[Bug 28860] AveraSell 4.3.8 crashes after login (heap corruption)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Mar 2 05:26:01 CST 2014 

https://bugs.winehq.org/show_bug.cgi?id=28860

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
            Summary|Averasell: Crashes after    |AveraSell 4.3.8 crashes
                   |login                       |after login (heap
                   |                            |corruption)
     Ever confirmed|0                           |1

--- Comment #9 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming, still present.

The app uses Clarion 5.5 runtime library which seems to be susceptible to
+relay and +snoop (dies or hangs).

Login to test with:

Sales ID: "POS"
Password: "POS"

--- snip ---
$ pwd
/home/focht/.wine/drive_c/AveraSell

$ wine ./avs.exe
...
Unhandled exception: page fault on read access to 0x7cb8ad20 in 32-bit code
(0x7cb8ad20).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7cb8ad20 ESP:0033f67c EBP:0033f6d8 EFLAGS:00010202(  R- --  I   - - - )
 EAX:7cb8a3b0 EBX:7de1b000 ECX:7cb8ae10 EDX:7cb8ada0
 ESI:0033f86c EDI:0033f80c
...
Backtrace:
=>0 0x7cb8ad20 (0x0033f6d8)
  1 0x7ddab7e5 X11DRV_FocusOut+0xcc(hwnd=0x3005a, xev=0x33f7ac)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/event.c:845] in
winex11 (0x0033f718)

  2 0x7ddaa6cc call_event_handler+0x18a(display=0x7d58cde0, event=0x33f7ac)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/event.c:397] in
winex11 (0x0033f778)

  3 0x7ddaa856 process_events+0x178(display=0x7d58cde0, filter=0x7dda9f79,
arg=0x4ff)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/event.c:450] in
winex11 (0x0033f898)

  4 0x7ddaaa1d X11DRV_MsgWaitForMultipleObjectsEx+0xb1(count=<couldn't compute
location>, handles=<couldn't compute location>, timeout=<couldn't compute
location>, mask=<couldn't compute location>, flags=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/event.c:490] in
winex11 (0x0033f8e8)

  5 0x7eb8b828 check_for_driver_events+0x61(msg=0)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3692] in user32
(0x0033f928)

  6 0x7eb8b89c PeekMessageW+0x22(msg_out=0x33f9f8, hwnd=(nil), first=0, last=0,
flags=0) [/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3710]
in user32 (0x0033f988)

  7 0x7eb8ba4b PeekMessageA+0x73(msg=<couldn't compute location>,
hwnd=<couldn't compute location>, first=<couldn't compute location>,
last=<couldn't compute location>, flags=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3744] in user32
(0x0033f9c8)

  8 0x008a93c3 in c55runx (+0xa93c2) (0x0033fa7c)
  9 0x0042dcf8 in pfwinv (+0x2dcf7) (0x0033fdf8)
  10 0x00463a8c in pfwinv (+0x63a8b) (0x0033fe38)
...
Modules:
Module    Address            Debug info    Name (249 modules)
PE      340000-  34e000    Deferred        das55tx
PE      350000-  35a000    Deferred        tg55cmx
PE      360000-  3ab000    Deferred        ntsqw6c55
PE      3b0000-  3f5000    Deferred        ntsrw6c55
PE      400000-  586000    Export          pfwinv
PE      590000-  63e000    Deferred        gcc5550x
PE      640000-  67a000    Deferred        ntsvw6c55
PE      680000-  691000    Deferred        jspd32
PE      6a0000-  6b1000    Deferred        ers55x
PE      6c0000-  6db000    Deferred        eztw32
PE      6e0000-  6f2000    Deferred        cpc55p32
PE      700000-  708000    Deferred        ia_skin
PE      710000-  71d000    Deferred        pb2
PE      720000-  72a000    Deferred        pp1000se
PE      730000-  73b000    Deferred        c55finx
PE      740000-  755000    Deferred        c55tpsx
PE      760000-  76b000    Deferred        c55dosx
PE      770000-  77c000    Deferred        c55ascx
PE      780000-  78d000    Deferred        c55basx
PE      790000-  7b7000    Deferred        pwccard
PE      7c0000-  7f3000    Deferred        clacom32
PE      800000-  8f1000    Export          c55runx 
...
Threads:
process  tid      prio (all id:s are in hex)
...
00000046 (D) C:\AveraSell\pfwinv.exe
    00000042    0
    0000003e    0
    0000003b    0
    00000039    0
    00000038    0
    00000037   -1
    00000036    0
    00000035    0
    0000000b   -1
    00000021    0
    00000022    0
    00000030    0
    0000002f    0
    0000002e    0
    0000002d    0
    0000002c    0
    00000025    0
    00000047    0 <== 
...
--- snip ---

Running the app with +heap shows heap corruption multiple times.

Maybe the app depends on certain heap manager behaviour or has bugs that are
hidden in Windows due different heap layout.

--- snip ---
0024:trace:heap:RtlAllocateHeap (0x110000,70000062,00000018): returning
0x152388
0024:trace:heap:GlobalAlloc (flags=0002) returning handle 0x152372 pointer
0x152390 
...
0024:warn:heap:HEAP_ValidateInUseArena Heap 0x110000: invalid in-use arena
magic 00555555 for 0x152388
Heap: 0x110000
Next: 0x50a000  Sub-heaps: 0x110014
Free lists:
 Block   Stat   Size    Id
0x110080 free 00000010 prev=0x1d8120 next=0x110090
0x110090 free 00000020 prev=0x110080 next=0x1100a0
0x1100a0 free 00000030 prev=0x110090 next=0x11cc80
0x1100b0 free 00000040 prev=0x11cc80 next=0x1100c0
0x1100c0 free 00000060 prev=0x1100b0 next=0x11cb48
0x1100d0 free 00000080 prev=0x11cb48 next=0x1197e8
0x1100e0 free 00000100 prev=0x1197e8 next=0x118f10
0x1100f0 free 00000200 prev=0x11aa78 next=0x110100
0x110100 free 00000400 prev=0x1100f0 next=0x11dcd0
0x110110 free 00001000 prev=0x11d0e0 next=0x11b6d0
0x110120 free ffffffff prev=0x112d18 next=0x1d8120 
...
0024:trace:heap:RtlFreeHeap (0x110000,70000062,0x152388): returning TRUE
...
0016:trace:heap:RtlAllocateHeap (0x110000,70000062,000000e0): returning
0x7d2ddc8 
...
0016:trace:heap:RtlFreeHeap (0x110000,70000062,0x7d2ddc8): returning TRUE 
...
0026:fixme:win:DeferWindowPos other process handle 0x7ebb4b53?
0024:trace:heap:RtlFreeHeap (0x110000,70000062,0x7d50400): returning TRUE
0016:trace:heap:RtlAllocateHeap (0x110000,70000062,0000001c): returning
0x7d06100
0016:trace:heap:RtlAllocateHeap (0x110000,70000062,00000020): returning
0x7342a90
0016:err:heap:HEAP_ValidateInUseArena Heap 0x110000: free block 0x7d2ddc8
overwritten at 0x7d2ddd8 by 00000000
Heap: 0x110000
Next: 0x5c40000  Sub-heaps: 0x1323b000 0x7a00000 0x7190000 0x5e90000 0x110014
Free lists:
 Block   Stat   Size    Id
0x110080 free 00000010 prev=0x1329a758 next=0x7d19e68
0x110090 free 00000020 prev=0x7db50b8 next=0x11c370
0x1100a0 free 00000030 prev=0x7b43ea8 next=0x7dada10
0x1100b0 free 00000040 prev=0x7b46120 next=0x7d854a8
0x1100c0 free 00000060 prev=0x7d9a6a0 next=0x5f3fae0
0x1100d0 free 00000080 prev=0x73519f0 next=0x7da4ad0
0x1100e0 free 00000100 prev=0x7c9fc20 next=0x7d50608
0x1100f0 free 00000200 prev=0x7a98c30 next=0x5ed2ba0
0x110100 free 00000400 prev=0x7c96890 next=0x110110
0x110110 free 00001000 prev=0x110100 next=0x7cfaad8
0x110120 free ffffffff prev=0x7b3c120 next=0x7d17f98 
--- snip ---

$ sha1sum avssetup.exe 
173523857bc721aaa470c7e07ecac21d3deb0b57  avssetup.exe

$ du -sh avssetup.exe 
57M    avssetup.exe

$ wine --version
wine-1.7.13-118-g0eb6265

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list