[Bug 27282] TDRABCSetup.exe hang on start up (GetWindowText uses SendMessage to query for process' local window title text, leading to potential deadlock)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Jan 14 05:03:58 CST 2012 

http://bugs.winehq.org/show_bug.cgi?id=27282

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |user32
            Summary|TDRABCSetup.exe hang on     |TDRABCSetup.exe hang on
                   |start up                    |start up (GetWindowText
                   |                            |uses SendMessage to query
                   |                            |for process' local window
                   |                            |title text, leading to
                   |                            |potential deadlock)
     Ever Confirmed|0                           |1

--- Comment #5 from Anastasius Focht <focht at gmx.net> 2012-01-14 05:03:58 CST ---
Hello,

confirming.

It seems the installer looks for specific processes using window title match.

A second worker thread is spawned that calls FindWindow() and while the main
thread waits for the worker to finish (without pumping messages).

Although the installer doesn't explicitly create a window up to this point, a
hidden window has already been created as part of OLE init.

Wine's current FindWindow -> window list -> GetWindowText() logic uses
SendMessage() if the window is created in same process.
This deadlocks here because the main thread is blocked, not pumping messages.

Relevant part of trace log:

--- snip ---
0024:Starting process L"Z:\\home\\focht\\Downloads\\TDRABCSetup.exe"
(entryproc=0x403542)
0024:Call comctl32.InitCommonControls() ret=00403567
0024:Ret  comctl32.InitCommonControls() retval=68754b05 ret=00403567
0024:Call KERNEL32.SetErrorMode(00008001) ret=00403572
0024:Ret  KERNEL32.SetErrorMode() retval=00000000 ret=00403572
0024:Call ole32.OleInitialize(00000000) ret=00403579 
...
0024:Call user32.CreateWindowExW(00000000,7062df00 L"OleMainThreadWndClass
0x########
",00000000,00000000,00000000,00000000,00000000,00000000,fffffffd,00000000,70540000,00000000)
ret=7055e6f6 
...
0024:Ret  user32.CreateWindowExW() retval=00060052 ret=7055e6f6 
...
0024:Call KERNEL32.LoadLibraryExW(0040e0b0
L"C:\\users\\focht\\Temp\\nsm3ed0.tmp\\Plugin_ABC.dll",00000000,00000008)
ret=0040218b 
...
0024:Ret  KERNEL32.LoadLibraryExW() retval=00370000 ret=0040218b 
...
0024:CALL
Plugin_ABC.CloseGarbageWindows(00000000,00002004,00471000,0040a0a0,0040a000)
ret=004021d8 
...
0024:Call
KERNEL32.CreateThread(00000000,00000000,00372160,00000000,00000000,00000000)
ret=00372222
0024:Ret  KERNEL32.CreateThread() retval=00000044 ret=00372222
0024:Call KERNEL32.WaitForSingleObject(00000044,ffffffff) ret=0037222b 
...
0025:Starting thread proc 0x372160 (arg=(nil))
0025:Call KERNEL32.GetSystemDefaultLangID() ret=00372167
0025:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=00372167
0025:Call user32.FindWindowW(00000000,00376438 L"Internet Banking of
Agricultural Bank of China") ret=003721ae 

<deadlock here>
--- snip ---

Nice how they call their own stuff "garbage windows" ;-)

Debugger, creation of hidden window:

--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x682755cf WIN_CreateWindowEx+0x719(cs=0x33f98c,
className="OleMainThreadWndClass 0x######## ", module=0x68850000, unicode=0x1)
[/home/focht/projects/wine/wine-git/include/winbase.h:2540] in user32
(0x0033f974)
  1 0x68276413 CreateWindowExW+0x7d(exStyle=0, className="OleMainThreadWndClass
0x######## ", windowName=0x0(nil), style=0, x=0, y=0, width=0, height=0,
parent=0xfffffffd, menu=(nil), instance=0x68850000, data=0x0(nil))
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1583] in user32
(0x0033f9c4)
  2 0x688696f6 apartment_createwindowifneeded+0x9c(apt=0x12a750)
[/home/focht/projects/wine/wine-git/dlls/ole32/compobj.c:1195] in ole32
(0x0033fa34)
  3 0x68867760 apartment_get_or_create+0xff(model=0x2)
[/home/focht/projects/wine/wine-git/dlls/ole32/compobj.c:391] in ole32
(0x0033fa84)
  4 0x68869ea8 CoInitializeEx+0x19d(lpReserved=0x0(nil), dwCoInit=0x2)
[/home/focht/projects/wine/wine-git/dlls/ole32/compobj.c:1443] in ole32
(0x0033faf4)
  5 0x68894fdc OleInitialize+0x76(reserved=0x0(nil))
[/home/focht/projects/wine/wine-git/dlls/ole32/ole2.c:185] in ole32
(0x0033fb54)
Wine-dbg>info locals
0x682755cf WIN_CreateWindowEx+0x719: (0033f974)
    CREATESTRUCTW* cs=0x33f98c (parameterEBP)
    LPCWSTR className="OleMainThreadWndClass 0x######## " (parameterEBP)
    HINSTANCE module=0x68850000 (parameterEBP)
...
    HWND hwnd=0x2002c (localEBP)
    HWND parent=0x20034 (localEBP)
    HWND owner=(nil) (localEBP)
    HWND top_child=(nil) (localEBP)
    MDICREATESTRUCTW mdi_cs={szClass=0x0(nil), szTitle=0x0(nil), hOwner=(nil),
x=0, y=0, cx=0, cy=0, style=0, lParam=0} (localEBP)
    CBT_CREATEWNDW cbtc={lpcs=(nil), hwndInsertAfter=(nil)} (localEBP)
    CREATESTRUCTW cbcs={lpCreateParams=0x0(nil), hInstance=(nil), hMenu=(nil),
hwndParent=(nil), cy=0, cx=0, y=0, x=0, style=0, lpszName=0x0(nil),
lpszClass=0x0(nil), dwExStyle=0} (localEBP)
    DWORD ret=0x24 (localEBP)
--- snip ---

Debugger, synchronous send message call to blocked main thread:

--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x68284ec3 send_message(info=0xe1e940, res_ptr=0xe1e96c, unicode=0x1)
[/home/focht/projects/wine/wine-git/dlls/user32/message.c:3064] in user32
(0x00e1e978)
  1 0x682b685d GetWindowTextW+0x4e(hwnd=0x2002c, lpString="", nMaxCount=0x30)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:2552] in user32
(0x00e1e998)
  2 0x682b4b1b FindWindowExW+0x15f(parent=(nil), child=(nil),
className=0x0(nil), title="Internet Banking of Agricultural Bank of China")
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1775] in user32
(0x00e1e9d8)
  3 0x682b4e05 FindWindowW+0x33(className=0x0(nil), title="Internet Banking of
Agricultural Bank of China")
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1843] in user32
(0x00e1e9f8)
  4 0x003421ae in plugin_abc (+0x21ad) (0x682b4dd1)
--- snip ---

Source:
http://source.winehq.org/git/wine.git/blob/8f565eb6ae2663e2ef11342e85ce1cada1f6404c:/dlls/user32/win.c#l2544

--- snip ---
2547 INT WINAPI GetWindowTextW( HWND hwnd, LPWSTR lpString, INT nMaxCount )
2548 {
2549     if (!lpString) return 0;
2550 
2551     if (WIN_IsCurrentProcess( hwnd ))
2552         return (INT)SendMessageW( hwnd, WM_GETTEXT, nMaxCount,
(LPARAM)lpString );
2553 
2554     /* when window belongs to other process, don't send a message */
2555     if (nMaxCount <= 0) return 0;
2556     get_server_window_text( hwnd, lpString, nMaxCount );
2557     return strlenW(lpString);
2558 }
--- snip ---

$ sha1sum TDRABCSetup.exe 
07f5d29a22ac01ab4eebf6779001dc6794028066  TDRABCSetup.exe

$ wine --version
wine-1.3.37

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list