[Bug 35041] Garmin Express Fit v2.0 crashes with heap corruption in libX11

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Dec 3 10:55:04 CST 2013 

http://bugs.winehq.org/show_bug.cgi?id=35041

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
            Version|unspecified                 |1.6
                URL|                            |http://www8.garmin.com/soft
                   |                            |ware/ExpressFit_20.exe
           Keywords|                            |dotnet, download
                 CC|                            |ariscop at gmail.com,
                   |                            |focht at gmx.net
     Ever Confirmed|0                           |1
            Summary|Garmin Express Fit crashes  |Garmin Express Fit v2.0
                   |                            |crashes with heap
                   |                            |corruption in libX11

--- Comment #1 from Anastasius Focht <focht at gmx.net> 2013-12-03 10:55:04 CST ---
Hello folks,

confirming.

The app requires at least .NET Framework 3.5 (SP1 is better).

Looks like one variant of bug 32859 which ought to be fixed.
Most likely there were multiple bugs present which hid each other.

I can reproduce it with up-to-date Fedora 19 and Wine 1.7.7:

--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0xf77d9430 __kernel_vsyscall+0x10() in [vdso].so (0x0212bb78)
  1 0xf742f936 gsignal+0x45() in libc.so.6 (0x0212bb78)
  2 0xf7431173 abort+0x142() in libc.so.6 (0x0212bb78)
  3 0xf746f0e5 __libc_message+0x344() in libc.so.6 (0x0212bb78)
  4 0xf7476d12 _int_free+0x651() in libc.so.6 (0x00000003)
  5 0x7dcc70c4 _XlcDestroyLocaleDataBase+0x93() in libx11.so.6 (0x7d9592e8)
  6 0x7dccbdb1 in libx11.so.6 (+0x4fdb0) (0x7cc76008)
  7 0x7dcd37e8 _XCloseLC+0x77() in libx11.so.6 (0x7cc76008)
  8 0x7dcd3831 _XlcCurrentLC+0x30() in libx11.so.6 (0x7cc76008)
  9 0x7dccc425 _Xlcmbstowcs+0xe4() in libx11.so.6 (0x7cc76008)
  10 0x7dccc534 _Xmbstowcs+0x33() in libx11.so.6 (0x7cc76008)
  11 0x7dce1cd9 in libx11.so.6 (+0x65cd8) (0x7cc76008)
  12 0x7dcdfdf1 _XimLocalOpenIM+0x400() in libx11.so.6 (0x7cd0d838)
  13 0x7dcde227 _XimOpenIM+0xf6() in libx11.so.6 (0x7cd0d838)
  14 0x7dcc3698 XOpenIM+0x47() in libx11.so.6 (0x0212e378)
  15 0x7de55f9f open_xim+0x4b(display=0x7cd00468)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:343] in winex11
(0x0212e378)
  16 0x7de568bb X11DRV_SetupXIM+0x24()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/xim.c:462] in winex11
(0x0212e3b8)
  17 0x7de51abf x11drv_init_thread_data+0x206()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv_main.c:676] in
winex11 (0x0212e408)
  18 0x7de442cf thread_init_display+0xa()
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/x11drv.h:351] in winex11
(0x0212e418)
  19 0x7de492da X11DRV_create_win_data+0xa0(hwnd=0x4004c,
window_rect=0x212e7b0, client_rect=0x212e7b0)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:1786] in winex11
(0x0212e488)
  20 0x7de4a23f X11DRV_WindowPosChanging+0x67(hwnd=<couldn't compute location>,
insert_after=<couldn't compute location>, swp_flags=<couldn't compute
location>, window_rect=<couldn't compute location>, client_rect=<couldn't
compute location>, visible_rect=<couldn't compute location>, surface=<couldn't
compute location>)
[/home/focht/projects/wine/wine-git/dlls/winex11.drv/window.c:2149] in winex11
(0x0212e508)
  21 0x7ed21efa set_window_pos+0xb7(hwnd=0x4004c, insert_after=(nil),
swp_flags=0x14, window_rect=0x212e7b0, client_rect=0x212e7b0,
valid_rects=(nil))
[/home/focht/projects/wine/wine-git/dlls/user32/winpos.c:2050] in user32
(0x0212e628)
  22 0x7ed164e4 WIN_CreateWindowEx+0xdc7(cs=0x212e880, className="IOM Responder
Window", module=0x400000, unicode=0x1)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1581] in user32
(0x0212e868)
  23 0x7ed16db8 CreateWindowExW+0x8a(exStyle=0x40200, className="IOM Responder
Window", windowName="Garmin Express Fit - IOM library", style=0xcf0000,
x=0x80000000, y=0, width=0x190, height=0, parent=(nil), menu=(nil),
instance=0x400000, data=0x0(nil))
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1751] in user32
(0x0212e8bc)
  24 0x008e6d52 in expressfit (+0x4e6d51) (0x0212ea50)
  25 0x00aca95a in expressfit (+0x6ca959) (0x0212ea58)
  26 0x7bc85c48 call_thread_func_wrapper+0xb() in ntdll (0x0212ea68)
...
--- snip ---

libX11 -> 1.6.0-1.fc19
xorg-x11-server-Xorg -> 1.14.4-3.fc19

@greg:

Can you check if the following works around:

--- snip ---
$ taskset -c 0 wine ./ExpressFit.exe
--- snip ---

$ sha1sum ExpressFit_20.exe 
5a216312b046df633149ea146accc07565b9e0c8  ExpressFit_20.exe

$ du -sh ExpressFit_20.exe 
11M    ExpressFit_20.exe

$ wine --version
wine-1.7.7-262-g30a3e9c

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list