[Bug 25264] ExamXML crashes when opening an XML file

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Dec 20 11:52:52 CST 2011 

http://bugs.winehq.org/show_bug.cgi?id=25264

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |comctl32
     Ever Confirmed|0                           |1

--- Comment #4 from Anastasius Focht <focht at gmx.net> 2011-12-20 11:52:52 CST ---
Hello,

confirming, still present.
It seems the heap gets corrupted in treeview control.

There is some overly long treeview item text.
The "overwrite" pattern 0x20202024 looks like part of treeview item text.

--- snip ---
0023:trace:treeview:TREEVIEW_UpdateDispInfo resulting code 0xfffffe3c
0023:Call KERNEL32.LocalReAlloc(001600f0,00000104,00000042) ret=6835f96b
0023:Ret  KERNEL32.LocalReAlloc() retval=001600f0 ret=6835f96b
0023:trace:treeview:TREEVIEW_UpdateDispInfo returned wstr
L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"...,
len=260
0023:Call gdi32.SelectObject(000012b0,00001214) ret=683efbf3
0023:Ret  gdi32.SelectObject() retval=00001214 ret=683efbf3
0023:Call gdi32.GetTextExtentPoint32W(000012b0,001600f0
L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"...,000000a0,0032f550)
ret=683ef996
0023:Ret  gdi32.GetTextExtentPoint32W() retval=00000001 ret=683ef996 
...
0023:trace:treeview:TREEVIEW_WindowProc hwnd 0x500aa msg 0047 wp=00000000
lp=0032f428
0023:Call user32.DefWindowProcW(000500aa,00000047,00000000,0032f428)
ret=683fb197
0023:Call window proc 0x413ab0
(hwnd=0x500aa,msg=WM_SIZE,wp=00000000,lp=026302c7)
0023:Call user32.CallWindowProcW(683fa45e,000500aa,00000005,00000000,026302c7)
ret=00413b26
0023:Call window proc 0x683fa45e
(hwnd=0x500aa,msg=WM_SIZE,wp=00000000,lp=026302c7)
0023:Call user32.GetWindowLongW(000500aa,00000000) ret=683ee1cd
0023:Ret  user32.GetWindowLongW() retval=00147fb8 ret=683ee1cd
0023:trace:treeview:TREEVIEW_WindowProc hwnd 0x500aa msg 0005 wp=00000000
lp=026302c7
0023:trace:treeview:TREEVIEW_SetFirstVisible 0x14e508:
L"\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020\2020"...
0023:trace:treeview:TREEVIEW_GetVisibleCount client=611, item=18
0023:Call user32.GetSystemMetrics(00000014) ret=683f3ffa
0023:Ret  user32.GetSystemMetrics() retval=00000010 ret=683f3ffa
0023:Call user32.ShowScrollBar(000500aa,00000000,00000001) ret=683f4203
0023:Ret  user32.ShowScrollBar() retval=00000001 ret=683f4203
0023:Call user32.SetScrollInfo(000500aa,00000000,0032e900,00000001)
ret=683f4239
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc458e0
ip=7bc458e0 tid=0023
0023:trace:seh:raise_exception  info[0]=00000001
0023:trace:seh:raise_exception  info[1]=20202024
0023:trace:seh:raise_exception  eax=20202020 ebx=7bcc0084 ecx=000502b8
edx=20202020 esi=7ffdf000 edi=00000000
0023:trace:seh:raise_exception  ebp=0032e388 esp=0032e388 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010216
...
--- snip ---

Small debugging session, immediately before the corruption:

--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x684b301a GetTextExtentPoint32W(hdc=0x12b0,
str="åååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååååå",
count=0xa0, size=0x33f6cc)
[/home/focht/projects/wine/wine-git/dlls/gdi32/font.c:1005] in gdi32
(0x0033f6e4)
  1 0x683eac0f TREEVIEW_UpdateSubTree+0x111(infoPtr=0x1374e8, root=0x1622f0)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:998] in comctl32
(0x0033f714)
  2 0x683f03e6 TREEVIEW_Expand+0x280(infoPtr=0x1374e8, item=0x1569a0,
partial=0, user=0)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3391] in comctl32
(0x0033f7a4)
  3 0x683f0960 TREEVIEW_ExpandMsg+0x117(infoPtr=0x1374e8, flag=0x2,
item=0x1569a0)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3549] in comctl32
(0x0033f7f4)
  4 0x683f59f4 TREEVIEW_WindowProc+0x595(hwnd=0x50084, uMsg=0x1102, wParam=0x2,
lParam=0x1569a0)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:5621] in comctl32
(0x0033f854)
  5 0x7c77e2d2 WINPROC_wrapper+0x19() in user32 (0x0033f884)
  6 0x7c77e427 call_window_proc+0xcd(hwnd=0x50084, msg=0x1102, wp=0x2,
lp=0x1569a0, result=0x33f904, arg=0x683f545e)
[/home/focht/projects/wine/wine-git/dlls/user32/winproc.c:242] in user32
(0x0033f8d4)
  7 0x7c7809a1 CallWindowProcW+0x63(func=0x683f545e, hwnd=0x50084, msg=0x1102,
wParam=0x2, lParam=0x1569a0)
[/home/focht/projects/wine/wine-git/dlls/user32/winproc.c:980] in user32
(0x0033f914)
  8 0x00413b26 in examxmlpro (+0x13b25) (0x7c78093d)
Wine-dbg>c
Unhandled exception: page fault on write access to 0x20202024 in 32-bit code
(0x7bc458e0).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7bc458e0 ESP:0033f134 EBP:0033f134 EFLAGS:00010206(  R- --  I   - -P- )
 EAX:20202020 EBX:7bcc0084 ECX:0003b580 EDX:001100f8
 ESI:7ffdf000 EDI:0033f4c8
Stack dump:
0x0033f134:  0033f194 7bc49e2c 0014b448 00000128
0x0033f144:  0033f15c 0012c7d0 7c7b9690 7c7b9690
0x0033f154:  0033f174 7c76b5de 00110014 0033f488
0x0033f164:  0033f174 7bc3342f 6851b024 00000001
0x0033f174:  0014b440 7bc33e58 6851b024 0033f488
0x0033f184:  00110000 00000128 0012c7d0 7c7b9690
000c: sel=0067 base=00000000 limit=00000000 32-bit rw-
Backtrace:
=>0 0x7bc458e0 list_remove+0xe(elem=0x14b448)
[/home/focht/projects/wine/wine-git/include/wine/list.h:98] in ntdll
(0x0033f134)
  1 0x7bc49e2c RtlAllocateHeap+0x263(heap=0x110000, flags=0x2, size=0x123)
[/home/focht/projects/wine/wine-git/dlls/ntdll/heap.c:1699] in ntdll
(0x0033f194)
  2 0x7c74cb82 update_visible_region+0x6c(dce=0x1394c8)
[/home/focht/projects/wine/wine-git/dlls/user32/painting.c:123] in user32
(0x0033f294)
  3 0x7c74ebf7 GetDCEx+0x538(hwnd=0x20022, hrgnClip=(nil), flags=0x12)
[/home/focht/projects/wine/wine-git/dlls/user32/painting.c:1035] in user32
(0x0033f314)
  4 0x68b6b5cb move_window_bits+0xbd(data=0x137a90, old_rect=0x33f594,
new_rect=0x33f584, old_client_rect=0x33f3f0)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:1620] in winex11
(0x0033f3b4)
  5 0x68b6de93 X11DRV_WindowPosChanged+0x2cb(hwnd=0x50084, insert_after=(nil),
swp_flags=0x1037, rectWindow=0x33f5b4, rectClient=0x33f5a4,
visible_rect=0x33f518, valid_rects=0x33f584)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:2524] in winex11
(0x0033f454)
  6 0x7c77b9ed set_window_pos+0x39d(hwnd=0x50084, insert_after=(nil),
swp_flags=0x1037, window_rect=0x33f5b4, client_rect=0x33f5a4,
valid_rects=0x33f584)
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2006] in user32
(0x0033f554)
  7 0x7c77bc93 USER_SetWindowPos+0x29a(winpos=0x33f624)
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2077] in user32
(0x0033f5e4)
  8 0x7c77bfcb SetWindowPos+0x139(hwnd=0x50084, hwndInsertAfter=(nil), x=0,
y=0, cx=0, cy=0, flags=0x37)
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2151] in user32
(0x0033f654)
  9 0x7c756239 SCROLL_ShowScrollBar+0x180(hwnd=0x50084, nBar=0, fShowH=0x1,
fShowV=0) [/home/focht/projects/wine/wine-git/dlls/user32/scroll.c:1987] in
user32 (0x0033f6a4)
  10 0x7c7562ac ShowScrollBar+0x49(hwnd=0x50084, nBar=0, fShow=0x1)
[/home/focht/projects/wine/wine-git/dlls/user32/scroll.c:2014] in user32
(0x0033f6c4)
  11 0x683ef203 TREEVIEW_UpdateScrollBars+0x38c(infoPtr=0x1374e8)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:2825] in comctl32
(0x0033f714)
  12 0x683f03f1 TREEVIEW_Expand+0x28b(infoPtr=0x1374e8, item=0x1569a0,
partial=0, user=0)
[/home/focht/projects/wine/wine-git/dlls/comctl32/treeview.c:3392] in comctl32
(0x0033f7a4)
...
--- snip ---

'winetricks comctl32' fixes the crash/corruption.

$ sha1sum examxmlpro.exe 
ccbd325c3f3e73afbc7d3ccaa8ba6574dc23409c  examxmlpro.exe

$ wine --version
wine-1.3.35-43-gd9d4a06

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list