[Bug 43930] iCopy 1.6.x (.NET 2.0 app) crashes on startup (IWiaDevMgr:: SelectDeviceDlg DeviceID pointer parameter can be NULL, needs be declared 'unique' for RPC marshalling)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Oct 29 08:45:25 CDT 2017
https://bugs.winehq.org/show_bug.cgi?id=43930
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|-unknown |wia
CC| |focht at gmx.net
Summary|iCopy will not load |iCopy 1.6.x (.NET 2.0 app)
| |crashes on startup
| |(IWiaDevMgr::SelectDeviceDl
| |g DeviceID pointer
| |parameter can be NULL,
| |needs be declared 'unique'
| |for RPC marshalling)
--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
The initial report is Wine-Mono specific.
Targeting the more interesting bug with native MS .NET Framework here.
The app makes use of WIA service (out-of-proc COM server).
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/iCopy
$ WINEDEBUG=+tid,+seh,+relay,+wia,+sti,+ole,+variant,+rpc wine ./iCopy.exe
>>log.txt 2>&1
...
002d:Call
rpcrt4.NdrProxyInitialize(0018e18c,0033ee08,0033eee8,7d4dade0,00000005)
ret=7d4d3184
002d:trace:ole:NdrProxyInitialize (0x18e18c,0x33ee08,0x33eee8,0x7d4dade0,5)
002d:trace:rpc:NdrClientInitializeNew (pRpcMessage == ^0x33ee08, pStubMsg ==
^0x33eee8, pStubDesc == ^0x7d4dade0, ProcNum == 5)
002d:trace:ole:StdProxy_GetChannel (0x18e188)->GetChannel(0x33ef6c) IWiaDevMgr
002d:trace:ole:ClientRpcChannelBuffer_GetDestCtx (0x33ef5c,0x33ef60)
002d:trace:ole:NdrProxyInitialize channel=0x18ec90
002d:Ret rpcrt4.NdrProxyInitialize() retval=00000033 ret=7d4d3184
002d:Call rpcrt4.RpcRaiseException(000006f4) ret=7d4d319d
002d:Call KERNEL32.RaiseException(000006f4,00000000,00000000,00000000)
ret=7e64d04f
002d:trace:seh:raise_exception code=6f4 flags=0 addr=0x7b44647b ip=7b44647b
tid=002d
002d:trace:seh:raise_exception eax=7b434c05 ebx=0033efe4 ecx=0033ed30
edx=00000000 esi=0033ed80 edi=0033ed40
002d:trace:seh:raise_exception ebp=0033ed18 esp=0033ecb4 cs=330023 ds=002b
es=7bd0002b fs=0063 gs=33006b flags=00200216
002d:trace:seh:call_stack_handlers calling handler at 0x7d4d2238 code=6f4
flags=0
002d:trace:seh:__regs_RtlUnwind code=6f4 flags=2
002d:trace:seh:__regs_RtlUnwind eax=00000000 ebx=7d4d21cd ecx=0033ecc0
edx=0033ecc0 esi=0033ee34 edi=7d4d21cd
002d:trace:seh:__regs_RtlUnwind ebp=0033e818 esp=0033e7e8 eip=7d4d9bed cs=0023
ds=002b fs=0063 gs=006b flags=00200206
002d:trace:seh:__regs_RtlUnwind calling handler at 0x7bc8e5be code=6f4 flags=2
002d:trace:seh:__regs_RtlUnwind handler at 0x7bc8e5be returned 1
...
002d:warn:ole:NdrProxyErrorHandler (0x000006f4): a proxy call failed
002d:Ret rpcrt4.NdrProxyErrorHandler() retval=800706f4 ret=7d4d3521
002d:Call
KERNEL32.FormatMessageW(00001300,00000000,800706f4,00000400,0033baa8,00000000,00000000)
ret=0384e197
002d:Ret KERNEL32.FormatMessageW() retval=00000019 ret=0384e197
...
002d:trace:ole:ICreateErrorInfoImpl_SetSource (0x18d8e0): L"WIA.CommonDialog.1"
...
002d:trace:ole:ICreateErrorInfoImpl_SetDescription (0x18d8e0): L"Null reference
pointer.\r\n"
...
002d:Call msvcr80._CxxThrowException(0033efe8,79f9acc4) ret=79f97365
002d:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,0033ef24)
ret=7e846dbb
002d:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b44647b
ip=7b44647b tid=002d
002d:trace:seh:raise_exception info[0]=19930520
002d:trace:seh:raise_exception info[1]=0033efe8
002d:trace:seh:raise_exception info[2]=79f9acc4
002d:trace:seh:raise_exception eax=7b434c05 ebx=0018f868 ecx=0000000c
edx=0033ee74 esi=0033ef20 edi=0033eee0
002d:trace:seh:raise_exception ebp=0033eeb8 esp=0033ee54 cs=0023 ds=002b
es=33002b fs=7e890063 gs=33006b flags=00200212
002d:trace:seh:call_stack_handlers calling handler at 0x79f9ab98 code=e06d7363
flags=1
002d:trace:seh:call_stack_handlers handler at 0x79f9ab98 returned 1
002d:trace:seh:call_stack_handlers calling handler at 0x79f9ac4c code=e06d7363
flags=1
002d:trace:seh:call_stack_handlers handler at 0x79f9ac4c returned 1
002d:trace:seh:call_stack_handlers calling handler at (nil) code=e06d7363
flags=1
002d:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=002d
002d:trace:seh:raise_exception info[0]=00000000
002d:trace:seh:raise_exception info[1]=00000000
002d:trace:seh:raise_exception eax=0033ea6c ebx=00000023 ecx=00000000
edx=7bc8e5be esi=0000002b edi=0033002b
002d:trace:seh:raise_exception ebp=0033ea18 esp=0033e9ec cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210216
002d:trace:seh:call_stack_handlers calling handler at 0x7bc8e5be code=c0000005
flags=0
002d:trace:seh:call_stack_handlers handler at 0x7bc8e5be returned 2
002d:trace:seh:call_stack_handlers calling handler at 0x79f9ab98 code=c0000005
flags=10
002d:trace:seh:call_stack_handlers handler at 0x79f9ab98 returned 1
...
<exception recursion, leading to stack overflow>
--- snip ---
0x000006f4 -> RPC_X_NULL_REF_POINTER
--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x7d4d2081 IWiaDevMgr_SelectDeviceDlg_Proxy(This=0x1b3424,
hwndParent=(nil), lDeviceType=0x1, lFlags=0x1, pbstrDeviceID=(nil),
ppItemRoot=0x33f020)
[/home/focht/projects/wine/wine.repo/build-x86/dlls/sti/sti_wia_p.c:510] in sti
(0x0033f008)
1 0x79f21268 in mscorwks (+0xb1267) (0x0033f118)
2 0x0037af9a (0x0033f154)
3 0x0376344d (0x0033f1a8)
4 0x037632ae (0x0033f340)
5 0x79e88f63 in mscorwks (+0x18f62) (0x0033f350)
6 0x79e88ee4 in mscorwks (+0x18ee3) (0x0033f3d0)
7 0x79e88e31 in mscorwks (+0x18e30) (0x0033f510)
8 0x79e88d19 in mscorwks (+0x18d18) (0x0033f5e4)
9 0x00383340 (0x00383198)
10 0x0020000a (0x0906002d)
...
Wine-dbg>l
521 if (!pbstrDeviceID) RpcRaiseException(RPC_X_NULL_REF_POINTER);
522 if (!ppItemRoot) RpcRaiseException(RPC_X_NULL_REF_POINTER);
523 RpcTryFinally
524 {
525 __frame->_StubMsg.BufferLength = 16;
526 NdrUserMarshalBufferSize(
527 &__frame->_StubMsg,
528 (unsigned char *)&hwndParent,
529 (PFORMAT_STRING)&__MIDL_TypeFormatString.Format[104]);
530
531 NdrUserMarshalBufferSize(
--- snip ---
https://msdn.microsoft.com/en-us/library/windows/desktop/ms630148(v=vs.85).aspx
--- quote ---
pbstrDeviceID [in, out]
Type: BSTR*
On output, receives a string which contains the device's identifier string.
On input, pass the address of a pointer if this information is needed, or NULL
if it is not needed.
--- quote ---
Wine generated 'sti_wia_p.c':
--- snip ---
...
HRESULT STDMETHODCALLTYPE IWiaDevMgr_SelectDeviceDlg_Proxy(
IWiaDevMgr* This,
HWND hwndParent,
LONG lDeviceType,
LONG lFlags,
BSTR *pbstrDeviceID,
IWiaItem **ppItemRoot)
{
struct __proxy_frame __f, * const __frame = &__f;
HRESULT _RetVal;
RPC_MESSAGE _RpcMessage;
RpcExceptionInit( __proxy_filter,
__finally_IWiaDevMgr_SelectDeviceDlg_Proxy );
__frame->This = This;
if (ppItemRoot) MIDL_memset( ppItemRoot, 0, sizeof( *ppItemRoot ));
RpcTryExcept
{
NdrProxyInitialize(This, &_RpcMessage, &__frame->_StubMsg,
&Object_StubDesc, 5);
if (!pbstrDeviceID) RpcRaiseException(RPC_X_NULL_REF_POINTER);
if (!ppItemRoot) RpcRaiseException(RPC_X_NULL_REF_POINTER);
RpcTryFinally
{
...
--- snip ---
By default, pointer parameters are treated as "ref" pointers (passed by
reference) which can't be NULL hence the code:
-> "if (!pbstrDeviceID) RpcRaiseException(RPC_X_NULL_REF_POINTER);"
Wine source:
https://source.winehq.org/git/wine.git/blob/17d43ef54e4eaaa549fba0b8aed4a816b42c7154:/include/wia_xp.idl#l30
--- snip ---
30 cpp_quote("DEFINE_GUID(CLSID_WiaDevMgr,
0xa1f4e726,0x8cf1,0x11d1,0xbf,0x92,0x00,0x60,0x08,0x1e,0xd8,0x11);")
31
32 [
33 object,
34 uuid(5eb2502a-8cf1-11d1-bf92-0060081ed811)
35 ]
36 interface IWiaDevMgr : IUnknown
37 {
38 HRESULT EnumDeviceInfo(
39 [in] LONG lFlag,
40 [retval, out] IEnumWIA_DEV_INFO **ppIEnum);
41
42 HRESULT CreateDevice(
43 [in] BSTR bstrDeviceID,
44 [out] IWiaItem **ppWiaItemRoot);
45
46 HRESULT SelectDeviceDlg(
47 [in] HWND hwndParent,
48 [in] LONG lDeviceType,
49 [in] LONG lFlags,
50 [in, out] BSTR *pbstrDeviceID,
51 [retval, out] IWiaItem **ppItemRoot);
...
--- snip ---
Declaring 'pbstrDeviceID' pointer parameter 'unique' results in following
generated 'sti_wia_p.c':
--- snip ---
...
HRESULT STDMETHODCALLTYPE IWiaDevMgr_SelectDeviceDlg_Proxy(
IWiaDevMgr* This,
HWND hwndParent,
LONG lDeviceType,
LONG lFlags,
BSTR *pbstrDeviceID,
IWiaItem **ppItemRoot)
{
struct __proxy_frame __f, * const __frame = &__f;
HRESULT _RetVal;
RPC_MESSAGE _RpcMessage;
RpcExceptionInit( __proxy_filter,
__finally_IWiaDevMgr_SelectDeviceDlg_Proxy );
__frame->This = This;
if (ppItemRoot) MIDL_memset( ppItemRoot, 0, sizeof( *ppItemRoot ));
RpcTryExcept
{
NdrProxyInitialize(This, &_RpcMessage, &__frame->_StubMsg,
&Object_StubDesc, 5);
if (!ppItemRoot) RpcRaiseException(RPC_X_NULL_REF_POINTER);
RpcTryFinally
{
__frame->_StubMsg.BufferLength = 16;
NdrUserMarshalBufferSize(
&__frame->_StubMsg,
(unsigned char *)&hwndParent,
(PFORMAT_STRING)&__MIDL_TypeFormatString.Format[104]);
...
--- snip ---
With that change applied, the .NET app now displays an error dialog with
managed exception backtrace instead:
--- snip ---
WIA Device count: 0
iCopy.exe Error: 0 : Exception caught.
iCopy.exe Error: 0 : System.NotImplementedException: The method or
operation is not implemented.
at WIA.CommonDialogClass.ShowSelectDevice(WiaDeviceType DeviceType, Boolean
AlwaysSelectDevice, Boolean CancelError)
at iCopy.appControl.changescanner(String deviceID)
at iCopy.appControl.CreateScanner(String deviceID)
at iCopy.appControl.Main(String[] sArgs)
--- snip ---
This is expected:
https://source.winehq.org/git/wine.git/blob/17d43ef54e4eaaa549fba0b8aed4a816b42c7154:/dlls/wiaservc/wiadevmgr.c#l207
--- snip ---
207 static HRESULT WINAPI wiadevmgr_SelectDeviceDlg(IWiaDevMgr *iface, HWND
hwndParent, LONG lDeviceType,
208 LONG lFlags, BSTR
*pbstrDeviceID, IWiaItem **ppItemRoot)
209 {
210 wiadevmgr *This = impl_from_IWiaDevMgr(iface);
211 FIXME("(%p, %p, %d, 0x%x, %p, %p): stub\n", This, hwndParent,
lDeviceType, lFlags, pbstrDeviceID, ppItemRoot);
212 return E_NOTIMPL;
213 }
--- snip ---
$ sha1sum iCopy1.6.2setup.exe
f02a0aa0883eb5d598eb9a75545a91508ca41802 iCopy1.6.2setup.exe
$ du -sh iCopy1.6.2setup.exe
868K iCopy1.6.2setup.exe
$ wine --version
wine-2.19-154-g17d43ef54e
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list