http://bugs.winehq.org/show_bug.cgi?id=26235
Summary: Pioneer DJs: page fault on read access in MFC71.dll Product: Wine Version: 1.3.14 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: bghome@gmail.com
To reproduce this click on the File -> Import -> MP3 Audio File menu. Then wine crashes.
I expect the Windows file browser window to be opened.
Demo version is available from: http://www.prodjnet.com/products/soft/djs/download_list_en.html
http://bugs.winehq.org/show_bug.cgi?id=26235
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.prodjnet.com/pro | |ducts/soft/djs/download/ins | |tdjs1601tr_en.exe CC| |adys.wh@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=26235
--- Comment #1 from Jerome Leclanche adys.wh@gmail.com 2011-10-30 18:21:22 CDT --- Install fails to complete after "preparing to install..." and gives error 1628
fixme:storage:create_storagefile Storage share mode not implemented. err:msidb:TABLE_fetch_stream fetching stream L"Binary._ISUser1033.dll", error = 1627 fixme:heap:HeapSetInformation 0x2d4000 0 0x23fcb0 4 fixme:atl:AtlModuleInit SEMI-STUB (0x40f900 0x40f010 0x400000) err:ole:marshal_object couldn't get IPSFactory buffer for interface {769bd2e5-4f74-4942-a196-94b9eb0b778f} err:ole:ClientIdentity_QueryMultipleInterfaces IRemUnknown_RemQueryInterface failed with error 0x80004002 err:ole:StdMarshalImpl_ReleaseMarshalData could not map object ID to stub manager, oxid=630000005c, oid=2 err:ole:CoReleaseMarshalData IMarshal::ReleaseMarshalData failed with error 0x8001011d
http://bugs.winehq.org/show_bug.cgi?id=26235
--- Comment #2 from Austin English austinenglish@gmail.com --- Needs winetricks jet40, otherwise it throws an error on start. After that, it simply hangs on its splash screen towards the end (around 90% complete). Terminal shows: austin@aw25 ~/.wine/drive_c/Program Files/Pioneer/DJS 1.0/DJS $ wine DJS10.exe InitSCSIPT ---CD Drives---start--- ---CD Drives---end--- -- DJ Booth Beta1 -- DEBUG CONSOLE err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1 PreGenHolder:>OK err:ole:CoGetClassObject class {ecabb0c0-7f19-11d2-978e-0000f8757e2a} not registered err:ole:CoGetClassObject no class object {ecabb0c0-7f19-11d2-978e-0000f8757e2a} could be created for context 0x1 PreGenHolder:open >OK PreGenHolder:CreateInstance >OK PreGenHolder:>OK fixme:win:EnumDisplayDevicesW ((null),0,0x356e238,0x00000000), stub! fixme:ddraw:ddraw7_Initialize Ignoring guid <guid-0x0002>. fixme:win:RegisterDeviceNotificationA (hwnd=0x6003c, filter=0x33e7e0,flags=0x00000000) returns a fake device notification handle! fixme:amstream:IAMMultiMediaStreamImpl_AddMediaStream Specifying a stream object in params is not yet supported err:quartz:GetClassMediaFile Media class not found fixme:amstream:IDirectDrawStreamSampleImpl_GetSurface (0x1ac768)->(0xc48ce8,(nil)): stub
austin@aw25 ~ $ du -h instdjs1601tr_en.exe 54M instdjs1601tr_en.exe austin@aw25 ~ $ sha1sum instdjs1601tr_en.exe fb31a1caba42c56d19ef09713cdefe12ba9c126a instdjs1601tr_en.exe austin@aw25 ~ $ wine --version wine-1.7.11-114-g6f498c4
https://bugs.winehq.org/show_bug.cgi?id=26235
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |setupapi Summary|Pioneer DJs: page fault on |Pioneer DJs 1.6 hangs on |read access in MFC71.dll |startup | |(SetupDiEnumDeviceInterface | |s needs to retain | |DeviceInterfaceData->cbSize | |upon reset) Ever confirmed|0 |1 Regression SHA1| |53b287530961beaaae89bd063bc | |0d63ef41036ff
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming comment #2 - the app hangs on startup.
Trace log yields the following:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Pioneer/DJS 1.0/DJS
$ WINEDEBUG=+tid,+seh,+relay,+setupapi wine ./DJS10.exe >>log.txt 2>&1 ... 0024:Call PE DLL (proc=0x343b69,module=0x340000 L"MMPCOM.dll",reason=PROCESS_ATTACH,res=0x1) ... 0024:Ret PE DLL (proc=0x7e4eb1e0,module=0x7e4e0000 L"hid.dll",reason=PROCESS_ATTACH,res=0x1) retval=1 0024:Call PE DLL (proc=0x3537fe,module=0x350000 L"hidcom.dll",reason=PROCESS_ATTACH,res=0x1) ... 0024:Call KERNEL32.CreateFileA(0033e644 "\\.\MMPCdc0",c0000000,00000003,00000000,00000003,00000000,00000000) ret=003410b8 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=003410b8 0024:Call KERNEL32.CreateFileA(0033e644 "\\.\MMPCdc1",c0000000,00000003,00000000,00000003,00000000,00000000) ret=003410b8 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=003410b8 ... 0024:Call setupapi.SetupDiGetClassDevsA(0033e5ec,00000000,00000000,00000012) ret=0035195b 0024:trace:setupapi:SetupDiGetClassDevsExW {4d1e55b2-f16f-11cf-88cb-001111000030} (null) (nil) 0x00000012 (nil) (null) (nil) 0024:warn:setupapi:SetupDiGetClassDevsExW unsupported flags 00000002 0024:trace:setupapi:SetupDiCreateDeviceInfoListExW {4d1e55b2-f16f-11cf-88cb-001111000030} (nil) (null) (nil) 0024:Call ntdll.RtlAllocateHeap(00110000,00000000,00000024) ret=7ea40a47 0024:Ret ntdll.RtlAllocateHeap() retval=001ca2e0 ret=7ea40a47 0024:Call advapi32.RegOpenKeyExW(80000002,7ea6b460 L"System\CurrentControlSet\Control\DeviceClasses",00000000,00020019,0033e364) ret=7ea4618e 0024:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=7ea4618e 0024:trace:setupapi:SETUPDI_EnumerateInterfaces 0x1ca2e0, {4d1e55b2-f16f-11cf-88cb-001111000030}, (null), 00000012 0024:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ea424ff 0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea424ff 0024:Ret setupapi.SetupDiGetClassDevsA() retval=001ca2e0 ret=0035195b 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000000,0033e5d0) ret=00351988 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 0, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351988 0024:Call KERNEL32.GetLastError() ret=00351a25 0024:Ret KERNEL32.GetLastError() retval=00000103 ret=00351a25 0024:Call KERNEL32.LocalAlloc(00000040,00000000) ret=00351513 0024:Ret KERNEL32.LocalAlloc() retval=001c1820 ret=00351513 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000000,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 0, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000001,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 1, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000002,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 2, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e
<endless repeating> --- snip ---
The app searches for HID devices (managed by PnP device manager):
{4D1E55B2-F16F-11CF-88CB-001111000030} -> GUID_DEVINTERFACE_HID
MSDN: http://msdn.microsoft.com/en-us/library/windows/hardware/ff545860%28v=vs.85%...
There is some code in app hidcom.dll that checks for:
vid = 08E4 (Pioneer) pid = [0140,0141,0143]
Before coming to that part it enumerates devices using following code (reduced snippet just to show the problem):
--- snip --- ... 00351A67 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30] 00351A6A 50 PUSH EAX 00351A6B FF75 C4 PUSH DWORD PTR SS:[EBP-3C] 00351A6E 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] 00351A71 50 PUSH EAX 00351A72 53 PUSH EBX 00351A73 FF75 CC PUSH DWORD PTR SS:[EBP-34] 00351A76 FF15 D4103500 CALL DWORD PTR SETUPAPI.SetupDiEnumDeviceInterfaces 00351A7C 85C0 TEST EAX,EAX 00351A7E 0F84 A4000000 JE hidcom.00351B28 ... 00351B28 FF15 B0103500 CALL DWORD PTR DS:[<&KERNEL32.GetLastError>] 00351B2E 3D 03010000 CMP EAX,103 ; ERROR_NO_MORE_ITEMS 00351B33 74 30 JE SHORT hidcom.00351B65 00351B35 FF45 C4 INC DWORD PTR SS:[EBP-3C] 00351B38 E9 2AFFFFFF JMP hidcom.00351A67 --- snip ---
Poor error handling on app side and some Wine oversight results in endless looping here.
In first call to SetupDiEnumDeviceInterfaces( member index = 0), Wine resets DeviceInterfaceData (user supplied buffer) and returns ERROR_NO_MORE_ITEMS.
Source:
http://source.winehq.org/git/wine.git/blob/9c76ccfda124ca471b3de4d8a04aed1e1...
--- snip --- 2770 BOOL WINAPI SetupDiEnumDeviceInterfaces(HDEVINFO DeviceInfoSet, PSP_DEVINFO_DATA DeviceInfoData, 2771 const GUID *InterfaceClassGuid, DWORD MemberIndex, 2772 PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData) 2773 { ... 2792 if (!DeviceInterfaceData || 2793 DeviceInterfaceData->cbSize != sizeof(SP_DEVICE_INTERFACE_DATA)) 2794 { 2795 SetLastError(ERROR_INVALID_PARAMETER); 2796 return FALSE; 2797 } 2798 /* In case application fails to check return value, clear output */ 2799 memset(DeviceInterfaceData, 0, sizeof(*DeviceInterfaceData)); 2800 if (DeviceInfoData) ... --- snip ---
In the second call which ought to restart it (member index = 0), the app still passes the _same_ buffer:
--- snip --- p *DeviceInterfaceData {cbSize=0, InterfaceClassGuid={Data1=0, Data2=0, Data3=0, Data4=""}, Flags=0, Reserved=0} --- snip ---
That of course doesn't work because 'DeviceInterfaceData->cbSize' member is now zero due to previous 'reset' by Wine code.
Just from reading the code this looks like a regression if it worked earlier (initial report by OP):
http://source.winehq.org/git/wine.git/commitdiff/53b287530961beaaae89bd063bc...
If you fix that -> DeviceInterfaceData->cbSize = sizeof(SP_DEVICE_INTERFACE_DATA) the app starts fine and the even the initial problem is gone. I imported some mp3 files without crash.
$ sha1sum instdjs1601tr_en.exe fb31a1caba42c56d19ef09713cdefe12ba9c126a instdjs1601tr_en.exe
$ du -sh instdjs1601tr_en.exe 54M instdjs1601tr_en.exe
$ wine --version wine-1.7.14
Regards
https://bugs.winehq.org/show_bug.cgi?id=26235
--- Comment #4 from Austin English austinenglish@gmail.com --- https://source.winehq.org/patches/data/103228
https://bugs.winehq.org/show_bug.cgi?id=26235
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8d854a4830776aaacb70161709d | |b315d54eb77f0 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/8d854a4830776aaacb70161709d...
Thanks Austin
Regards
https://bugs.winehq.org/show_bug.cgi?id=26235
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.15.