[Bug 30588] Houdini 12.x (3D animation tool) crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Fri May 4 06:17:02 CDT 2012 

http://bugs.winehq.org/show_bug.cgi?id=30588

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |user32
            Summary|Houdini: Segmentation fault |Houdini 12.x (3D animation
                   |at startup                  |tool) crashes on startup
     Ever Confirmed|0                           |1

--- Comment #2 from Anastasius Focht <focht at gmx.net> 2012-05-04 06:17:02 CDT ---
Hello,

confirming.
It seems the app inserts menu some items with text and bitmap and retrieves
them later.
On retrieval of menu items that have both, text and bitmap associated it
crashes at one point because data is accessed as string (bitmap type).

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Side Effects Software/Houdini
12.0.581/bin

$ WINEDEBUG=+tid,+seh,+menu wine ./hkey

003b:trace:menu:InsertMenuItemA hmenu 0x100ac, item 0000, by pos 1, info
0x441df54
003b:trace:menu:MENU_InsertItem inserting at 0 flags 400
003b:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from:  { ID=0x0
} 
003b:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to :  { ID=0x20,
State=check, Text=L"Always On Top", ItemData=0x000100a8 } 
003b:trace:menu:InsertMenuItemA hmenu 0x100ac, item 0001, by pos 1, info
0x441df54
003b:trace:menu:MENU_InsertItem inserting at 1 flags 400
003b:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from:  { ID=0x0
} 
003b:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to :  { ID=0x0,
fType=sep } 
003b:trace:menu:do_debug_print_menuitem GetMenuItemInfo_common:  { ID=0x20,
State=check, Text=L"Always On Top", ItemData=0x000100a8 } 
003b:trace:menu:do_debug_print_menuitem GetMenuItemInfo_common:  { ID=0x20,
State=check, Text=L"Always On Top", ItemData=0x000100a8 } 
003b:trace:menu:do_debug_print_menuitem GetMenuItemInfo_common:  { ID=0x0,
fType=sep } 
003b:trace:menu:do_debug_print_menuitem GetMenuItemInfo_common:  { ID=0xf120,
Text=L"&Restore", hbitmap=HBMMENU_POPUP_RESTORE } 
003b:trace:menu:do_debug_print_menuitem GetMenuItemInfo_common:  { ID=0xf120,
Text=L"&Restore", hbitmap=HBMMENU_POPUP_RESTORE } 
003b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7855b4c8
ip=7855b4c8 tid=003b
003b:trace:seh:raise_exception  info[0]=00000000
003b:trace:seh:raise_exception  info[1]=00000009
003b:trace:seh:raise_exception  eax=00000900 ebx=00000009 ecx=00000009
edx=00000009 esi=05b76740 edi=000100ac
003b:trace:seh:raise_exception  ebp=00000002 esp=0441df24 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
--- snip ---

Dump of last calls to GetMenuItemInfo() before returning to caller:

--- snip ---
Wine-dbg>p *lpmii
{cbSize=0x30, fMask=0x10, fType=0, fState=0, wID=0x20, hSubMenu=(nil),
hbmpChecked=(nil), hbmpUnchecked=(nil), dwItemData=0x40096,
dwTypeData=0x0(nil), cch=0xd, hbmpItem=(nil)}

Wine-dbg>p *lpmii
{cbSize=0x30, fMask=0x10, fType=0, fState=0, wID=0x20, hSubMenu=(nil),
hbmpChecked=(nil), hbmpUnchecked=(nil), dwItemData=0x40096, dwTypeData="Always
On Top", cch=0xd, hbmpItem=(nil)}

Wine-dbg>p *lpmii
{cbSize=0x30, fMask=0x10, fType=0x800, fState=0, wID=0x20, hSubMenu=(nil),
hbmpChecked=(nil), hbmpUnchecked=(nil), dwItemData=0x40096,
dwTypeData=0x0(nil), cch=0, hbmpItem=(nil)}

Wine-dbg>p *lpmii
{cbSize=0x30, fMask=0x10, fType=0x4, fState=0, wID=0x20, hSubMenu=(nil),
hbmpChecked=(nil), hbmpUnchecked=(nil), dwItemData=0x40096, dwTypeData=***
invalid address 0x9 ***, cch=0x8, hbmpItem=0x9}

Wine-dbg>p *lpmii
{cbSize=0x30, fMask=0x10, fType=0x4, fState=0, wID=0x20, hSubMenu=(nil),
hbmpChecked=(nil), hbmpUnchecked=(nil), dwItemData=0x40096, dwTypeData=***
invalid address 0x9 ***, cch=0x8, hbmpItem=0x9}
--- snip ---

The last one is accessed as "string" data, causing a page fault in strchr():

--- snip ---
003b:Call user32.GetMenuItemInfoA(000100ac,00000002,00000001,0441df54)
ret=05b8f0c8
003b:Ret  user32.GetMenuItemInfoA() retval=00000001 ret=05b8f0c8
003b:Call user32.GetMenuItemInfoA(000100ac,00000002,00000001,0441df54)
ret=05b8f078
003b:Ret  user32.GetMenuItemInfoA() retval=00000001 ret=05b8f078
003b:CALL MSVCR90.strchr(00000009,00000009) ret=05b8f085
003b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7855b4c8
ip=7855b4c8 tid=003b
003b:trace:seh:raise_exception  info[0]=00000000
003b:trace:seh:raise_exception  info[1]=00000009
003b:trace:seh:raise_exception  eax=00000900 ebx=00000009 ecx=00000000
edx=00000009 esi=05e66740 edi=000100ac
003b:trace:seh:raise_exception  ebp=00000002 esp=0441df24 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
003b:trace:seh:call_stack_handlers calling handler at 0x5b95f6c code=c0000005
flags=0
--- snip ---

0x0 = MFT_STRING
0x4 = MFT_BITMAP
0x800 = MFT_SEPARATOR

$ du -sh houdini-12.0.581-win32-vc9.exe 
218M    houdini-12.0.581-win32-vc9.exe

$ sha1sum houdini-12.0.581-win32-vc9.exe 
b475599d669d35b6af9016726f1ef933caaf92a4  houdini-12.0.581-win32-vc9.exe

$ wine --version
wine-1.5.3-143-g081b06c

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list