[Bug 37241] Warhammer Dawn of War II demo installer crashes after language selection

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Sep 28 08:51:59 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=37241

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |focht at gmx.net
          Component|-unknown                    |user32
         Resolution|---                         |DUPLICATE
            Summary|Warhammer Dawn of War II    |Warhammer Dawn of War II
                   |Demo doesn't install        |demo installer crashes
                   |                            |after language selection

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming. It doesn't crash here by chance but I debugged this using your
backtrace.

Looks like a similar problem as in bug 14879

The app sends WM_SETTEXT message to a group-box control on the language dialog
box, which in turn causes WM_CTLCOLORSTATIC message to be sent. 
It seems the app handler doesn't expect to be called here.
The handler references some stack area with uninitialized content (large area
allocated the start of app).
Depending on the value (NULL, values pointing to incidentally mapped addresses,
random values to unmapped address ranges) it either crashes or not.

--- snip ---
<switch/case app msg handler>
...
0044483F  8B4D F8            MOV ECX,DWORD PTR SS:[EBP-8]
00444842  83B9 A4000000 00   CMP DWORD PTR DS:[ECX+A4],0
00444849  74 35              JE SHORT Setup.00444880
0044484B  8B55 F8            MOV EDX,DWORD PTR SS:[EBP-8]
0044484E  8B8A A4000000      MOV ECX,DWORD PTR DS:[EDX+A4] ; instance data
00444854  E8 E73BFCFF        CALL Setup.00408440
00444859  8BF0               MOV ESI,EAX
0044485B  8B4D 0C            MOV ECX,DWORD PTR SS:[EBP+C]
...
00408440  55                 PUSH EBP
00408441  8BEC               MOV EBP,ESP
00408443  83EC 08            SUB ESP,8
00408446  894D FC            MOV DWORD PTR SS:[EBP-4],ECX
00408449  837D FC 00         CMP DWORD PTR SS:[EBP-4],0
0040844D  75 09              JNZ SHORT Setup.00408458
0040844F  C745 F8 00000000   MOV DWORD PTR SS:[EBP-8],0
00408456  EB 09              JMP SHORT Setup.00408461
00408458  8B45 FC            MOV EAX,DWORD PTR SS:[EBP-4]
0040845B  8B48 20            MOV ECX,DWORD PTR DS:[EAX+20] ; *boom*
0040845E  894D F8            MOV DWORD PTR SS:[EBP-8],ECX
00408461  8B45 F8            MOV EAX,DWORD PTR SS:[EBP-8]
00408464  8BE5               MOV ESP,EBP
00408466  5D                 POP EBP
00408467  C3                 RETN 
--- snip ---

Debugger session, showing 'WM_CTLCOLORSTATIC' case which reaches the app
hander:

--- snip ---
Wine-dbg>bt
Backtrace:

=>0 0x0044483f in setup (+0x4483f) (0x0033e030)
  1 0x0041006d in setup (+0x1006c) (0x0033e0d0)
  2 0x0040c272 in setup (+0xc271) (0x0033e0f0)
  3 0x0040e1d2 in setup (+0xe1d1) (0x0033e114)
  4 0x0041032a in setup (+0x10329) (0x0033e1b0)
  5 0x0040c272 in setup (+0xc271) (0x0033e1d0)
  6 0x0040ec1f in setup (+0xec1e) (0x0033e238)
  7 0x0040ecae in setup (+0xecad) (0x0033e258)
  8 0x7ec62b8a WINPROC_wrapper+0x19() in user32 (0x0033e288)
  9 0x7ec62cff call_window_proc+0xcc(hwnd=0x20050, msg=0x138, wp=0x40046,
lp=0x20062, result=0x33e36c, arg=0x40ec78)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:244] in user32
(0x0033e2c8)
  10 0x7ec64e98 WINPROC_call_window+0x15d(hwnd=0x20050, msg=0x138,
wParam=0x40046, lParam=0x20062, result=0x33e36c, unicode=0x1, mapping=3401080)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:900] in user32
(0x0033e318)
  11 0x7ec21e3e call_window_proc+0xbf(hwnd=0x20050, msg=0x138, wparam=0x40046,
lparam=0x20062, unicode=0x1, same_thread=0x1, mapping=3401080)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:2223] in user32
(0x0033e378)
  12 0x7ec24c73 send_message+0x137(info=0x33e3f0, res_ptr=0x33e41c,
unicode=0x1)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3263] in user32
(0x0033e3d8)
  13 0x7ec25291 SendMessageW+0x60(hwnd=0x20050, msg=0x138, wparam=0x40046,
lparam=0x20062)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3457] in user32
(0x0033e428)
  14 0x7ebbd755 ButtonWndProc_common+0x9e2(hWnd=0x20062, uMsg=0xc, wParam=0,
lParam=0x33e988, unicode=0x1)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/button.c:387] in user32
(0x0033e578)
  15 0x7ec6558a ButtonWndProcW+0x3f(hwnd=0x20062, msg=0xc, wParam=0,
lParam=0x33e988)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:1062] in user32
(0x0033e5a8)
  16 0x7ec62b8a WINPROC_wrapper+0x19() in user32 (0x0033e5d8)
  17 0x7ec62cff call_window_proc+0xcc(hwnd=0x20062, msg=0xc, wp=0, lp=0x33e988,
result=0x33e648, arg=0x7ec6554a)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:244] in user32
(0x0033e618)
  18 0x7ec65153 CallWindowProcW+0x69(func=0x7ec6554a, hwnd=0x20062, msg=0xc,
wParam=0, lParam=0x33e988)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:981] in user32
(0x0033e654)
  19 0x0040c13a in setup (+0xc139) (0x0033e674)
  20 0x0040c289 in setup (+0xc288) (0x0033e690)
  21 0x0040ec1f in setup (+0xec1e) (0x0033e6f8)
  22 0x0040ecae in setup (+0xecad) (0x0033e718)
...
--- snip ---

Using the hack from bug 14879 avoids the crash.
Resolving as dupe for now.

$ sha1sum DoW2_Demo.zip 
e88aae392f26843a483cb6789b3a4f793c561e0e  DoW2_Demo.zip

$ du -sh DoW2_Demo.zip 
334M    DoW2_Demo.zip

$ wine --version
wine-1.7.27-59-g857a35e

Regards

*** This bug has been marked as a duplicate of bug 14879 ***

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list