[Bug 32859] Mathematica 8 and Windowscodecs (WIC) installer reliably crash with heap corruption or livelock in libX11
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Apr 14 16:37:37 CDT 2013
http://bugs.winehq.org/show_bug.cgi?id=32859
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
URL| |http://download.microsoft.c
| |om/download/f/f/1/ff178bb1-
| |da91-48ed-89e5-478a99387d4f
| |/wic_x86_enu.exe
CC| |focht at gmx.net
Summary|Mathematica 8/windowscodecs |Mathematica 8 and
|installer occasionally |Windowscodecs (WIC)
|crash on startup in libX11 |installer reliably crash
| |with heap corruption or
| |livelock in libX11
Ever Confirmed|0 |1
--- Comment #3 from Anastasius Focht <focht at gmx.net> 2013-04-14 16:37:37 CDT ---
Hello folks,
confirming still present.
Unfortunately 'winetricks windowscodecs' now crashes in 99% of cases with heap
corruption or just livelocks with 100% cpu usage.
The reason is most likely attributed to the removal of "big" x11 lock.
The installer tries to create two windows at the same time from different
threads, a custom property sheet and a message box (to show an error).
The error message box is shown because the installer now detects Wine's builtin
windowscodecs component to be up-to-date and refuses to install native
components over (unless they are removed, e.g. 'rm -rf
.wine/drive_c/windows/system32/windowscodecs*').
When the installer livelocks, winedbg shows the following threads:
--- snip ---
0000002d (D) Z:\home\focht\Downloads\wic\update\update.exe
00000030 1
0000002f 0
0000002e 0 <==
--- snip ---
Thread that creates the property sheet:
--- snip ---
Wine-dbg>bt 0x30
Backtrace:
=>0 0x7dcf1640 in libx11.so.6 (+0x4b640) (0x7e42ecf8)
1 0x7dcf1b60 _XlcOpenConverter+0x13f() in libx11.so.6 (0x7d41f320)
2 0x7dcf8703 _Xlcmbstowcs+0x52() in libx11.so.6 (0x7d41f6ac)
3 0x7dcf88b4 _Xmbstowcs+0x33() in libx11.so.6 (0x7d383008)
4 0x7dd0e3f8 _XimParseStringFile+0x657() in libx11.so.6 (0x7d383008)
5 0x7dd0c837 _XimLocalOpenIM+0x446() in libx11.so.6 (0x7d41ed00)
6 0x7dd0ac83 _XimOpenIM+0x162() in libx11.so.6 (0x7d41ed00)
7 0x7dcef6fc XOpenIM+0x4b() in libx11.so.6 (0x0082db98)
8 0x7de9faf6 open_xim+0x4b(display=0x7d411cb0)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:343] in winex11
(0x0082db98)
9 0x7dea0413 X11DRV_SetupXIM+0x24()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:462] in winex11
(0x0082dbd8)
10 0x7de9b599 x11drv_init_thread_data+0x208()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv_main.c:677] in
winex11 (0x0082dc28)
11 0x7de8e2db thread_init_display+0xa()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv.h:351] in winex11
(0x0082dc38)
12 0x7de93358 X11DRV_create_win_data+0xa0(hwnd=0x60020, window_rect=0x82dfe4,
client_rect=0x82dfe4)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:1786] in winex11
(0x0082dca8)
13 0x7de9410c X11DRV_WindowPosChanging+0x67(hwnd=<couldn't compute location>,
insert_after=<couldn't compute location>, swp_flags=<couldn't compute
location>, window_rect=<couldn't compute location>, client_rect=<couldn't
compute location>, visible_rect=<couldn't compute location>, surface=<couldn't
compute location>)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:2112] in winex11
(0x0082dd28)
14 0x7eb5fc87 set_window_pos+0xb9(hwnd=0x60020, insert_after=(nil),
swp_flags=0x14, window_rect=0x82dfe4, client_rect=0x82dfe4, valid_rects=(nil))
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2050] in user32
(0x0082de58)
15 0x7eb54375 WIN_CreateWindowEx+0xd5d(cs=0x82e0b0, className=*** invalid
address 0x8002 ***, module=(nil), unicode=0x1)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1573] in user32
(0x0082e098)
16 0x7eb54c30 CreateWindowExW+0x8d(exStyle=0x10001, className=*** invalid
address 0x8002 ***, windowName="Wizard", style=0x80c800c4, x=0, y=0x1f,
width=0x1b9, height=0x11b, parent=(nil), menu=(nil), instance=(nil),
data=0x0(nil)) [/home/focht/projects/wine/wine-git/dlls/user32/win.c:1743] in
user32 (0x0082e0e8)
17 0x7eae2173 DIALOG_CreateIndirect+0x825(hInst=(nil), dlgTemplate=0x58c630,
owner=(nil), dlgProc=0x7ec7a188, param=0x58c4c8, unicode=0x1, modal=0)
[/home/focht/projects/wine/wine-git/dlls/user32/dialog.c:632] in user32
(0x0082e438)
18 0x7eae28dd CreateDialogIndirectParamAorW+0x45(hInst=(nil),
dlgTemplate=0x58c5f0, owner=(nil), dlgProc=0x7ec7a188, param=0x58c4c8, flags=0)
[/home/focht/projects/wine/wine-git/dlls/user32/dialog.c:763] in user32
(0x0082e468)
19 0x7eae298a CreateDialogIndirectParamW+0x4c(hInst=<couldn't compute
location>, dlgTemplate=<couldn't compute location>, owner=<couldn't compute
location>, dlgProc=<couldn't compute location>, param=<couldn't compute
location>) [/home/focht/projects/wine/wine-git/dlls/user32/dialog.c:781] in
user32 (0x0082e498)
20 0x7ec730c4 PROPSHEET_CreateDialog+0x269(psInfo=0x58c4c8)
[/home/focht/projects/wine/wine-git/dlls/comctl32/propsheet.c:674] in comctl32
(0x0082e4f8)
21 0x7ec7892b PROPSHEET_PropertySheet+0xe3(psInfo=0x58c4c8, unicode=0x1)
[/home/focht/projects/wine/wine-git/dlls/comctl32/propsheet.c:2766] in comctl32
(0x0082e538)
22 0x7ec78d6c PropertySheetW+0x1f9(lppsh=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/comctl32/propsheet.c:2862] in comctl32
(0x0082e5a8)
23 0x01045ffc in update (+0x45ffb) (0x0082e9e8)
24 0x01043918 in update (+0x43917) (0x0082ea18)
--- snip ---
Thread that creates the error message box (at the same time):
--- snip ---
Wine-dbg>bt 0x2f
Backtrace:
=>0 0x7dcf164d in libx11.so.6 (+0x4b64d) (0x7e42ecf8)
1 0x7dcf1b60 _XlcOpenConverter+0x13f() in libx11.so.6 (0x7d20fc28)
2 0x7dcf8703 _Xlcmbstowcs+0x52() in libx11.so.6 (0x7d216391)
3 0x7dcf88b4 _Xmbstowcs+0x33() in libx11.so.6 (0x7d512008)
4 0x7dd0e3f8 _XimParseStringFile+0x657() in libx11.so.6 (0x7d512008)
5 0x7dd0c837 _XimLocalOpenIM+0x446() in libx11.so.6 (0x7d201068)
6 0x7dd0ac83 _XimOpenIM+0x162() in libx11.so.6 (0x7d201068)
7 0x7dcef6fc XOpenIM+0x4b() in libx11.so.6 (0x0072e218)
8 0x7de9faf6 open_xim+0x4b(display=0x7d202af0)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:343] in winex11
(0x0072e218)
9 0x7dea0413 X11DRV_SetupXIM+0x24()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:462] in winex11
(0x0072e258)
10 0x7de9b599 x11drv_init_thread_data+0x208()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv_main.c:677] in
winex11 (0x0072e2a8)
11 0x7de8e2db thread_init_display+0xa()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv.h:351] in winex11
(0x0072e2b8)
12 0x7de93358 X11DRV_create_win_data+0xa0(hwnd=0x5005c, window_rect=0x72e664,
client_rect=0x72e664)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:1786] in winex11
(0x0072e328)
13 0x7de9410c X11DRV_WindowPosChanging+0x67(hwnd=<couldn't compute location>,
insert_after=<couldn't compute location>, swp_flags=<couldn't compute
location>, window_rect=<couldn't compute location>, client_rect=<couldn't
compute location>, visible_rect=<couldn't compute location>, surface=<couldn't
compute location>)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:2112] in winex11
(0x0072e3a8)
14 0x7eb5fc87 set_window_pos+0xb9(hwnd=0x5005c, insert_after=(nil),
swp_flags=0x14, window_rect=0x72e664, client_rect=0x72e664, valid_rects=(nil))
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2050] in user32
(0x0072e4d8)
15 0x7eb54375 WIN_CreateWindowEx+0xd5d(cs=0x72e940,
className="UpdateShutDownWindowClass", module=0x1000000, unicode=0)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1573] in user32
(0x0072e718)
16 0x7eb54b6f CreateWindowExA+0xdd(exStyle=<couldn't compute location>,
className=<couldn't compute location>, windowName=<couldn't compute location>,
style=<couldn't compute location>, x=<couldn't compute location>, y=<couldn't
compute location>, width=<couldn't compute location>, height=<couldn't compute
location>, parent=<couldn't compute location>, menu=<couldn't compute
location>, instance=<couldn't compute location>, data=<couldn't compute
location>) [/home/focht/projects/wine/wine-git/dlls/user32/win.c:1711] in
user32 (0x0072e988)
17 0x01074a2a in update (+0x74a29) (0x0072ea18)
18 0x7bc7f670 call_thread_func_wrapper+0xb() in ntdll (0x0072ea28)
19 0x7bc7f6b9 call_thread_func+0x3e(entry=0x10749a8, arg=0x32c144,
frame=0x72eb28)
[/home/focht/projects/wine/wine-git/dlls/ntdll/signal_i386.c:2567] in ntdll
(0x0072eb08)
20 0x7bc7f64e call_thread_entry_point+0x11() in ntdll (0x0072eb28)
21 0x7bc86b24 start_thread+0x167(info=0x7ffd4fb8)
[/home/focht/projects/wine/wine-git/dlls/ntdll/thread.c:415] in ntdll
(0x0072f368)
22 0xf7599cd3 start_thread+0xc2() in libpthread.so.0 (0x0072f468)
--- snip ---
For completeness the third thread (unrelated):
--- snip ---
Wine-dbg>bt 0x2e
Backtrace:
=>0 0xf773c42e __kernel_vsyscall+0xe() in [vdso].so (0x0032b728)
1 0xf75a085b __libc_read+0x4a() in libpthread.so.0 (0x0032b728)
2 0x7bc82955 wait_reply+0x33(cookie=0x32b90c)
[/home/focht/projects/wine/wine-git/dlls/ntdll/sync.c:807] in ntdll
(0x0032b728)
3 0x7bc839e9 NTDLL_wait_for_multiple_objects+0x1e5(count=0x2,
handles=0x32b9d0, flags=0x4, timeout=(nil), signal_object=0x0(nil))
[/home/focht/projects/wine/wine-git/dlls/ntdll/sync.c:1123] in ntdll
(0x0032b948)
4 0x7bc83ad8 NtWaitForMultipleObjects+0x72(count=0x2, handles=0x32b9d0,
wait_all=0, alertable=0, timeout=(nil))
[/home/focht/projects/wine/wine-git/dlls/ntdll/sync.c:1161] in ntdll
(0x0032b998)
5 0x7b876128 WaitForMultipleObjectsEx+0x142(count=<couldn't compute
location>, handles=<couldn't compute location>, wait_all=<couldn't compute
location>, timeout=<couldn't compute location>, alertable=<couldn't compute
location>) [/home/focht/projects/wine/wine-git/dlls/kernel32/sync.c:188] in
kernel32 (0x0032baf8)
6 0x7b875fd6 WaitForMultipleObjects+0x45(count=<couldn't compute location>,
handles=<couldn't compute location>, wait_all=<couldn't compute location>,
timeout=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/kernel32/sync.c:148] in kernel32
(0x0032bb38)
7 0x01043a5d in update (+0x43a5c) (0x0032bb6c)
8 0x01054781 in update (+0x54780) (0x0032f20c)
9 0x0104950e in update (+0x4950d) (0x0032fd7c)
--- snip ---
Another case is heap corruption.
When you remove Wine's placeholder windowscodecs dlls, the installer crashes
with heap corruption most of the time:
--- snip ---
*** glibc detected *** ./update: double free or corruption (!prev): 0x7df15d58
***
======= Backtrace: =========
/lib/libc.so.6(+0x4c7529f2)[0xf74b29f2]
/lib/libc.so.6(+0x4c753b48)[0xf74b3b48]
/usr/lib/libX11.so.6(_XlcDestroyLocaleDataBase+0x84)[0x7dcf9274]
/usr/lib/libX11.so.6(+0x4e8bc0fa)[0x7dcfe0fa]
/usr/lib/libX11.so.6(_XCloseLC+0x7c)[0x7dd05bbc]
/usr/lib/libX11.so.6(_XlcCurrentLC+0x37)[0x7dd05c07]
/usr/lib/libX11.so.6(_Xlcmbstowcs+0xfd)[0x7dcfe7ad]
/usr/lib/libX11.so.6(_Xmbstowcs+0x34)[0x7dcfe8b4]
/usr/lib/libX11.so.6(_XimParseStringFile+0x658)[0x7dd143f8]
/usr/lib/libX11.so.6(_XimLocalOpenIM+0x447)[0x7dd12837]
/usr/lib/libX11.so.6(_XimOpenIM+0x163)[0x7dd10c83]
/usr/lib/libX11.so.6(XOpenIM+0x4c)[0x7dcf56fc]
Unhandled exception: assertion failed in 32-bit code (0xf7794430).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:f7794430 ESP:0033b5d4 EBP:0033bda8 EFLAGS:00000296( - -- I S -A-P- )
EAX:00000000 EBX:00006ac3 ECX:00006ac3 EDX:00000006
ESI:00000000 EDI:f75e6ff4
Stack dump:
0x0033b5d4: 0033bda8 00000006 00006ac3 f746998f
0x0033b5e4: f75e6ff4 0033b710 f746b2d5 00000006
0x0033b5f4: 0033b690 00000000 f77704d8 00000000
0x0033b604: 00000061 f762d1a8 f753f2d9 00000000
0x0033b614: 00000054 00000006 f7528cf2 00000000
0x0033b624: 00000000 00000008 0033b694 f75e6ff4
000c: sel=0067 base=00000000 limit=00000000 32-bit r-x
Backtrace:
=>0 0xf7794430 __kernel_vsyscall+0x10() in [vdso].so (0x0033bda8)
1 0xf746998f gsignal+0x4e() in libc.so.6 (0x0033bda8)
2 0xf746b2d5 abort+0x174() in libc.so.6 (0x0033bda8)
3 0xf74abb0a __libc_message+0x2e9() in libc.so.6 (0x0033bda8)
4 0xf74b29f2 malloc_printerr+0xd1() in libc.so.6 (0xf75e73e0)
5 0xf74b3b48 _int_free+0x767() in libc.so.6 (0xf75e73e0)
6 0x7dcf9274 _XlcDestroyLocaleDataBase+0x83() in libx11.so.6 (0x00000000)
7 0x7dcfe0fa in libx11.so.6 (+0x520f9) (0x7dc1b63d)
8 0x7dd05bbc _XCloseLC+0x7b() in libx11.so.6 (0x7dc1b63d)
9 0x7dd05c07 _XlcCurrentLC+0x36() in libx11.so.6 (0x7dc1b63d)
10 0x7dcfe7ad _Xlcmbstowcs+0xfc() in libx11.so.6 (0x7dc1b63d)
11 0x7dcfe8b4 _Xmbstowcs+0x33() in libx11.so.6 (0x7db952b0)
12 0x7dd143f8 _XimParseStringFile+0x657() in libx11.so.6 (0x7db952b0)
13 0x7dd12837 _XimLocalOpenIM+0x446() in libx11.so.6 (0x7db94ac0)
14 0x7dd10c83 _XimOpenIM+0x162() in libx11.so.6 (0x7db94ac0)
15 0x7dcf56fc XOpenIM+0x4b() in libx11.so.6 (0x0033e708)
--- snip ---
The win_data critical section is tied to window objects hence not all
multi-threaded requests to x11 input methods API (XOpenIM) are serialized.
Interestingly Wine's input method code still has a comment about the big x11
lock:
Source:
http://source.winehq.org/git/wine.git/blob/563ed3abde5f74a9af79c905ffe1fe0b869e96e8:/dlls/winex11.drv/xim.c#l329
--- snip ---
329 /***********************************************************************
330 * X11DRV Ime creation
331 *
332 * Should always be called with the x11 lock held
333 */
334 static BOOL open_xim( Display *display )
--- snip ---
Which is exactly the place where both threads make the call at the same time.
$ wine --version
wine-1.5.28
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list