0x0033f150: 00000018 000005a0 7eab61bb 7ed51ba4 0x0033f160: 0015bab0 00000000 0033f1f8 7ecbc291 Backtrace: =>0 0x7eb18dc0 AbortPath+0x20() in gdi32 (0x0033f128) 1 0x7eab62e3 DeleteDC+0x132() in gdi32 (0x0033f168) 2 0x7ecbc291 ImageList_Add+0x2b0() in comctl32 (0x0033f1f8) 3 0x7ecbc580 ImageList_AddMasked+0x1bf() in comctl32 (0x0033f278) 4 0x7ed123d4 TOOLBAR_AddBitmapToImageList.clone+0xe3() in comctl32 (0x0033f2d8) 5 0x7ed18423 TOOLBAR_AddBitmap+0xe2() in comctl32 (0x0033f348) 6 0x7ed1be4c ToolbarWindowProc+0x1d1b() in comctl32 (0x0033f4f8) 7 0x7ebfc58a WINPROC_wrapper+0x19() in user32 (0x0033f528) 8 0x7ebfccdc call_window_proc+0x5b() in user32 (0x0033f578) 9 0x7ebff1ad WINPROC_call_window+0x10c() in user32 (0x0033f5c8) 10 0x7ebbfd01 call_window_proc+0x90() in user32 (0x0033f638) 11 0x7ebc64f6 send_message+0x205() in user32 (0x0033f6b8) 12 0x7ebc696c SendMessageW+0x4b() in user32 (0x0033f708) 13 0x7ed976ef CreateViewer+0x50e() in hhctrl (0x0033fa68) 14 0x7ed9a208 CreateHelpViewer+0x97() in hhctrl (0x0033fa88) 15 0x7ed9a899 HtmlHelpW+0x218() in hhctrl (0x0033fcf8) 16 0x7ed9b035 doWinMain+0x1e4() in hhctrl (0x0033fd88) 17 0x7effe537 WinMain+0x46() in hh (0x0033fda8) 18 0x7effe68f main+0xae() in hh (0x0033fe28) 19 0x7effe5cc __wine_spec_exe_entry+0x7b() in hh (0x0033fe70) 20 0x7b85a08c call_process_entry+0xb() in kernel32 (0x0033fe88) 21 0x7b85b25f start_process+0x5e() in kernel32 (0x0033fec8) 22 0x7bc70fb0 call_thread_func_wrapper+0xb() in ntdll (0x0033fed8) 23 0x7bc739ed call_thread_func+0x7c() in ntdll (0x0033ffa8) 24 0x7bc70f8e call_thread_entry_point+0x11() in ntdll (0x0033ffc8) 25 0x7bc49efe start_process+0x1d() in ntdll (0x0033ffe8) 26 0xb76597cd wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000) 0x7eb18dc0 AbortPath+0x20 in gdi32: movl 0x4(%edx),%edi
http://bugs.winehq.org/show_bug.cgi?id=29879
Artem S. Tashkinov t.artem@mailcity.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |21013
http://bugs.winehq.org/show_bug.cgi?id=29879
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|hhctrl.ocx |-unknown
--- Comment #1 from Nikolay Sivov bunglehead@gmail.com 2012-02-13 03:39:51 CST --- Not necessary help control problem. Could you attach a backtrace with symbol info?
http://bugs.winehq.org/show_bug.cgi?id=29879
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Platform|All |Other OS/Version|All |other
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru 2012-02-13 03:42:13 CST --- Please always specify *your* platform when reporting a bug, not blanket 'All'.
http://bugs.winehq.org/show_bug.cgi?id=29879
Artem S. Tashkinov t.artem@mailcity.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |hhctrl.ocx Platform|Other |x86 OS/Version|other |Linux
--- Comment #3 from Artem S. Tashkinov t.artem@mailcity.com 2012-02-13 03:42:59 CST --- This bug is really weird. I've installed native GDI+ and comctl32 libraries and now backtrace looks this way:
fixme:ieframe:PersistStorage_InitNew (0x154160)->(0x7edafebc) Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0xb75b4e93). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:b75b4e93 ESP:0033e568 EBP:0033e5a8 EFLAGS:00010287( R- -- I S - -P-C) EAX:0033e6ad EBX:b75b4e90 ECX:4f44213c EDX:0000002d ESI:0033f694 EDI:0000002d Stack dump: 0x0033e568: 7eda527c 7ed9ca9f 00000000 0033e680 0x0033e578: 0000002d 0000002d 00000002 00155278 0x0033e588: 7bca5c2c 0033e680 00000010 0033e5a8 0x0033e598: 7bc45136 7eda527c 0000002d 0033e67c 0x0033e5a8: 0033e5f8 7ed9cbb4 0000002d 0033e680 0x0033e5b8: 00001000 0033f680 7ebff580 7cf9e558 Backtrace: =>0 0xb75b4e93 __memcpy_ssse3+0xc23() in libc.so.6 (0x0033e5a8) 1 0x7ed9ca9f strbuf_append+0x3e() in hhctrl (0x0033e5a8) 2 0x7ed9cbb4 stream_chr+0xc3() in hhctrl (0x0033e5f8) 3 0x7ed9cdd9 next_node+0x58() in hhctrl (0x0033e628) 4 0x7ed9602d parse_hhc+0xcc() in hhctrl (0x0033f6b8) 5 0x7ed961a4 InitContent+0xa3() in hhctrl (0x0033f708) 6 0x7ed98d84 CreateViewer+0x1ba3() in hhctrl (0x0033fa68) 7 0x7ed9a208 CreateHelpViewer+0x97() in hhctrl (0x0033fa88) 8 0x7ed9a899 HtmlHelpW+0x218() in hhctrl (0x0033fcf8) 9 0x7ed9b035 doWinMain+0x1e4() in hhctrl (0x0033fd88) 10 0x7effe537 WinMain+0x46() in hh (0x0033fda8) 11 0x7effe68f main+0xae() in hh (0x0033fe28) 12 0x7effe5cc __wine_spec_exe_entry+0x7b() in hh (0x0033fe70) 13 0x7b85a08c call_process_entry+0xb() in kernel32 (0x0033fe88) 14 0x7b85b25f start_process+0x5e() in kernel32 (0x0033fec8) 15 0x7bc70fb0 call_thread_func_wrapper+0xb() in ntdll (0x0033fed8) 16 0x7bc739ed call_thread_func+0x7c() in ntdll (0x0033ffa8) 17 0x7bc70f8e call_thread_entry_point+0x11() in ntdll (0x0033ffc8) 18 0x7bc49efe start_process+0x1d() in ntdll (0x0033ffe8) 19 0xb76617cd wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000) 0xb75b4e93 __memcpy_ssse3+0xc23 in libc.so.6: movl %ecx,0xffffffd3(%edx)
I'm removing hhctrl.ocx as a faulty component because I've no idea what is crashing here.
http://bugs.winehq.org/show_bug.cgi?id=29879
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|hhctrl.ocx |-unknown
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com 2012-02-13 03:48:54 CST --- (In reply to comment #3)
This bug is really weird. I've installed native GDI+ and comctl32 libraries and now backtrace looks this way:
That's the reason not to report bugs with lot of native modules.
This one is a about a crash in gdi32 that could be serious thing, could you attach requested backtrace?
http://bugs.winehq.org/show_bug.cgi?id=29879
--- Comment #5 from Artem S. Tashkinov t.artem@mailcity.com 2012-02-13 03:51:42 CST --- Created attachment 38850 --> http://bugs.winehq.org/attachment.cgi?id=38850 backtrace with symbol info
As requested.
http://bugs.winehq.org/show_bug.cgi?id=29879
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |gdi32
--- Comment #6 from Nikolay Sivov bunglehead@gmail.com 2012-02-13 04:01:19 CST --- So it crashes when tries to find a driver it seems, let's move it to gdi32 for now.
http://bugs.winehq.org/show_bug.cgi?id=29879
Erich Hoover ehoover@mines.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ehoover@mines.edu
--- Comment #7 from Erich Hoover ehoover@mines.edu 2012-02-13 13:35:39 CST --- (In reply to comment #6)
So it crashes when tries to find a driver it seems, let's move it to gdi32 for now.
It looks like it's a heap bug, if you run with "warn+heap" it'll load the file and indicate an overflow: err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x12dac0 tail overwritten at 0x12dacb (byte 0/21 == 0x00)
http://bugs.winehq.org/show_bug.cgi?id=29879
Artem S. Tashkinov t.artem@mailcity.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks|21013 |
--- Comment #8 from Artem S. Tashkinov t.artem@mailcity.com 2012-02-13 13:42:02 CST --- Removing the dependency, as it's a totally different issue (possibly GDI32 related).
http://bugs.winehq.org/show_bug.cgi?id=29879
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Fixed by SHA1| |8e1dbebdb0e7b834fad53b4ea3d | |3cd349c34fbec Status|UNCONFIRMED |RESOLVED Component|gdi32 |hhctrl.ocx Resolution| |FIXED Regression SHA1| |4c908dd8dae7092734be67514d3 | |aec1c79096f9a
--- Comment #9 from Alexandre Julliard julliard@winehq.org 2012-02-13 13:49:20 CST --- Fixed by 8e1dbebdb0e7b834fad53b4ea3d3cd349c34fbec.
http://bugs.winehq.org/show_bug.cgi?id=29879
--- Comment #10 from Erich Hoover ehoover@mines.edu 2012-02-13 14:01:49 CST --- (In reply to comment #9)
Fixed by 8e1dbebdb0e7b834fad53b4ea3d3cd349c34fbec.
Wow, that was fast. Sorry about that!
http://bugs.winehq.org/show_bug.cgi?id=29879
--- Comment #11 from Artem S. Tashkinov t.artem@mailcity.com 2012-02-13 14:09:40 CST --- (In reply to comment #9)
Fixed by 8e1dbebdb0e7b834fad53b4ea3d3cd349c34fbec.
Thanks, that was speedy.
http://bugs.winehq.org/show_bug.cgi?id=29879
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #12 from Alexandre Julliard julliard@winehq.org 2012-02-17 13:50:33 CST --- Closing bugs fixed in 1.4-rc4.
-
wine-bugs@winehq.org