http://bugs.winehq.org/show_bug.cgi?id=27090
Summary: Gecko crashes on HTTPREQ_QueryDataAvailable on fresh-prefix wineboot Product: Wine Version: 1.3.19 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: adys.wh@gmail.com
Created an attachment (id=34527) --> (http://bugs.winehq.org/attachment.cgi?id=34527) WINEDEBUG=seh,appwizcpl,mshtml,msi wineboot
Forgot to file...
=>0 0x00007fb800bde0e6 HTTPREQ_QueryDataAvailable+0x1a6(hdr=0x2dfd0, available=0x2a5a8, flags=<is not available>, ctx=<is not available>)
Attached is a WINEDEBUG=+seh,appwizcpl,mshtml,msi.
Ill provide a mhtml,msi,appwizcpl,seh,wininet,urlmon,tid when I wake up.
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #1 from Jerome Leclanche adys.wh@gmail.com 2011-05-10 13:00:36 CDT --- Created an attachment (id=34595) --> (http://bugs.winehq.org/attachment.cgi?id=34595) WINEDEBUG=+mhtml,msi,appwizcpl,seh,wininet,urlmon,tid wineboot
It doesn't crash with this one, it just freezes, but the unhandled page fault is there.
2.7mb uncompressed
http://bugs.winehq.org/show_bug.cgi?id=27090
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jacek@codeweavers.com
--- Comment #2 from Jerome Leclanche adys.wh@gmail.com 2011-05-10 13:00:56 CDT --- cc jacek
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #3 from Adam Martinson amartinson@codeweavers.com 2011-05-31 15:28:31 CDT --- Created an attachment (id=34971) --> (http://bugs.winehq.org/attachment.cgi?id=34971) Valgrind log
The ==24243== section seems to have some relevant info, I haven't been able to make sense of it yet tho.
http://bugs.winehq.org/show_bug.cgi?id=27090
Adam Martinson amartinson@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |amartinson@codeweavers.com
--- Comment #4 from Adam Martinson amartinson@codeweavers.com 2011-05-31 16:34:19 CDT --- For me the 1st bad commit is 193da884ad9b982d9b740b15453aa8d3c19b054f (wininet: Correctly handle closed socket in HTTP_ReceiveRequestData.) I'm not sure that's really the culprit thought, as that was committed 5/23...
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #5 from Adam Martinson amartinson@codeweavers.com 2011-06-09 10:34:09 CDT --- Setting wininet_zalloc() to use heap_alloc_zero() instead of heap_alloc() fixes the uninitialized value in inflateReset2(), but doesn't change anything otherwise, so that part is probably just a harmless bug in zlib.
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #6 from Jacek Caban jacek@codeweavers.com 2011-06-09 11:18:08 CDT --- The Vagrind warning is harmless, see zlib FAQ:
http://www.zlib.net/zlib_faq.html#faq36
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #7 from Jerome Leclanche adys.wh@gmail.com 2011-08-31 04:25:40 CDT --- Created an attachment (id=36172) --> (http://bugs.winehq.org/attachment.cgi?id=36172) WINEPREFIX=~/wine-clean WINEDEBUG=+appwizcpl,mshtml,urlmon,wininet wine control appwiz.cpl install_gecko
Updated log wine-1.3.27-100-gc268c40
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #8 from Jacek Caban jacek@codeweavers.com 2011-09-03 05:18:33 CDT --- Does warn+heap show better traces? WINEDEBUG=+appwizcpl,mshtml,urlmon,wininet,tid,warn+heap should do the trick.
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #9 from Jerome Leclanche adys.wh@gmail.com 2011-09-03 05:53:22 CDT --- Created an attachment (id=36214) --> (http://bugs.winehq.org/attachment.cgi?id=36214) WINEDEBUG=+appwizcpl,mshtml,urlmon,wininet,tid,warn+heap wineboot
WINEDEBUG=+appwizcpl,mshtml,urlmon,wininet,tid,warn+heap wineboot
Do you want an appwiz.cpo install_gecko too?
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #10 from Jerome Leclanche adys.wh@gmail.com 2011-10-12 15:16:45 CDT --- Still happens in wine-1.3.30-55-g583e887. I'd like this bug nominated for 1.4.0 as it breaks a lot of stuff...
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #11 from Austin English austinenglish@gmail.com 2011-10-12 16:18:26 CDT --- (In reply to comment #10)
Still happens in wine-1.3.30-55-g583e887. I'd like this bug nominated for 1.4.0 as it breaks a lot of stuff...
Not very widespread, only you and Adam seem to be affected?
http://bugs.winehq.org/show_bug.cgi?id=27090
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |win64 Status|UNCONFIRMED |NEW Summary|Gecko crashes on |Gecko installer crashhes on |HTTPREQ_QueryDataAvailable |wow64 setups |on fresh-prefix wineboot | Ever Confirmed|0 |1
--- Comment #12 from Jerome Leclanche adys.wh@gmail.com 2011-11-10 10:54:25 CST --- wine-1.3.32-122-g2e5f73e with gecko 1.4:
adys@azura ~/src/wine/build32 % wineboot fixme:urlmon:DownloadBSC_OnProgress Unsupported status 3 fixme:wininet:InternetLockRequestFile STUB wine: Unhandled page fault at address 0x7f11526665a0 (thread 002a), starting debugger... fixme:dbghelp_dwarf:compute_location Only supporting one breg (rbx/329 -> rdi/333) fixme:dbghelp_dwarf:compute_location Only supporting one breg (r8/336 -> rax/328) fixme:dbghelp_dwarf:compute_location Only supporting one breg (r8/336 -> rcx/330) Could not load wine-gecko. HTML rendering will be disabled. fixme:urlmon:DownloadBSC_OnProgress Unsupported status 3 fixme:wininet:InternetLockRequestFile STUB wine: Unhandled page fault on read access to 0x238aa9b8 at address 0xf72946da (thread 0038), starting debugger... fixme:dbghelp_dwarf:compute_location Only supporting one reg (eax/17 -> -2) fixme:dbghelp_dwarf:compute_location Only supporting one reg (eax/17 -> -2) fixme:dbghelp_dwarf:compute_location Only supporting one breg (eax/17 -> ebp/22) fixme:dbghelp_dwarf:compute_location Only supporting one breg (eax/17 -> ebp/22)
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #13 from Jerome Leclanche adys.wh@gmail.com 2011-11-10 10:58:23 CST --- Created attachment 37431 --> http://bugs.winehq.org/attachment.cgi?id=37431 HTTPREQ_QueryDataAvailable crash
Yet again
Backtrace: =>0 0x00007f7b831795a0 HTTPREQ_QueryDataAvailable+0x1a0(hdr=0x2fe20, available=0x2eaf8, flags=<is not available>, ctx=<is not available>) [/home/adys/src/wine/build64/dlls/wininet/../../../dlls/wininet/http.c:2316] in wininet (0x000000000002eaf8) 1 0x00007f7b83192136 InternetQueryDataAvailable+0xc5(hFile=<is not available>, lpdwNumberOfBytesAvailble=0x2eaf8, dwFlags=0, dwContext=0) [/home/adys/src/wine/build64/dlls/wininet/../../../dlls/wininet/internet.c:3775] in wininet (0x000000000002eaf8) 2 0x00007f7b83743333 protocol_continue+0xe2(protocol=0x2ea30, data=<is not available>) [/home/adys/src/wine/build64/dlls/urlmon/../../../dlls/urlmon/protocol.c:348] in urlmon (0x0000000000000000) 3 0x00007f7b8373c07b HttpProtocol_Continue+0xaa(iface=0x7f7b8399ef20, pProtocolData=0x32e70) [/home/adys/src/wine/build64/dlls/urlmon/../../../dlls/urlmon/http.c:657] in urlmon (0x000000000002ea30) 4 0x00007f7b83731a91 ProtocolHandler_Continue+0xb0(iface=0x2e928, pProtocolData=0x32e70) [/home/adys/src/wine/build64/dlls/urlmon/../../../dlls/urlmon/bindprot.c:640] in urlmon (0x0000000000032e70) 5 0x00007f7b83731b96 switch_proc+0x15(bind=<is not available>, t=0x2e0a0) [/home/adys/src/wine/build64/dlls/urlmon/../../../dlls/urlmon/bindprot.c:921] in urlmon (0x000000000002e8c0) ...
http://bugs.winehq.org/show_bug.cgi?id=27090
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Gecko installer crashhes on |Gecko installer crashes on |wow64 setups |wow64 setups (memory | |corruption?/HTTPREQ_QueryDa | |taAvailable)
http://bugs.winehq.org/show_bug.cgi?id=27090
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alfonsojon1997@gmail.com
--- Comment #14 from Vincent Povirk madewokherd@gmail.com 2012-06-28 20:19:31 CDT --- *** Bug 31069 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=27090
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, Installer CC| |austinenglish@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #15 from Jonathan Alfonso alfonsojon1997@gmail.com 2012-06-28 23:16:18 CDT --- This bug affects me as well apologies for the duplicate bug report
http://bugs.winehq.org/show_bug.cgi?id=27090
Rosanne DiMesio dimesio@earthlink.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Gecko installer crashes on |Gecko/Mono installer |wow64 setups (memory |crashes on wow64 setups |corruption?/HTTPREQ_QueryDa |(memory |taAvailable) |corruption?/HTTPREQ_QueryDa | |taAvailable)
--- Comment #16 from Rosanne DiMesio dimesio@earthlink.net 2012-06-29 08:14:19 CDT --- Adding Mono to the bug summary.
http://bugs.winehq.org/show_bug.cgi?id=27090
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |Rainmaker52@gmail.com
--- Comment #17 from Vincent Povirk madewokherd@gmail.com 2012-07-06 07:40:59 CDT --- *** Bug 31147 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=27090
Sami Aario saempylae@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |saempylae@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #18 from Sami Aario saempylae@gmail.com 2012-07-07 00:02:25 CDT --- This looks like a duplicate of Bug 22856, but I'm unable to mark duplicates (or don't know how).
http://bugs.winehq.org/show_bug.cgi?id=27090
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE
--- Comment #19 from Jerome Leclanche adys.wh@gmail.com 2012-07-07 05:25:57 CDT --- You're quite correct, those backtraces look identical.
*** This bug has been marked as a duplicate of bug 22856 ***
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #20 from Sami Aario saempylae@gmail.com 2012-07-07 16:36:53 CDT --- It looks like it could be a buffer overflow. If you look at Jerome's log in Attachment 34595, line 38396 reads:
0017:trace:wininet:refill_read_buffer read 4344 bytes, read_size 11584
This is right before the unhandled exception occurs. Looking at the relevant code, refill_read_buffer in http.c uses req->read_buf, which has a size defined as READ_BUFFER_SIZE == 8192 in internet.h
I went through the log and all the other refill_read_buffer traces I looked at had a read_size <= 8192. Not the final word, but I did look at a lot of them.
I can't investigate this further right now, so please take a look if you want.
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #21 from Sami Aario saempylae@gmail.com 2012-07-07 16:40:11 CDT --- Also, I generated a similar trace log at home, and it shows the same symptoms: trace:wininet:refill_read_buffer says read_size > 8192 right before the crash, and nowhere else.
Gotta go!
http://bugs.winehq.org/show_bug.cgi?id=27090
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #22 from Dan Kegel dank@kegel.com 2012-07-07 19:36:34 CDT --- Thanks, Sami! Does http://www.winehq.org/pipermail/wine-patches/2012-July/115909.html fix it for you?
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #23 from Sami Aario saempylae@gmail.com 2012-07-08 04:10:01 CDT --- Yes, that patch seems to fix it.
Both the Mono and Gecko installer downloads now finish without a crash, where before they would both always crash before the respective download was finished.
http://bugs.winehq.org/show_bug.cgi?id=27090
--- Comment #24 from Jacek Caban jacek@codeweavers.com 2012-07-09 04:38:47 CDT --- Good catch and patch! Thanks Sami and Dan.
http://bugs.winehq.org/show_bug.cgi?id=27090
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #25 from Jerome Leclanche adys.wh@gmail.com 2012-07-12 12:22:38 CDT --- Closing
-
wine-bugs@winehq.org