[Bug 34642] Adobe Premiere Pro 2.0 exits silently on startup ('GetMenuItemInfo' must zero out 'cch' if mask doesn't specify 'MIIM_TYPE')
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Sep 7 11:27:32 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=34642
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |download
Status|UNCONFIRMED |NEW
URL| |http://download.adobe.com/p
| |ub/adobe/magic/creativesuit
| |e/CS2_EOL/PPRO/PPRO_2.0_Ret
| |-NH_UE.zip
CC| |focht at gmx.net
Component|ole |user32
Summary|Premiere Pro 2 not finish |Adobe Premiere Pro 2.0
|loading |exits silently on startup
| |('GetMenuItemInfo' must
| |zero out 'cch' if mask
| |doesn't specify
| |'MIIM_TYPE')
Ever confirmed|0 |1
--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
If you are encountering strange issues when using 'relay' it's best to leave it
out of the equation completely.
It modifies stack layout/values which effects code that uses stack-based data
structures with uninitialized data members -> tends to hide/move problem
domains.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Adobe/Adobe Premiere Pro 2.0
$ WINEDEBUG=+tid,+seh,+loaddll,+process wine ./Adobe\ Premiere\ Pro.exe
>>log.txt 2>&1
...
0009:trace:loaddll:load_native_dll Loaded L"C:\\program files\\adobe\\adobe
premiere pro 2.0\\plug-ins\\en_us\\premiere asio.dll" at 0xe3e0000: native
0009:fixme:win:EnumDisplayDevicesW ((null),0,0x33e760,0x00000000), stub!
0009:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\dinput.dll"
at 0xf2700000: builtin
0009:trace:loaddll:free_modref Unloaded module
L"C:\\windows\\system32\\dinput.dll" : builtin
0009:trace:loaddll:load_builtin_dll Loaded
L"C:\\windows\\system32\\mmdevapi.dll" at 0xf3060000: builtin
0009:trace:loaddll:load_builtin_dll Loaded
L"C:\\windows\\system32\\winealsa.drv" at 0xf25e0000: builtin
...
0009:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83ae8f
ip=7b83ae8f tid=0009
0009:trace:seh:raise_exception info[0]=19930520
0009:trace:seh:raise_exception info[1]=0033e868
0009:trace:seh:raise_exception info[2]=7e67ef24
0009:trace:seh:raise_exception eax=7b826d6d ebx=7b8be000 ecx=19930520
edx=0033e794 esi=76a40082 edi=3b520041
0009:trace:seh:raise_exception ebp=0033e7d8 esp=0033e774 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00200283
0009:trace:seh:call_stack_handlers calling handler at 0x97ecea code=e06d7363
flags=1
0009:trace:seh:call_stack_handlers handler at 0x97ecea returned 1
...
0009:trace:loaddll:free_modref Unloaded module L"C:\\Program
Files\\Adobe\\Adobe Premiere Pro
2.0\\Plug-ins\\Common\\PremiereFiltersMetaPlugin.prmp" : native
0009:trace:loaddll:free_modref Unloaded module L"C:\\Program
Files\\Adobe\\Adobe Premiere Pro
2.0\\Plug-ins\\en_US\\TransitionGPUCenterPeel.prm" : native
0009:trace:loaddll:free_modref Unloaded module L"C:\\Program
Files\\Adobe\\Adobe Premiere Pro
2.0\\Plug-ins\\en_US\\TransitionGPUPageCurl.prm" : native
...
--- snip ---
The C++ exception is the interesting one, it's the result of a memory
allocation failure.
Call site:
--- snip ---
...
00974AE4 56 PUSH ESI
00974AE5 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+8] ; alloc size
00974AE9 EB 11 JMP SHORT UIFramew.00974AFC
00974AEB 56 PUSH ESI
00974AEC E8 DF080000 CALL <JMP.&MSVCR71._callnewh>
00974AF1 85C0 TEST EAX,EAX
00974AF3 59 POP ECX
00974AF4 75 06 JNZ SHORT UIFramew.00974AFC
00974AF6 FF15 603DA900 CALL DWORD PTRDS:[<&MSVCP71.?_Nomemory at std@@YAXXZ>]
00974AFC 56 PUSH ESI
00974AFD E8 AA040000 CALL <JMP.&MSVCR71.malloc>
00974B02 85C0 TEST EAX,EAX
00974B04 59 POP ECX
00974B05 74 E4 JE SHORT UIFramew.00974AEB
00974B07 5E POP ESI
00974B08 C3 RETN
--- snip ---
Caller parent:
--- snip ---
00826C50 55 PUSH EBP
00826C51 56 PUSH ESI
00826C52 33ED XOR EBP,EBP
00826C54 57 PUSH EDI
00826C55 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10] ; #wchars
00826C59 3BFD CMP EDI,EBP
00826C5B 8BF1 MOV ESI,ECX
00826C5D 896E 04 MOV DWORD PTR DS:[ESI+4],EBP
00826C60 896E 08 MOV DWORD PTR DS:[ESI+8],EBP
00826C63 896E 0C MOV DWORD PTR DS:[ESI+C],EBP
00826C66 74 4A JE SHORT UIFramew.00826CB2
00826C68 81FF FFFFFF7F CMP EDI,7FFFFFFF
00826C6E 76 05 JBE SHORT UIFramew.00826C75
00826C70 E8 0D5DF3FF CALL UIFramew.0075C982
00826C75 53 PUSH EBX
00826C76 8D1C3F LEA EBX,DWORD PTR DS:[EDI+EDI] ; bytes = #wchars*2
00826C79 53 PUSH EBX
00826C7A E8 65DE1400 CALL UIFramew.00974AE4 ; allocate
00826C7F 8D0C03 LEA ECX,DWORD PTR DS:[EBX+EAX]
--- snip ---
Next caller parent gives the hint:
--- snip --
...
00826F86 C78424 B0000000... MOV DWORD PTR SS:[ESP+B0],1
00826F91 C74424 68 30000000 MOV DWORD PTR SS:[ESP+68],30
00826F99 C74424 6C 62000000 MOV DWORD PTR SS:[ESP+6C],62
00826FA1 899C24 8C000000 MOV DWORD PTR SS:[ESP+8C],EBX
00826FA8 899C24 88000000 MOV DWORD PTR SS:[ESP+88],EBX
00826FAF FF15 1443A900 CALL DWORD PTR DS:[<&USER32.GetMenuItemInfoW>]
00826FB5 3BC3 CMP EAX,EBX
00826FB7 0F84 15010000 JE UIFramew.008270D2
00826FBD 8B8424 80000000 MOV EAX,DWORD PTR SS:[ESP+80] ; cch
00826FC4 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
00826FC8 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
00826FCC 51 PUSH ECX
00826FCD 40 INC EAX ; include '\0' (+1)
00826FCE 50 PUSH EAX ; #wchars
00826FCF 8D8C24 90000000 LEA ECX,DWORD PTR SS:[ESP+90]
00826FD6 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX
00826FDA E8 72D1F2FF CALL UIFramew.00754151
...
<loop menu items>
...
00754151 E9 FA2A0D00 JMP UIFramew.00826C50
...
--- snip ---
The code calls 'GetMenuItemInfoW' with only partially initialized stack-based
'MENUITEMINFO' structure ('cbSize' and 'fMask' members).
After return from 'GetMenuItemInfoW':
--- snip ---
$+0 00000030 ; cbSize
$+4 00000062 ; fMask (MIIM_ID | MIIM_DATA | MIIM_STRING)
$+8 7ED98000 ; fType
$+C 0033E9E0 ; fState
$+10 00000000 ; wID
$+14 00000000 ; hSubMenu
$+18 3AF80042 ; hbmpChecked
$+1C 006D0DB0 ; hbmpUnchecked
$+20 00000000 ; dwItemData
$+24 00000000 ; dwTypeData
$+28 0097E8F2 ; cch ; leftover stack garbage from previous usage
$+2C 00000000 ; hbmpItem
--- snip ---
Source:
http://source.winehq.org/git/wine.git/blob/cb2b15921daeebf763e8eb34fd9fa336d3b3311a:/dlls/user32/menu.c#l4550
MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms647578%28v=vs.85%29.aspx
--- quote ---
MIIM_DATA
0x00000020
Retrieves or sets the dwItemData member.
...
MIIM_ID
0x00000002
Retrieves or sets the wID member.
...
MIIM_STRING
0x00000040
Retrieves or sets the dwTypeData member.
--- quote ---
--- quote ---
cch
Type: UINT
The length of the menu item text, in characters, when information is
received about a menu item of the MFT_STRING type. However, cch is used only if
the MIIM_TYPE flag is set in the fMask member and is zero otherwise. Also, cch
is ignored when the content of a menu item is set by calling SetMenuItemInfo.
Note that, before calling GetMenuItemInfo, the application must set cch to
the length of the buffer pointed to by the dwTypeData member. If the retrieved
menu item is of type MFT_STRING (as indicated by the fType member), then
GetMenuItemInfo changes cch to the length of the menu item text. If the
retrieved menu item is of some other type, GetMenuItemInfo sets the cch field
to zero.
The cch member is used when the MIIM_STRING flag is set in the fMask
member.
--- quote ---
$ sha1sum PPRO_2.0_Ret-NH_UE.zip
24dc9b897b83f7a4e75f7bb5921a6e2a5ba94d36 PPRO_2.0_Ret-NH_UE.zip
$ du -sh PPRO_2.0_Ret-NH_UE.zip
1.1G PPRO_2.0_Ret-NH_UE.zip
$ wine --version
wine-1.7.26
Tidbit: the Adobe PPro 2.0 installer crashes for me at the end ... no one
mentioned this here?
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list