[Bug 36505] New: DynDNS Updater 4.1.6 crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Wed May 21 14:07:45 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=36505

            Bug ID: 36505
           Summary: DynDNS Updater 4.1.6 crashes on startup
           Product: Wine
           Version: 1.7.19
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: jscript
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net

Hello folks,

relevant part of trace log:

---- snip ---
WINEDEBUG=+tid,+seh,+relay,+jscript,+ole,+variant wine ./DynDNS\ Updater\
4.1.6.exe >>log.txt 2>&1
...
0023:trace:jscript:JScriptParse_ParseScriptText
(0x140338)->(L"require(\"res://scriptLib.js\");\r\nrequire(\"res://json2.js\");\r\nrequire(\"res://base64.js\");\r\nrequire(\"res://md5.js\");\r\n\r\n/////////////////////////////////////////////////////////////////////\r\napp.log(0,
'SCRIPT STARTS');\r\napp.log(0, 'TAG DATA: ' + app.tag);\r\n\r\nvar mainScript
= ("... (null) (nil) (null) ffffffff 0 20 (nil) (nil)) 
...
0023:trace:jscript:interp_str L"res://scriptLib.js" 
...
0023:trace:jscript:JScriptParse_ParseScriptText
(0x140338)->(L"////////////////////////////////////////////////////////////////////\r\n//
Library\r\n//\r\nvar WinConst = {\r\n//-- window style bits.\r\n   
WS_OVERLAPPED: 0x00000000,\r\n    WS_POPUP: 0x80000000,\r\n    WS_CLIPSIBLINGS:
0x04000000,\r\n    WS_CLIPCHILDREN: 0x02000000,\r\n    WS_CAPTION:
0x00C00000,"... (null) (nil) (null) ffffffff 0 20 (nil) (nil)) 
...
0023:trace:jscript:interp_double 0.000000
0023:trace:jscript:interp_obj_prop L"FFF_DEFAULT"
0023:trace:jscript:ensure_prop_name creating prop L"FFF_DEFAULT" flags 200
0023:Call ntdll.RtlAllocateHeap(00110000,00000000,00000018) ret=7d688c0d
0023:Ret  ntdll.RtlAllocateHeap() retval=001b3978 ret=7d688c0d
0023:trace:jscript:prop_put L"FFF_DEFAULT" = 0.000000
0023:trace:jscript:interp_double 1.000000
0023:trace:jscript:interp_obj_prop L"FFF_FILESONLY"
0023:trace:jscript:ensure_prop_name creating prop L"FFF_FILESONLY" flags 200
0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001c) ret=7d688c0d
0023:Ret  ntdll.RtlAllocateHeap() retval=001b3998 ret=7d688c0d
0023:trace:jscript:prop_put L"FFF_FILESONLY" = 1.000000
0023:trace:jscript:interp_double 2.000000
0023:trace:jscript:interp_obj_prop L"FFF_DIRSONLY"
0023:trace:jscript:ensure_prop_name creating prop L"FFF_DIRSONLY" flags 200
0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001a) ret=7d688c0d
0023:Ret  ntdll.RtlAllocateHeap() retval=001b39c0 ret=7d688c0d
0023:trace:jscript:prop_put L"FFF_DIRSONLY" = 2.000000
0023:trace:jscript:interp_double 4.000000
0023:trace:jscript:interp_obj_prop L"FFF_RECURSIVE"
0023:trace:jscript:ensure_prop_name creating prop L"FFF_RECURSIVE" flags 200
0023:Call ntdll.RtlReAllocateHeap(00110000,00000000,001b38f0,00000100)
ret=7d688c76
0023:Ret  ntdll.RtlReAllocateHeap() retval=001b39e8 ret=7d688c76
0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000001c) ret=7d688c0d
0023:Ret  ntdll.RtlAllocateHeap() retval=001b38f0 ret=7d688c0d
0023:trace:jscript:prop_put L"FFF_RECURSIVE" = 4.000000
0023:trace:jscript:interp_double 1.000000
0023:trace:jscript:interp_obj_prop L"SLOF_ABORT_RESISTANT"
0023:trace:jscript:ensure_prop_name creating prop L"SLOF_ABORT_RESISTANT" flags
200
0023:Call ntdll.RtlAllocateHeap(00110000,00000000,0000002a) ret=7d688c0d
0023:Ret  ntdll.RtlAllocateHeap() retval=001b3918 ret=7d688c0d
0023:trace:jscript:prop_put L"SLOF_ABORT_RESISTANT" = 1.000000
0023:trace:jscript:interp_var_set L"AppConst"
0023:trace:jscript:prop_put L"AppConst" = obj(0x1b38c8)
0023:trace:jscript:interp_ret 
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7d6a794b
ip=7d6a794b tid=0023
0023:trace:seh:raise_exception  info[0]=00000001
0023:trace:seh:raise_exception  info[1]=00000000
0023:trace:seh:raise_exception  eax=00000000 ebx=7d6dd000 ecx=7d6a7948
edx=7ff80001 esi=0033f258 edi=00217b8c
0023:trace:seh:raise_exception  ebp=0033f1b8 esp=0033f170 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210216
...
Unhandled exception: page fault on write access to 0x00000000 in 32-bit code
(0x7d6a794b).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7d6a794b ESP:0033f170 EBP:0033f1b8 EFLAGS:00210216(  R- --  I   -A-P- )
 EAX:00000000 EBX:7d6dd000 ECX:7d6a7948 EDX:7ff80001
 ESI:0033f258 EDI:00217b8c
...
Backtrace:
=>0 0x7d6a794b jsval_to_variant+0x63(val={u={n=nan, s={u={obj=0x217b8c,
str=0x217b8c, b=0x217b8c, v=0x217b8c, as_uintptr=0x217b8c},
tag=JSV_UNDEFINED}}}, retv=(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/jscript/jsutils.c:344] in jscript
(0x0033f1b8)

  1 0x7d6a0bc6 JScriptParse_ParseScriptText+0x250(iface=<couldn't compute
location>, pstrCode=<couldn't compute location>, pstrItemName=<couldn't compute
location>, punkContext=<couldn't compute location>, pstrDelimiter=<couldn't
compute location>, dwSourceContextCookie=<couldn't compute location>,
ulStartingLine=<couldn't compute location>, dwFlags=<couldn't compute
location>, pvarResult=<couldn't compute location>, pexcepinfo=<couldn't compute
location>) [/home/focht/projects/wine/wine.repo/src/dlls/jscript/jscript.c:786]
in jscript (0x0033f248)

  2 0x0040eef2 in dyndns updater 4.1.6 (+0xeef1) (0x0033f2dc)
  3 0x0040dcfe in dyndns updater 4.1.6 (+0xdcfd) (0x0033f364)
  4 0x0040dfa7 in dyndns updater 4.1.6 (+0xdfa6) (0x0033f3d8)
  5 0x7e2adf16 call_method+0x21() in oleaut32 (0x0033f3f8)
...
344            V_VT(retv) = VT_EMPTY;
Modules:
Module    Address            Debug info    Name (86 modules)
PE      400000-  477000    Export          dyndns updater 4.1.6
ELF    7b800000-7ba60000    Dwarf           kernel32<elf>
  \-PE    7b810000-7ba60000    \               kernel32
ELF    7bc00000-7bcee000    Dwarf           ntdll<elf>
  \-PE    7bc10000-7bcee000    \               ntdll
ELF    7bf00000-7bf04000    Dwarf           <wine-loader>
ELF    7d663000-7d6fa000    Dwarf           jscript<elf>
  \-PE    7d670000-7d6fa000    \               jscript
...
process  tid      prio (all id:s are in hex)
...
00000022 (D) Z:\home\focht\Downloads\DynDNS Updater 4.1.6.exe
    00000023    0 <== 
--- snip ---

The app passes 'dwFlags = SCRIPTTEXT_ISEXPRESSION' _and_ NULL 'pvarResult'
which Wine's JScript tries to write to after successful 'exec_source'.

The scriptlet is rather uninteresting (not a problem):

--- snip ---
////////////////////////////////////////////////////////////////////
// Library
//
var WinConst = {
//-- window style bits.
    WS_OVERLAPPED: 0x00000000,
    WS_POPUP: 0x80000000,
    WS_CLIPSIBLINGS: 0x04000000,
    WS_CLIPCHILDREN: 0x02000000, 
...
    INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP  : 0x00008000, // ignore https:// to
http://
    INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS : 0x00004000, // ignore http:// to
https://
    INTERNET_FLAG_IGNORE_CERT_DATE_INVALID : 0x00002000, // ignore expired X509
Cert.
    INTERNET_FLAG_IGNORE_CERT_CN_INVALID   : 0x00001000, // ignore bad common
name in X509 Cert.

    ___LINE_FOR_NEW_VALUES___ : 0
};                                                     

var AppConst = {
    FFF_DEFAULT    : 0,
    FFF_FILESONLY    : 1,
    FFF_DIRSONLY    : 2,
    FFF_RECURSIVE    : 4,

    SLOF_ABORT_RESISTANT    : 0x0001
};
--- snip ---

MSDN: http://msdn.microsoft.com/en-us/library/tch4w30x%28v=vs.94%29.aspx

--- quote ---
 pvarResult

[out] Address of a buffer that receives the results of scriptlet processing, or
NULL if the caller expects no result (that is, the SCRIPTTEXT_ISEXPRESSION
value is not set). 
--- quote ---

Someone is wrong here ...

Source:
http://source.winehq.org/git/wine.git/blob/02d63cb3120d89a5107d4e26a92eb4bd06e2213d:/dlls/jscript/jscript.c#l753

--- snip ---
 753 static HRESULT WINAPI JScriptParse_ParseScriptText(IActiveScriptParse
*iface,
754        LPCOLESTR pstrCode, LPCOLESTR pstrItemName, IUnknown *punkContext,
755        LPCOLESTR pstrDelimiter, CTXARG_T dwSourceContextCookie, ULONG
ulStartingLine,
756        DWORD dwFlags, VARIANT *pvarResult, EXCEPINFO *pexcepinfo)
757 {
758     JScript *This = impl_from_IActiveScriptParse(iface);
759     bytecode_t *code;
760     HRESULT hres;
...
774     if(dwFlags & SCRIPTTEXT_ISEXPRESSION) {
775         exec_ctx_t *exec_ctx;
776
777         hres = create_exec_ctx(This->ctx, NULL, This->ctx->global, NULL,
TRUE, &exec_ctx);
778         if(SUCCEEDED(hres)) {
779             jsval_t r;
780
781             IActiveScriptSite_OnEnterScript(This->site);
782
783             clear_ei(This->ctx);
784             hres = exec_source(exec_ctx, code, &code->global_code, TRUE,
&r);
785             if(SUCCEEDED(hres)) {
786                 hres = jsval_to_variant(r, pvarResult);
787                 jsval_release(r);
788             }
789             exec_release(exec_ctx);
790
791             IActiveScriptSite_OnLeaveScript(This->site);
792         }
...
--- snip ---

$ sha1sum DynDNS\ Updater\ 4.1.6.exe 
629268eaef62d424798c7965d3e9e63a0584861a  DynDNS Updater 4.1.6.exe

$ du -sh DynDNS\ Updater\ 4.1.6.exe 
460K    DynDNS Updater 4.1.6.exe

$ wine --version
wine-1.7.19-47-g704d169

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list