https://bugs.winehq.org/show_bug.cgi?id=36758
Bug ID: 36758 Summary: Adobe Creative Cloud Setup crashes very early in windows 7 mode Product: Wine Version: 1.7.20 Hardware: x86 URL: https://ccmdls.adobe.com/AdobeProducts/ILST/17/win32/A AMmetadataLS20/CreativeCloudSet-Up.exe OS: Linux Status: NEW Keywords: download, Installer Severity: normal Priority: P2 Component: msxml3 Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com
Created attachment 48812 --> https://bugs.winehq.org/attachment.cgi?id=48812 relay,seh,tid,msxml
I wanted to test bug 28479, so I tried Adobe Illustrator. The adobe website won't let you download under Linux Chrome/Firefox, but Firefox under Wine works (if you run in win7 mode. In xp, it tells you that Adobe no longer supports the operating system).
Trying to install under winxp mode fails, so I tried win7 (no other changes, 32-bit prefix). Very quickly crashed:
Backtrace: =>0 0x7da85cbb node_insert_before+0x1fb(This=0x164800, new_child=0x1522c8, ref_child=0x7fe6c0, ret=0x7fe7c8) [/home/austin/wine-git/dlls/msxml3/../../include/msxml6.h:1733] in msxml3 (0x007fe688) 1 0x7da6ab5a domelem_insertBefore+0xc9(iface=<couldn't compute location>, newNode=<couldn't compute location>, refChild={n1={n2={vt=0, wReserved1=0x7dad, wReserved2=0x6008, wReserved3=0x16, n3={cVal=-104, uiVal=0xe798, ulVal=0x7fe798, intVal=0x7fe798, uintVal=0x7fe798, bVal=-104, iVal=0xffffe798, lVal=0x7fe798, fltVal=0.000000, dblVal=1859298639392996210870421805017785035968781486115650566217455192038109727765211832390318882733954256552973599870182013845511593275178033793671134739550254788892387423787817576629618565205251330958165590449085282054386014533309249324619860225252311250620663737273560648579294494978177977729440284672.000000, boolVal=0xffffe798, scode=0x7fe798, date=1859298639392996210870421805017785035968781486115650566217455192038109727765211832390318882733954256552973599870182013845511593275178033793671134739550254788892387423787817576629618565205251330958165590449085282054386014533309249324619860225252311250620663737273560648579294494978177977729440284672.000000, bstrVal="????????K????", cyVal={={Lo=0x7fe798, Hi=0x7da6be6b}, int64=0x7da6be6b007fe798}, punkVal=0x7fe798, pdispVal=0x7fe798, parray=0x7fe798, llVal=0x7da6be6b007fe798, ullVal=0x7da6be6b007fe798, pcVal="╪τ", puiVal="????????K????", pulVal=0x7fe798, pintVal=0x7fe798, puintVal=0x7fe798, pbVal="╪τ", piVal=0x7fe798, plVal=0x7fe798, pfltVal=0x7fe798, pdblVal=0x7fe798, pboolVal=0x7fe798, pscode=0x7fe798, pdate=0x7fe798, pbstrVal=0x7fe798, pvarVal=0x7fe798, byref=0x7fe798, pcyVal=0x7fe798, pdecVal=0x7fe798, ppunkVal=0x7fe798, ppdispVal=0x7fe798, pparray=0x7fe798, pllVal=0x7fe798, pullVal=0x7fe798, brecVal={pvRecord=0x7fe798, pRecInfo=0x7da6be6b}}}, decVal={wReserved=0, ={={scale=-83, sign='}'}, signscale=0x7dad}, Hi32=0x166008, ={={Lo32=0x7fe798, Mid32=0x7da6be6b}, Lo64=0x7da6be6b007fe798}}}}, old_node=<couldn't compute location>) [/home/austin/wine-git/dlls/msxml3/element.c:325] in msxml3 (0x007fe6f8) 2 0x7da86413 node_append_child+0x92(This=0x164800, child=0x1522c8, outChild=0x7fe7c8) [/home/austin/wine-git/dlls/msxml3/../../include/msxml6.h:1727] in msxml3 (0x007fe778) 3 0x7da6a975 domelem_appendChild+0x74(iface=0x164818, child=0x1522c8, outChild=0x7fe7c8) [/home/austin/wine-git/dlls/msxml3/element.c:357] in msxml3 (0x007fe7ac)
austin@aw25 ~ $ wine --version wine-1.7.20-62-g0b30276 austin@aw25 ~ $ sha1sum CreativeCloudSet-Up.exe 5439e86c0378a2d0debaa071259cc741762e5374 CreativeCloudSet-Up.exe austin@aw25 ~ $ du -h CreativeCloudSet-Up.exe 3.0M CreativeCloudSet-Up.exe austin@aw25 ~ $
https://bugs.winehq.org/show_bug.cgi?id=36758
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |36769
https://bugs.winehq.org/show_bug.cgi?id=36758
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello Austin,
I can't reproduce this, the bootstrapper installer runs fine here in 'Windows 7' mode.
I compared the relay outputs up to the crash location and it looks pretty much the same.
Yours:
--- snip --- ... 0036:trace:msxml:domdoc_loadXML (0x17daf8)->(L"<application>\r\n\t<name>CCLBS</name>\r\n\t<platform>win32</platform>\r\n\t<version>2.6.0.393</version>\r\n\t<releaseNotesUrl/>\r\n\t<packageSets>\r\n\t\t<packageSet>\r\n\t\t\t<name>CCLBS</name>\r\n\t\t\t<installPath>[PROGRAMFILES]\Adobe\Adobe Creative Cloud</installPath>\r\n\t\t\t<sequenceNumber>1"... 0x7fe7c4) 0036:trace:msxml:domdoc_loadXML parsed document 0x7da06098 ... 0036:trace:msxml:domdoc_AddRef (0x17daf8)->(2) 0036:trace:msxml:domdoc_Release (0x17daf8)->(1) 0036:trace:msxml:domdoc_get_documentElement (0x17daf8)->(0x7fe7f4) 0036:trace:msxml:create_node type 1 0036:Call ntdll.RtlAllocateHeap(00110000,00000000,00000020) ret=7dd06b74 0036:Ret ntdll.RtlAllocateHeap() retval=001786a0 ret=7dd06b74 0036:trace:msxml:xmldoc_add_refs (0x7da06098)->(2) 0036:trace:msxml:domelem_QueryInterface (0x1786a0)->({2933bf80-7b36-11d2-b20e-00c04f983e60} 0x7fe77c) 0036:trace:msxml:domelem_AddRef (0x1786a0)->(2) 0036:trace:msxml:domelem_Release (0x1786a0)->(1) 0036:trace:msxml:domelem_QueryInterface (0x1786a0)->({2933bf86-7b36-11d2-b20e-00c04f983e60} 0x7fe7f4) 0036:trace:msxml:domelem_AddRef (0x1786a0)->(2) 0036:trace:msxml:domelem_Release (0x1786a0)->(1) 0036:trace:msxml:domelem_AddRef (0x1786a0)->(2) 0036:trace:msxml:domelem_Release (0x1786a0)->(1) 0036:trace:msxml:domelem_AddRef (0x1786a0)->(2) 0036:trace:msxml:domelem_AddRef (0x162b88)->(2) 0036:trace:msxml:domelem_appendChild (0x1786a0)->(0x162ba0 0x7fe7c8) 0036:trace:msxml:domelem_get_nodeType (0x162b88)->(0x7fe73c) 0036:Call oleaut32.VariantInit(007fe740) ret=7dd1e3c9 0036:Ret oleaut32.VariantInit() retval=00000000 ret=7dd1e3c9 0036:trace:msxml:domelem_insertBefore (0x1786a0)->(0x162ba0 {VT_EMPTY} 0x7fe7c8) 0036:trace:msxml:domelem_get_nodeType (0x162b88)->(0x7fe6dc) 0036:trace:msxml:domelem_insertBefore new node type 1 0036:trace:msxml:domelem_QueryInterface (0x162b88)->({4f2f4ba2-b822-11df-8b8a-6850dfd72085} 0x7fe61c) 0036:trace:msxml:node_query_interface (0x162b88)->(IID_xmlnode 0x7fe61c) 0036:trace:msxml:node_insert_before new child 0x7da06190, This->node 0x7da49440 0036:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7dd1dcbb ip=7dd1dcbb tid=0036 0036:trace:seh:raise_exception info[0]=00000000 0036:trace:seh:raise_exception info[1]=00000050 0036:trace:seh:raise_exception eax=0017d4c8 ebx=7dd77000 ecx=00162ba0 edx=00000000 esi=00162b88 edi=7da06190 0036:trace:seh:raise_exception ebp=007fe688 esp=007fe630 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0036:trace:seh:call_stack_handlers calling handler at 0x50d4d0 code=c0000005 flags=0 --- snip ---
Mine:
--- snip --- ... 0024:trace:msxml:domdoc_loadXML (0xd17760)->(L"<application>\r\n\t<name>CCLBS</name>\r\n\t<platform>win32</platform>\r\n\t<version>2.6.0.393</version>\r\n\t<releaseNotesUrl/>\r\n\t<packageSets>\r\n\t\t<packageSet>\r\n\t\t\t<name>CCLBS</name>\r\n\t\t\t<installPath>[PROGRAMFILES]\Adobe\Adobe Creative Cloud</installPath>\r\n\t\t\t<sequenceNumber>1"... 0x7fe814) 0024:trace:msxml:domdoc_loadXML parsed document 0x7da49590 ... 0024:trace:msxml:domdoc_AddRef (0xd17760)->(2) 0024:trace:msxml:domdoc_Release (0xd17760)->(1) 0024:trace:msxml:domdoc_get_documentElement (0xd17760)->(0x7fe844) 0024:trace:msxml:create_node type 1 0024:Call ntdll.RtlAllocateHeap(00110000,00000000,00000020) ret=7d95cae5 0024:Ret ntdll.RtlAllocateHeap() retval=001775a8 ret=7d95cae5 0024:trace:msxml:xmldoc_add_refs (0x7da49590)->(2) 0024:trace:msxml:domelem_QueryInterface (0x1775a8)->({2933bf80-7b36-11d2-b20e-00c04f983e60} 0x7fe790) 0024:trace:msxml:domelem_AddRef (0x1775a8)->(2) 0024:trace:msxml:domelem_Release (0x1775a8)->(1) 0024:trace:msxml:domelem_QueryInterface (0x1775a8)->({2933bf86-7b36-11d2-b20e-00c04f983e60} 0x7fe844) 0024:trace:msxml:domelem_AddRef (0x1775a8)->(2) 0024:trace:msxml:domelem_Release (0x1775a8)->(1) 0024:trace:msxml:domelem_AddRef (0x1775a8)->(2) 0024:trace:msxml:domelem_Release (0x1775a8)->(1) 0024:trace:msxml:domelem_AddRef (0x1775a8)->(2) 0024:trace:msxml:domelem_AddRef (0x15ec28)->(2) 0024:trace:msxml:domelem_appendChild (0x1775a8)->(0x15ec40 0x7fe818) 0024:trace:msxml:domelem_get_nodeType (0x15ec28)->(0x7fe794) 0024:Call oleaut32.VariantInit(007fe780) ret=7d97aecc 0024:Ret oleaut32.VariantInit() retval=007fe780 ret=7d97aecc 0024:trace:msxml:domelem_insertBefore (0x1775a8)->(0x15ec40 {VT_EMPTY} 0x7fe818) 0024:trace:msxml:domelem_get_nodeType (0x15ec28)->(0x7fe6fc) 0024:trace:msxml:domelem_insertBefore new node type 1 0024:trace:msxml:domelem_QueryInterface (0x15ec28)->({4f2f4ba2-b822-11df-8b8a-6850dfd72085} 0x7fe608) 0024:trace:msxml:node_query_interface (0x15ec28)->(IID_xmlnode 0x7fe608) 0024:trace:msxml:node_insert_before new child 0x7da06ca8, This->node 0x7da088b0 0024:trace:msxml:domelem_removeChild (0x164a70)->(0x15ec40 (nil)) 0024:trace:msxml:domelem_QueryInterface (0x15ec28)->({4f2f4ba2-b822-11df-8b8a-6850dfd72085} 0x7fe588) 0024:trace:msxml:node_query_interface (0x15ec28)->(IID_xmlnode 0x7fe588) 0024:Call ntdll.RtlAllocateHeap(00110000,00000000,0000000c) ret=7d9521fb 0024:Ret ntdll.RtlAllocateHeap() retval=00178d00 ret=7d9521fb 0024:Call ntdll.RtlFreeHeap(00110000,00000000,00178d00) ret=7d952295 0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7d952295 0024:trace:msxml:xmldoc_add_refs (0x7da49590)->(3) 0024:trace:msxml:xmldoc_release_refs (0x7da139a8)->(0) 0024:trace:msxml:xmldoc_release_refs freeing docptr 0x7da139a8 --- snip ---
The crash seems to happen during unlink from current parent of the node.
A parent node vtable pointer is NULL hence the call to 'domelem_removeChild' method causes the crash.
Source: http://source.winehq.org/git/wine.git/blob/980e9225d20ade10cd85c3edea518d78d...
--- snip --- 432 HRESULT node_insert_before(xmlnode *This, IXMLDOMNode *new_child, const VARIANT *ref_child, 433 IXMLDOMNode **ret) ... 473 refcount = xmlnode_get_inst_cnt(node_obj); 474 475 if(before) 476 { 477 xmlnode *before_node_obj = get_node_obj(before); 478 IXMLDOMNode_Release(before); 479 if(!before_node_obj) return E_FAIL; 480 481 /* unlink from current parent first */ 482 if(node_obj->parent) 483 { 484 hr = IXMLDOMNode_removeChild(node_obj->parent, node_obj->iface, NULL); 485 if (hr == S_OK) xmldoc_remove_orphan(node_obj->node->doc, node_obj->node); 486 } ... --- snip ---
Do you use by chance this bugged gcc 4.9 compiler for building Wine? If yes, try downgrading to 4.8.x series and check again.
$ sha1sum CreativeCloudSet-Up.exe 5439e86c0378a2d0debaa071259cc741762e5374 CreativeCloudSet-Up.exe
$ du -sh CreativeCloudSet-Up.exe 3.0M CreativeCloudSet-Up.exe
$ wine --version wine-1.7.20-112-g6e1d877
Regards
https://bugs.winehq.org/show_bug.cgi?id=36758
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Adobe Creative Cloud Setup |Adobe Creative Cloud Setup |crashes very early in |crashes very early in |windows 7 mode |windows 7 mode (gcc-4.9.0)
--- Comment #2 from Austin English austinenglish@gmail.com --- (In reply to Anastasius Focht from comment #1)
Do you use by chance this bugged gcc 4.9 compiler for building Wine? If yes, try downgrading to 4.8.x series and check again.
Actually, I was testing on my desktop using gentoo/gcc-4.8.2, but I can see the same issue on my laptop (fedora rawhide), with gcc-4.9.0. Using gcc-4.8.3 on my laptop avoids the issue.
I was not aware of gcc-4.9.0 being buggy, the only issue I'm aware of was in msi, bug 36139, which is fixed.
$ sha1sum CreativeCloudSet-Up.exe 5439e86c0378a2d0debaa071259cc741762e5374 CreativeCloudSet-Up.exe
$ du -sh CreativeCloudSet-Up.exe 3.0M CreativeCloudSet-Up.exe
Same installer here.
http://bugs.winehq.org/show_bug.cgi?id=36758
--- Comment #3 from Ken Sharp imwellcushtymelike@gmail.com --- Is there an upstream GCC bug?
https://bugs.winehq.org/show_bug.cgi?id=36758
--- Comment #4 from Austin English austinenglish@gmail.com --- (In reply to Ken Sharp from comment #3)
Is there an upstream GCC bug?
I haven't filed one.
https://bugs.winehq.org/show_bug.cgi?id=36758
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #5 from Sebastian Lackner sebastian@fds-team.de --- I am not sure if this is really a gcc bug. I am using Archlinux, which also ships a very new gcc version
--- snip --- $ gcc --version gcc (GCC) 4.9.1 20140903 (prerelease) --- snip ---
Nevertheless, this problem doesn't occur always - it only occurs with a small probability. I am able to reproduce this even with -O0, so its most likely not an optimization issue.
Could someone with an old version of gcc please test that this issue really doesn't exist yet? I suspect that it might be timing related or some kind of multithreaded issue.
https://bugs.winehq.org/show_bug.cgi?id=36758
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.winehq.org/show | |_bug.cgi?id=35732 Severity|normal |minor
--- Comment #6 from Ken Sharp imwellcushtymelike@gmail.com --- So it's a random failure? http://bugs.winehq.org/show_bug.cgi?id=35732
I suspect these two are duplicates.
https://bugs.winehq.org/show_bug.cgi?id=36758
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE
--- Comment #7 from Ken Sharp imwellcushtymelike@gmail.com --- Indeed. The traces are the same.
*** This bug has been marked as a duplicate of bug 35732 ***
https://bugs.winehq.org/show_bug.cgi?id=36758
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org