[Bug 32671] PhotoLine 32 v18.x crashes on startup (missing error handling on creation of multi-profile color transform)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Aug 3 16:16:02 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=32671
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
Summary|wine: Unhandeled stack |PhotoLine 32 v18.x crashes
|overflow by PhotoLine32 |on startup (missing error
| |handling on creation of
| |multi-profile color
| |transform)
--- Comment #11 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
*always* provide the exact application version to reproduce the bug.
Deducing from OP's initial comment date (early 2013) it's likely PhotoLine 32
v18.x being the culprit here.
The current vendor download is PhotoLine 32 v19.x which works fine.
I could reproduce a crash with v18 (released in 2013), which I found on some
shady site.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/PhotoLine
$ WINEDEBUG=+tid,+seh,+relay,+mscms wine ./PhotoLine.exe >>log.txt 2>&1
...
0027:Call KERNEL32.LoadLibraryW(003224dc L"C:\\windows\\system32\\mscms.dll")
ret=006d5ca1
...
0027:Ret KERNEL32.LoadLibraryW() retval=7d0d0000 ret=006d5ca1
...
0027:Call mscms.SelectCMM(57696e20) ret=006a73e6
0027:fixme:mscms:SelectCMM ('Win ') stub
0027:Ret mscms.SelectCMM() retval=00000001 ret=006a73e6
...
0027:Call mscms.OpenColorProfileA(00322734,00000001,00000001,00000003)
ret=006a78c1
0027:trace:mscms:OpenColorProfileA ( 0x322734, 0x00000001, 0x00000001,
0x00000003 )
...
0027:trace:mscms:OpenColorProfileW ( 0x32266c, 0x00000001, 0x00000001,
0x00000003 )
0027:trace:mscms:OpenColorProfileW profile file: L"C:\\Program
Files\\PhotoLine\\Defaults\\ISOcoated_v2_eci.icc"
...
0027:Call KERNEL32.CreateFileW(001a0438 L"C:\\Program
Files\\PhotoLine\\Defaults\\ISOcoated_v2_eci.icc",80000000,00000001,00000000,00000003,00000000,00000000)
ret=7d0d8c62
0027:Ret KERNEL32.CreateFileW() retval=00000248 ret=7d0d8c62
0027:Call KERNEL32.GetFileSize(00000248,00000000) ret=7d0d8e28
0027:Ret KERNEL32.GetFileSize() retval=001be8d5 ret=7d0d8e28
...
0027:Call KERNEL32.ReadFile(00000248,0ce90020,001be8d5,003225a8,00000000)
ret=7d0d8f44
0027:Ret KERNEL32.ReadFile() retval=00000001 ret=7d0d8f44
...
0027:Ret mscms.OpenColorProfileA() retval=00000001 ret=006a78c1
...
0027:Call mscms.IsColorProfileValid(00000001,0032271c) ret=006a78fb
0027:trace:mscms:IsColorProfileValid ( 0x1, 0x32271c )
0027:Ret mscms.IsColorProfileValid() retval=00000001 ret=006a78fb
...
0027:Call mscms.OpenColorProfileA(00322734,00000001,00000001,00000003)
ret=006a78c1
0027:trace:mscms:OpenColorProfileA ( 0x322734, 0x00000001, 0x00000001,
0x00000003 )
0027:trace:mscms:OpenColorProfileW ( 0x322734, 0x00000001, 0x00000001,
0x00000003 )
...
0027:Ret mscms.OpenColorProfileA() retval=00000002 ret=006a78c1
0027:Call mscms.IsColorProfileValid(00000002,0032271c) ret=006a78fb
0027:trace:mscms:IsColorProfileValid ( 0x2, 0x32271c )
0027:Ret mscms.IsColorProfileValid() retval=00000001 ret=006a78fb
...
0027:Call
mscms.CreateMultiProfileTransform(003227d0,00000002,003227c4,00000002,00000003,00000000)
ret=006a74bf
0027:trace:mscms:CreateMultiProfileTransform ( 0x3227d0, 0x00000002, 0x3227c4,
0x00000002, 0x00000003, 0x00000000 )
0027:trace:mscms:GetColorProfileHeader ( 0x1, 0x3225f0 )
0027:trace:mscms:from_profile color space: 0x434d594b 'CMYK'
0027:trace:mscms:GetColorProfileHeader ( 0x2, 0x3225f0 )
0027:trace:mscms:from_profile color space: 0x52474220 'RGB '
...
0027:trace:mscms:lcms_error_handler 9 "Wrong output color space on transform"
...
0027:Ret mscms.CreateMultiProfileTransform() retval=00000001 ret=006a74bf
...
0027:Call
mscms.TranslateColors(00000001,003228a0,00000001,00000007,003248a0,00000002)
ret=006a75bf
0027:trace:mscms:TranslateColors ( 0x1, 0x3228a0, 1, 7, 0x3248a0, 2 )
0027:trace:mscms:from_type color type: 0x00000002
0027:trace:mscms:from_type color type: 0x00000007
0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7cb564c3
ip=7cb564c3 tid=0027
0027:trace:seh:raise_exception info[0]=00000000
0027:trace:seh:raise_exception info[1]=000000ab
0027:trace:seh:raise_exception eax=00000000 ebx=7cb86000 ecx=00000000
edx=7bd01da8 esi=00000000 edi=003227e8
0027:trace:seh:raise_exception ebp=003227c8 esp=003226e0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
0027:trace:seh:call_stack_handlers calling handler at 0xeb6c7b code=c0000005
flags=0
...
Unhandled exception: page fault on read access to 0x000000ab in 32-bit code
(0x7cb564c3).
...
Backtrace:
=>0 0x7cb564c3 cmsChangeBuffersFormat+0x23() in liblcms2.so.2 (0x003227c8)
1 0x7d0da874 TranslateColors+0xd7(handle=0x1, in=0x3228a0, count=0x1,
input_type=COLOR_CMYK, out=0x3248a0, output_type=COLOR_RGB)
[/home/focht/projects/wine/wine.repo/src/dlls/mscms/transform.c:371] in mscms
(0x003227c8)
2 0x7bc7e52e relay_call+0x39() in ntdll (0x003227f4)
3 0x7d0d420d in mscms (+0x420c) (0x003268ac)
4 0x006a75bf in photoline (+0x2a75be) (0x003268ac)
5 0x00754e6f in photoline (+0x354e6e) (0x00327a74)
0x7cb564c3 cmsChangeBuffersFormat+0x23 in liblcms2.so.2: testb
$0x2,0xab(%esi)
Modules:
Module Address Debug info Name (115 modules)
PE 400000- 14c7000 Export photoline
ELF 495dd000-495fb000 Deferred libgcc_s.so.1
ELF 7b800000-7ba71000 Deferred kernel32<elf>
\-PE 7b820000-7ba71000 \ kernel32
...
Threads:
process tid prio (all id:s are in hex)
...
00000026 (D) C:\Program Files\PhotoLine\PhotoLine.exe
0000002a 0
00000029 0
00000028 0
00000027 0 <==
--- snip ---
Using winedbg proxy mode:
--- snip ---
...
Program received signal SIGSEGV, Segmentation fault.
cmsChangeBuffersFormat (hTransform=0x0, InputFormat=393250,
OutputFormat=262170) at cmsxform.c:1118
1118 if (!(xform ->dwOriginalFlags & cmsFLAGS_CAN_CHANGE_FORMATTER)) {
Wine-gdb> bt
#0 cmsChangeBuffersFormat (hTransform=0x0, InputFormat=393250,
OutputFormat=262170) at cmsxform.c:1118
#1 0x7cc3c874 in TranslateColors (handle=0x1, in=0x3328e0, count=1,
input_type=COLOR_CMYK, out=0x3348e0, output_type=COLOR_RGB)
at /home/focht/projects/wine/wine.repo/src/dlls/mscms/transform.c:371
#2 0x006a75bf in ?? ()
#3 0x00754e6f in ?? ()
#4 0x00000000 in ?? ()
--- snip ---
The missing error handling of 'cmsCreateMultiprofileTransform()' causes a
transform handle being returned when it shouldn't.
The path leading to failure itself could be another issue.
Source:
https://source.winehq.org/git/wine.git/blob/685b931c2a11219da3949cd1ad5a1fa9d7db26cb:/dlls/mscms/transform.c#l204
--- snip ---
204 HTRANSFORM WINAPI CreateMultiProfileTransform( PHPROFILE profiles, DWORD
nprofiles,
205 PDWORD intents, DWORD nintents, DWORD flags, DWORD cmm )
206 {
207 HTRANSFORM ret = NULL;
208 #ifdef HAVE_LCMS2
209 cmsHPROFILE *cmsprofiles, cmsconvert = NULL;
210 struct transform transform;
211 struct profile *profile0, *profile1;
212 DWORD in_format, out_format;
...
243 cmsprofiles = HeapAlloc( GetProcessHeap(), 0, (nprofiles + 1) *
sizeof(cmsHPROFILE) );
244 if (cmsprofiles)
245 {
246 cmsprofiles[0] = profile0->cmsprofile;
247 if (cmsconvert)
248 {
249 cmsprofiles[1] = cmsconvert;
250 cmsprofiles[2] = profile1->cmsprofile;
251 nprofiles++;
252 }
253 else
254 {
255 cmsprofiles[1] = profile1->cmsprofile;
256 }
257 transform.cmstransform = cmsCreateMultiprofileTransform(
cmsprofiles, nprofiles, in_format, out_format, *intents, 0 );
258
259 HeapFree( GetProcessHeap(), 0, cmsprofiles );
260 ret = create_transform( &transform );
261 }
262
263 release_profile( profile0 );
264 release_profile( profile1 );
265
266 #endif /* HAVE_LCMS2 */
267 return ret;
268 }
--- snip ---
(line 257)
$ sha1sum pl.exe
41043a0ee25ece198a3b91e176900c97901c1252 pl.exe
$ du -sh pl.exe
21M pl.exe
$ wine --version
wine-1.7.48-100-ge3c6777
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list