[Bug 23005] WinWULFF (VB6 app) fails on startup, reporting "Run-time error '10': This array is fixed or temporarily locked"

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jan 7 17:09:15 CST 2014 

http://bugs.winehq.org/show_bug.cgi?id=23005

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
          Component|-unknown                    |oleaut32
            Summary|WinWULFF fails to start     |WinWULFF (VB6 app) fails on
                   |with Visual Basic run-time  |startup, reporting
                   |error 10                    |"Run-time error '10': This
                   |                            |array is fixed or
                   |                            |temporarily locked"

--- Comment #11 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

Relevant part of trace log:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/WinWULFF
$ WINEDEBUG=+tid,+seh,+relay,+snoop,+ole,+variant wine ./WINWULFF.exe >>log.txt
2>&1
...
0025:Call oleaut32.SafeArrayCopy(0033e878,0033e870) ret=66103c0e
0025:trace:variant:SafeArrayCopy (0x33e878,0x33e870)
0025:trace:variant:SafeArrayGetVartype (0x33e878,0x33e792)
0025:trace:variant:SafeArrayAllocDescriptorEx (4->VT_R4,1,0x33e870)
0025:trace:variant:SafeArrayAllocDescriptor (1,0x33e870)
...
0025:trace:variant:SafeArrayAllocDescriptor (1): 24 bytes allocated for
descriptor.
0025:Call ntdll.RtlAllocateHeap(00110000,00000008,0000000c) ret=7e7ca9ac
0025:Ret  ntdll.RtlAllocateHeap() retval=001c56b0 ret=7e7ca9ac
0025:Ret  oleaut32.SafeArrayCopy() retval=00000000 ret=66103c0e
0025:RET  MSVBVM60.__vbaAryCopy() retval=00000000 ret=004b63a9
0025:CALL MSVBVM60.__vbaFreeStr() ret=004b63d6
0025:Call oleaut32.SysFreeString(001c5eec L"1") ret=660e60c0
0025:Ret  oleaut32.SysFreeString() retval=00000000 ret=660e60c0
0025:RET  MSVBVM60.__vbaFreeStr() retval=00000000 ret=004b63d6
0025:CALL MSVBVM60.__vbaAryDestruct(00000000,0033e84c) ret=004b63e8
0025:Call oleaut32.SafeArrayDestroyData(0033e878) ret=660db598
0025:trace:variant:SafeArrayDestroyData (0x33e878)
0025:Ret  oleaut32.SafeArrayDestroyData() retval=00000000 ret=660db598
0025:Call oleaut32.SafeArrayDestroyData(0033e878) ret=660db6f6
0025:trace:variant:SafeArrayDestroyData (0x33e878)
...
0025:Ret  oleaut32.SafeArrayDestroyData() retval=00000000 ret=660db6f6
0025:RET  MSVBVM60.__vbaAryDestruct() retval=00000000 ret=004b63e8
0025:CALL MSVBVM60.__vbaAryUnlock(0033ee4c) ret=004bc8b0
0025:Call oleaut32.SafeArrayUnlock(001c5e68) ret=660dbbcf
0025:trace:variant:SafeArrayUnlock (0x1c5e68) 
...
0025:CALL MSVBVM60.__vbaRedim() ret=004bd0c4
0025:Call oleaut32.SysFreeString(00000000) ret=6600e1a9
0025:Ret  oleaut32.SysFreeString() retval=0033e800 ret=6600e1a9
0025:Call oleaut32.SysFreeString(00000000) ret=6600e1ae
0025:Ret  oleaut32.SysFreeString() retval=0033e800 ret=6600e1ae
0025:Call oleaut32.SysFreeString(00000000) ret=6600e1b3
0025:Ret  oleaut32.SysFreeString() retval=0033e800 ret=6600e1b3
0025:Call KERNEL32.MultiByteToWideChar(00000000,00000000,0040ca10
"WINWULFF",ffffffff,00000000,00000000) ret=660da0b1
0025:Ret  KERNEL32.MultiByteToWideChar() retval=00000009 ret=660da0b1
0025:Call oleaut32.SysAllocStringLen(00000000,00000008) ret=660da0bc
0025:trace:ole:SysAllocStringLen (null)
0025:Ret  oleaut32.SysAllocStringLen() retval=001c8a44 ret=660da0bc
0025:Call KERNEL32.MultiByteToWideChar(00000000,00000000,0040ca10
"WINWULFF",ffffffff,001c8a44,00000009) ret=660da0db
0025:Ret  KERNEL32.MultiByteToWideChar() retval=00000009 ret=660da0db
0025:Call KERNEL32.RaiseException(c000008f,00000001,00000002,0033e824)
ret=660d0956
0025:trace:seh:raise_exception code=c000008f flags=1 addr=0x7b83a89f
ip=7b83a89f tid=0025
0025:trace:seh:raise_exception  info[0]=deadcafe
0025:trace:seh:raise_exception  info[1]=deadcafe
0025:trace:seh:raise_exception  eax=7b826921 ebx=7b8ba000 ecx=deadcafe
edx=0033e784 esi=0033e824 edi=0033e7f0
0025:trace:seh:raise_exception  ebp=0033e7c8 esp=0033e764 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00200283
0025:trace:seh:call_stack_handlers calling handler at 0x403656 code=c000008f
flags=1 
...
0025:Call KERNEL32.MultiByteToWideChar(00000000,00000000,0033dd64 "This array
is fixed or temporarily locked",ffffffff,00000000,00000000) ret=660d9fcb 
...
0025:Call KERNEL32.MultiByteToWideChar(00000000,00000000,0033e80c "Run-time
error '10'",ffffffff,00000000,00000000) ret=660d9fcb 
--- snip ---

The error about the safearray being fixed/locked is not the real cause.
It's just the aftermath in VB exception handler which tries to clean up/destroy
dynamically allocated objects.

The exception is thrown from VB6 runtime on __vbaRedim entry, it doesn't expect
psa->fFeatures = 0x92 (FADF_HAVEVARTYPE | FADF_FIXEDSIZE | FADF_STATIC).

There is a test for psa->fFeatures flags: if any of (FADF_FIXEDSIZE |
FADF_EMBEDDED | FADF_STATIC) set (0x16) -> throw.

FADF_HAVEVARTYPE type (0x80) is ok (expected).

Maybe native 'sanitizes' some safearray feature flags during __vbaAryRecCopy ->
SAFEARRAY_CopyData().

The app starts successfully after I filtered out some flags (FADF_FIXEDSIZE |
FADF_EMBEDDED | FADF_STATIC) on destination safearray in SAFEARRAY_CopyData().

Bug 8539 looks similar, it also needs sanitization of feature flags in
SAFEARRAY_CopyData().

$ sha1sum WINWULFF_Setup.exe 
ad488014ef1ce8b73497a1ca6a1c73f4a3cf21b2  WINWULFF_Setup.exe

$ du -sh WINWULFF_Setup.exe
4.3M    WINWULFF_Setup.exe

$ wine --version
wine-1.7.10-222-ge12bb32

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list