[Bug 35367] New: Cyberlink Powerdirector 8 crashes during media scan (Wine ole32 code must take implicit MTA into account)
https://bugs.winehq.org/show_bug.cgi?id=35367
Bug ID: 35367 Summary: Cyberlink Powerdirector 8 crashes during media scan (Wine ole32 code must take implicit MTA into account) Product: Wine Version: 1.7.10 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ole32 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Classification: Unclassified
Hello folks,
Prerequisite: 'winetricks -q mfc42'
Upon startup the app shows a registration dialog with some options:
* "Buy Now" * "Activate" * "Try Now"
After selecting "Try Now" the app continues loading and starts importing some media files. "Activation" feature also works (tested with some code found here and there).
There is a crash (heap corruption) in libxml2/msxml during media import. This is a different problem which can be worked around with 'winetricks -q msxml3'.
This bug is about the COM/OLE part of media import crash.
Relevant part of trace log:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/CyberLink/PowerDirector
$ WINEDEBUG=+tid,+seh,+relay,+ole,+variant wine ./PDR8.exe >>log2.txt 2>&1 ... 0016:Call shlwapi.PathFileExistsW(0430b2e4 L"C:\Program Files\CyberLink\PowerDirector\SampleClips\ntsc\Nature.mpg") ret=02cb0bbd ... 0016:Ret shlwapi.PathFileExistsW() retval=00000001 ret=02cb0bbd 0016:Call ole32.CoCreateInstance(02ce6e68,00000000,00000007,02ce6e38,0275b5b4) ret=02cb5171 0016:trace:ole:CoCreateInstance (rclsid={889ca1c3-e115-47e1-88ec-20df644e982a}, pUnkOuter=(nil), dwClsContext=00000007, riid={38df9356-47c1-40ef-89ce-af1d019b0baa}, ppv=0x275b5b4) 0016:trace:ole:apartment_addref 2e0000cafe: before = 8 0016:trace:ole:apartment_release 2e0000cafe: after = 8 0016:trace:ole:CoGetClassObject CLSID: {889ca1c3-e115-47e1-88ec-20df644e982a},IID: {00000001-0000-0000-c000-000000000046} 0016:trace:ole:apartment_addref 2e0000cafe: before = 8 ... 0016:warn:ole:CoGetClassObject class {889ca1c3-e115-47e1-88ec-20df644e982a} not registered as in-proc server ... 0016:warn:ole:CoGetClassObject class {889ca1c3-e115-47e1-88ec-20df644e982a} not registered in-proc handler 0016:trace:ole:apartment_release 2e0000cafe: after = 8 0016:trace:ole:RPC_GetLocalClassObject rclsid={889ca1c3-e115-47e1-88ec-20df644e982a}, iid={00000001-0000-0000-c000-000000000046} 0016:trace:ole:RPC_GetLocalClassObject waiting for L"\\.\pipe\{889CA1C3-E115-47E1-88EC-20DF644E982A}" 0016:Call KERNEL32.WaitNamedPipeW(0275b228 L"\\.\pipe\{889CA1C3-E115-47E1-88EC-20DF644E982A}",ffffffff) ret=7e773bc3 0016:Ret KERNEL32.WaitNamedPipeW() retval=00000001 ret=7e773bc3 0016:Call KERNEL32.CreateFileW(0275b228 L"\\.\pipe\{889CA1C3-E115-47E1-88EC-20DF644E982A}",c0000000,00000000,00000000,00000003,00000000,00000000) ret=7e773c04 0016:Ret KERNEL32.CreateFileW() retval=00000914 ret=7e773c04 0016:Call KERNEL32.ReadFile(00000914,0275b158,000000c8,0275b220,00000000) ret=7e773e29 0016:Ret KERNEL32.ReadFile() retval=00000001 ret=7e773e29 0016:trace:ole:RPC_GetLocalClassObject read marshal id from pipe ... 0016:trace:ole:RPC_GetLocalClassObject unmarshalling local server 0016:trace:ole:CoUnmarshalInterface (0x4365a08, {6d5140c1-7436-11ce-8034-00aa006009fa}, 0x275b13c) ... 0016:trace:ole:get_unmarshaler_from_stream Using standard unmarshaling 0016:Call ntdll.RtlAllocateHeap(00110000,00000000,00000010) ret=7e75bf7e 0016:Ret ntdll.RtlAllocateHeap() retval=043fd2f8 ret=7e75bf7e 0016:trace:ole:StdMarshalImpl_UnmarshalInterface (...,{6d5140c1-7436-11ce-8034-00aa006009fa},....) 0016:err:ole:StdMarshalImpl_UnmarshalInterface Apartment not initialized 0016:err:ole:CoUnmarshalInterface IMarshal::UnmarshalInterface failed, 0x800401f0 ... 0016:trace:ole:CoUnmarshalInterface completed with hr 0x800401f0 0016:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e7740f4 ip=7e7740f4 tid=0016 0016:trace:seh:raise_exception info[0]=00000000 0016:trace:seh:raise_exception info[1]=000003de 0016:trace:seh:raise_exception eax=000003de ebx=7e854000 ecx=0275b100 edx=0275ef8c esi=0275ecc5 edi=0275eb8c 0016:trace:seh:raise_exception ebp=0275b378 esp=0275b100 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210286 --- snip ---
"{889ca1c3-e115-47e1-88ec-20df644e982a}" is registered as out-of-process COM server:
--- snip --- CLSID: {889CA1C3-E115-47E1-88EC-20DF644E982A} LOCAL SERVER: %ROOT%\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE TYPELIB: {D37B5B2C-8D1B-4832-89E4-6FCE903B3A18} VERSION IND. PROGID: RichVideo.RVInterface --- snip ---
The problem most likely stems from crappy vendor code. The thread in question that ought to instantiate the COM object never explicitly initializes its COM apartment.
From my experience in 99% of the cases the developers forgot the call to
CoInitializeEx() on thread entry and the reason why this works for native is the so called implicit MTA.
Basically another thread in the process called CoInitializeEx(0, COINIT_MULTITHREADED), which means that the thread which forgot to call CoInitializeEx() was implicitly placed in the MTA (the app creates a crapload of threads).
I had to change quite some code to make a proof-of-concept. There is various code in Wine ole32 that makes use of COM_CurrentApt() which doesn't take implicit MTA into account.
--- snip --- # modified: dlls/ole32/compobj.c # modified: dlls/ole32/marshal.c # modified: dlls/ole32/rpc.c --- snip ---
The app/thread was finally able to instantiate the out-of-process COM server and make COM calls. Media files were successfully imported and movies/images showed up in some thumbnail-like view.
$ sha1sum cyberlink2220_vde09070801.exe 2fbc508b971332872b68761ea0d56803c5d122bd cyberlink2220_vde09070801.exe
$ du -sh cyberlink2220_vde09070801.exe 236M cyberlink2220_vde09070801.exe
$ wine --version wine-1.7.10-343-g770d09d
Regards
https://bugs.winehq.org/show_bug.cgi?id=35367
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://cyberlink-powerdirec | |tor.soft32.com/download/fil | |e/id/485879/
https://bugs.winehq.org/show_bug.cgi?id=35367
alfred.egger@gmx.at changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alfred.egger@gmx.at
--- Comment #1 from alfred.egger@gmx.at --- Bug exists still in 1.7.12.
If you delete the sample file it tries to load at the first start, it runs without problems. If you try to import pictures, it works. If you try to import videos, it crashes.
https://bugs.winehq.org/show_bug.cgi?id=35367
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Cyberlink Powerdirector 8 |Multiple applications crash |crashes during media scan |due to Wine ole32 code not |(Wine ole32 code must take |taking implicit MTA into |implicit MTA into account) |account (Cyberlink | |Powerdirector 8, PDFXChange | |Editor 5.5)
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
I found another app suffering from this: PDFXChange Editor 5.5
Refining summary.
Download: http://www.tracker-software.com/product/pdf-xchange-editor/download
Relevant part of trace log:
--- snip --- ... 002e:err:ole:CoGetObjectContext apartment not initialised 002e:Ret ole32.CoGetObjectContext() retval=800401f0 ret=107ad4ec 002e:Call ole32.CoInitializeEx(00000000,00000000) ret=107b7a3f ... 002e:Ret ole32.CoInitializeEx() retval=00000000 ret=107b7a3f ... 002b:Ret PE DLL (proc=0x100113ed,module=0x10000000 L"PDFXEditCore.x86.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 002b:Call PE DLL (proc=0x338d95e,module=0x3320000 L"Bookmarks.pvp",reason=THREAD_ATTACH,res=(nil)) ... 002b:Ret PE DLL (proc=0x338d95e,module=0x3320000 L"Bookmarks.pvp",reason=THREAD_ATTACH,res=(nil)) retval=1 002b:Starting thread proc 0x105b27cd (arg=0x2dd8c58) ... 002b:Call KERNEL32.GetLastError() ret=10015b78 002b:Ret KERNEL32.GetLastError() retval=00000000 ret=10015b78 002b:Call KERNEL32.WaitForSingleObject(00000104,ffffffff) ret=107b8008 002b:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=107b8008 002b:Call ole32.CoGetObjectContext(114baa28,0187e9ec) ret=107ad4ec ... 002b:Ret ole32.CoGetObjectContext() retval=00000000 ret=107ad4ec ... 002b:Call KERNEL32.CreateEventW(00000000,00000001,00000000,001a3df0 L"{124380E8-8012-4E0C-B00821E5C6FF7C2F}") ret=101c4775 002b:Ret KERNEL32.CreateEventW() retval=000003c4 ret=101c4775 002b:Call ole32.CoCreateInstance(1144eb54,00000000,00000004,1144eb44,0187e964) ret=101c48ef ... 002b:Call KERNEL32.WaitNamedPipeW(0187e5c8 L"\\.\pipe\{0DF179B8-96F1-4F3E-9338-DFEEB61B810A}",ffffffff) ret=7e9835f3 002b:Ret KERNEL32.WaitNamedPipeW() retval=00000001 ret=7e9835f3 002b:Call KERNEL32.CreateFileW(0187e5c8 L"\\.\pipe\{0DF179B8-96F1-4F3E-9338-DFEEB61B810A}",c0000000,00000000,00000000,00000003,00000000,00000000) ret=7e983634 002b:Ret KERNEL32.CreateFileW() retval=000003c8 ret=7e983634 ... 002b:Ret KERNEL32.GlobalLock() retval=02dbc770 ret=7e962981 002b:Call KERNEL32.GlobalUnlock(02b40182) ret=7e962a38 002b:Ret KERNEL32.GlobalUnlock() retval=00000000 ret=7e962a38 002b:Call ntdll.RtlAllocateHeap(00110000,00000000,00000010) ret=7e96bb12 002b:Ret ntdll.RtlAllocateHeap() retval=02d58408 ret=7e96bb12 002b:err:ole:StdMarshalImpl_UnmarshalInterface Apartment not initialized 002b:err:ole:CoUnmarshalInterface IMarshal::UnmarshalInterface failed, 0x800401f0 ... 002b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e983b26 ip=7e983b26 tid=002b 002b:trace:seh:raise_exception info[0]=00000000 002b:trace:seh:raise_exception info[1]=6c61767c 002b:trace:seh:raise_exception eax=6c617674 ebx=7ea68000 ecx=0187e4a0 edx=00110064 esi=0187e830 edi=0187e914 002b:trace:seh:raise_exception ebp=0187e718 esp=0187e4a0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010286 002b:trace:seh:call_stack_handlers calling handler at 0x1132ad90 code=c0000005 flags=0 ... --- snip ---
Works fine with my rebased proof-of-concept bugfix branch I kept for the initial report.
NOTE: Although bug 33749 is essentially about the same issue, the summary and proposed patch only covers a narrow scope which doesn't work for the applications here.
$ sha1sum PDFXVE5.x86.msi 0470e3ff74b75f1954a2236fa44749fc4a0cd1a9 PDFXVE5.x86.msi
$ du -sh PDFXVE5.x86.msi 38M PDFXVE5.x86.msi
$ wine --version wine-1.7.35-89-gbad99c9
Regards
https://bugs.winehq.org/show_bug.cgi?id=35367
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://cyberlink-powerdirec |http://www.tracker-software |tor.soft32.com/download/fil |.com/product/pdf-xchange-ed |e/id/485879/ |itor/download
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Changing download link to PDF-XChange Editor Version 5.5.x since Cyberlink mirror removed old v8.
--- snip --- -=[ ProtectionID v0.6.6.7 DECEMBER]=- (c) 2003-2015 CDKiLLER & TippeX Build 24/12/14-22:48:13 Ready... Scanning -> C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 392760 (05FE38h) Byte(s) Compilation TimeStamp : 0x55F093ED -> Wed 09th Sep 2015 20:17:49 (GMT) [TimeStamp] 0x55F093ED -> Wed 09th Sep 2015 20:17:49 (GMT) | PE Header | - | Offset: 0x00000100 | VA: 0x00400100 | - [TimeStamp] 0x55F093ED -> Wed 09th Sep 2015 20:17:49 (GMT) | DebugDirectory | - | Offset: 0x00016EA4 | VA: 0x004182A4 | - [TimeStamp] 0x55F093ED -> Wed 09th Sep 2015 20:17:49 (GMT) | DebugDirectory | - | Offset: 0x00016EC0 | VA: 0x004182C0 | - -> File Appears to be Digitally Signed @ Offset 05E000h, size : 01E38h / 07736 byte(s) [!] Executable uses SEH Tables (/SAFESEH) (9 calculated 9 recorded... 0 invalid addresses) [File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004) [Entrypoint Section Entropy] : 6.63 (section #0) ".text " | Size : 0x1668D (91789) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 5 (0x5) | ImageSize 0x63000 (405504) byte(s) [VersionInfo] Company Name : Tracker Software Products (Canada) Ltd. [VersionInfo] Product Name : PDF-XChange Editor [VersionInfo] Product Version : 5.5 [VersionInfo] File Description : PDF-XChange Editor [VersionInfo] File Version : 5.5.0315.0000 [VersionInfo] Original FileName : PDFXEditor.exe [VersionInfo] Internal Name : PDFXEditor [VersionInfo] Version Comments : PDF-XChange Editor [VersionInfo] Legal Trademarks : Tracker Software Products (Canada) Ltd. [VersionInfo] Legal Copyrights : Copyright (C) 2001-2015 by Tracker Software Products (Canada) Ltd. [Debug Info] (record 1 of 2) (file offset 0x16EA0) Characteristics : 0x0 | TimeDateStamp : 0x55F093ED (Wed 09th Sep 2015 20:17:49 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x5C (92) AddressOfRawData : 0x1E580 | PointerToRawData : 0x1D180 CvSig : 0x53445352 | SigGuid C8B09E8C-3DBB-4F86-B097F3650B554140 Age : 0x1 | Pdb : F:\Development\PDF5\builds\RC.315_build\Release.Win32\PDFXEdit.pdb [Debug Info] (record 2 of 2) (file offset 0x16EBC) Characteristics : 0x0 | TimeDateStamp : 0x55F093ED (Wed 09th Sep 2015 20:17:49 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) AddressOfRawData : 0x1E5DC | PointerToRawData : 0x1D1DC [CompilerDetect] -> Visual C++ 12.0 (Visual Studio 2012) [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.473 Second(s) [0000001D9h (473) tick(s)] [499 of 573 scan(s) done] --- snip ---
$ sha1sum PDFXVE5.x86.msi b91eed002ed09f104661244515a8acfeedd39b96 PDFXVE5.x86.msi
$ du -sh PDFXVE5.x86.msi 42M PDFXVE5.x86.msi
$ wine --version wine-1.7.54-179-ga0d0d0d
Regards
https://bugs.winehq.org/show_bug.cgi?id=35367
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |a4cf16db08a0cd07b05fbb32d57 | |8b81b0578509f Resolution|--- |FIXED CC| |z.figura12@gmail.com Status|NEW |RESOLVED
--- Comment #4 from Zebediah Figura z.figura12@gmail.com --- PDF X-Change Editor 5.5 works fine for me in Wine 3.21. Judging from the logs in comment 2, I suspect this was fixed by https://source.winehq.org/git/wine.git/commitdiff/a4cf16db08a0cd07b05fbb32d5..., though I'll verify this if preferred.
https://bugs.winehq.org/show_bug.cgi?id=35367
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rosen.diankov@gmail.com
--- Comment #5 from Zebediah Figura z.figura12@gmail.com --- *** Bug 33749 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=35367
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.0-rc1.
https://bugs.winehq.org/show_bug.cgi?id=35367
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.tracker-software |https://web.archive.org/web |.com/product/pdf-xchange-ed |/20180727144403/http://down |itor/download |loads.pdf-xchange.com/PDFXV | |E5.zip
-
wine-bugs@winehq.org -
WineHQ Bugzilla