[Bug 21150] Memorex exPressit Label Design Studio 4.x crashes when creating a new project (ieframe 'IOleObject::Advise' is a stub)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Dec 7 09:38:10 CST 2015
https://bugs.winehq.org/show_bug.cgi?id=21150
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
Component|shdocvw |ieframe
Summary|exPressit crashes |Memorex exPressit Label
| |Design Studio 4.x crashes
| |when creating a new project
| |(ieframe
| |'IOleObject::Advise' is a
| |stub)
--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming, still present.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Memorex exPressit Label Design
Studio/STCD
$ WINEDEBUG=+tid,+seh,+relay,+ieframe wine ./stcd.exe >>log.txt 2>&1
...
0027:Call user32.CreateWindowExA(00000000,005882fc
"MVWebBrowserClass",00000000,4000001e,00000000,00000000,000000c8,0000037b,00020188,00000f05,00400000,0015b69a)
ret=0024eb4d
...
0027:Call user32.CreateWindowExW(00000100,7ce38f80 L"Shell Embedding",7ce38f80
L"Shell
Embedding",46010000,00000000,00000000,00000000,00000000,000201b0,00000000,7ce00000,051c3410)
ret=7ce231a7
...
0027:Ret user32.CreateWindowExW() retval=000201ae ret=7ce231a7
0027:trace:ieframe:create_shell_embedding_hwnd parent=0x201b0 hwnd=0x201ae
...
0027:fixme:ieframe:OleObject_Advise (0x51c3410)->(0x9f3260, 0x15bdde)
0027:Ret user32.CreateWindowExA() retval=000201b0 ret=0024eb4d
...
0027:Call user32.SendMessageA(000201b0,0000054f,00000000,00000000) ret=00486ad7
0027:Call window proc 0x2f08a0
(hwnd=0x201b0,msg=WM_USER+335,wp=00000000,lp=00000000)
0027:Call user32.GetWindowLongA(000201b0,fffffff0) ret=002f08b2
0027:Ret user32.GetWindowLongA() retval=4000001e ret=002f08b2
0027:Call user32.GetWindowLongA(000201b0,00000000) ret=002f08dc
0027:Ret user32.GetWindowLongA() retval=0015bdce ret=002f08dc
0027:Ret window proc 0x2f08a0
(hwnd=0x201b0,msg=WM_USER+335,wp=00000000,lp=00000000) retval=00000000
0027:Ret user32.SendMessageA() retval=00000000 ret=00486ad7
0027:Call msvcr70.memset(0088e830,00000000,000000c8) ret=0048b283
0027:Ret msvcr70.memset() retval=0088e830 ret=0048b283
0027:Call msvcr70.memset(0088e8d0,00000000,00000028) ret=00552311
0027:Ret msvcr70.memset() retval=0088e8d0 ret=00552311
0027:Call user32.GetPropA(00020194,00587954 "MVDSTWinData") ret=0041d0e2
0027:Ret user32.GetPropA() retval=0015b69a ret=0041d0e2
0027:Call msvcr70.memset(0015c05e,00000000,0000009e) ret=100013a8
0027:Ret msvcr70.memset() retval=0015c05e ret=100013a8
0027:Call msvcr70.memmove(0015c062,029e294c,0000000e) ret=10007361
0027:Ret msvcr70.memmove() retval=0015c062 ret=10007361
...
0027:Call msvcr70.memmove(0015c34c,02a1426b,0000004e) ret=10007361
0027:Ret msvcr70.memmove() retval=0015c34c ret=10007361
0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x48ac2a ip=0048ac2a
tid=0027
0027:trace:seh:raise_exception info[0]=00000000
0027:trace:seh:raise_exception info[1]=00000000
0027:trace:seh:raise_exception eax=0088e91c ebx=0088eab0 ecx=00000000
edx=00000027 esi=0088eb04 edi=0088eac4
0027:trace:seh:raise_exception ebp=0088e930 esp=0088e3d0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210202
0027:trace:seh:call_stack_handlers calling handler at 0x57f70e code=c0000005
flags=0
...
wine: Unhandled page fault on read access to 0x00000000 at address 0x48ac2a
(thread 0027), starting debugger...
...
Backtrace:
=>0 0x0048ac2a in stcd (+0x8ac2a) (0x0088e930)
1 0x00486aea in stcd (+0x86ae9) (0x0088e944)
2 0x00486b3c in stcd (+0x86b3b) (0x0088e958)
3 0x00421aac in stcd (+0x21aab) (0x0088e9e8)
4 0x7ea00176 WINPROC_wrapper+0x19() in user32 (0x0088ea18)
5 0x7ea0028f call_window_proc+0xa1(hwnd=0x20194, msg=0x84, wp=0,
lp=0x2c5044e, result=0x88ea88, arg=0x421050)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:245] in user32
(0x0088ea58)
6 0x7ea020cf CallWindowProcA+0x4f(func=<couldn't compute location>,
hwnd=<couldn't compute location>, msg=<couldn't compute location>,
wParam=<couldn't compute location>, lParam=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winproc.c:956] in user32
(0x0088ea98)
7 0x7bc7a126 relay_call+0x39() in ntdll (0x0088ead8)
8 0x7e96f625 in user32 (+0xf624) (0x0088eb18)
9 0x00271c3f in dwwin (+0x31c3e) (0x0088eb18)
10 0x7ea00176 WINPROC_wrapper+0x19() in user32 (0x0088eb48)
...
22 0x7e9cc289 PeekMessageA+0x49(msg=<couldn't compute location>,
hwnd=<couldn't compute location>, first=<couldn't compute location>,
last=<couldn't compute location>, flags=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/message.c:3794] in user32
(0x0088f708)
23 0x7bc7a126 relay_call+0x39() in ntdll (0x0088f74c)
24 0x7e9720fd in user32 (+0x120fc) (0x0088f79c)
25 0x00246538 in dwwin (+0x6537) (0x0088f79c)
26 0x002467a6 in dwwin (+0x67a5) (0x0088f7b4)
27 0x002d1d0b in dwwin (+0x91d0a) (0x0088f7c8)
28 0x002d2944 in dwwin (+0x92943) (0x0088fa68)
29 0x0024fadb in dwwin (+0xfada) (0x0088fba4)
30 0x0027185b in dwwin (+0x3185a) (0x0088fbc4)
31 0x004a3284 in stcd (+0xa3283) (0x0088fd9c)
32 0x0057f3e1 in stcd (+0x17f3e0) (0x0088fe40)
33 0x7b8680ec call_process_entry+0xb() in kernel32 (0x0088fe58)
...
0x0048ac2a: movl 0x0(%ecx),%edx
Modules:
Module Address Debug info Name (142 modules)
PE 240000- 370000 Export dwwin
PE 370000- 3bf000 Deferred ltimg13n
PE 3c0000- 3cd000 Deferred lttwn13n
PE 3d0000- 3eb000 Deferred mvmcc
PE 3f0000- 3f9000 Deferred mvgallery
PE 400000- 68c000 Export stcd
PE 890000- 8da000 Deferred mvpictool
PE 29b0000- 29ba000 Deferred mvdmm2
PE 29c0000- 29c7000 Deferred mvdmm_generic
PE 29d0000- 29df000 Deferred mvdmm_itunes
PE 3670000- 3812000 Deferred ltclr13n
PE 4c60000- 4c6a000 Deferred mvdmm_wmp
PE 10000000-1001f000 Deferred dwmemman
...
ELF 7ac00000-7ac89000 Deferred riched20<elf>
\-PE 7ac20000-7ac89000 \ riched20
...
Threads:
process tid prio (all id:s are in hex)
...
00000026 (D) C:\Program Files\Memorex exPressit Label Design
Studio\STCD\stcd.exe
00000027 0 <==
--- snip ---
Preceding the crash site there is a failing
'SendMessage(hwndBrowser,WM_USER+0x14f,0,0)' call that ought to return some
object/member data.
--- snip ---
00486AC0 55 PUSH EBP
00486AC1 8BEC MOV EBP,ESP
00486AC3 51 PUSH ECX
00486AC4 6A 00 PUSH 0 ; lParam = 0
00486AC6 6A 00 PUSH 0 ; wParam = 0
00486AC8 68 4F050000 PUSH 54F ; Msg = 54F
00486ACD 8B45 08 MOV EAX,DWORD PTR SS:[ARG.1]
00486AD0 50 PUSH EAX ; hWnd => [ARG.1]
00486AD1 FF15 48045800 CALL DWORD PTR DS:[<&USER32.SendMessageA>]
00486AD7 8945 FC MOV DWORD PTR SS:[LOCAL.1],EAX ; <--- NULL !
00486ADA 8B4D FC MOV ECX,DWORD PTR SS:[LOCAL.1]
00486ADD 51 PUSH ECX ; Arg2 => [LOCAL.1]
00486ADE 8B55 0C MOV EDX,DWORD PTR SS:[ARG.2]
00486AE1 8B42 06 MOV EAX,DWORD PTR DS:[EDX+6]
00486AE4 50 PUSH EAX ; Arg1
00486AE5 E8 F6400000 CALL 0048ABE0
00486AEA 8BE5 MOV ESP,EBP
00486AEC 5D POP EBP
00486AED C3 RETN
...
0048ABE0 55 PUSH EBP
0048ABE1 8BEC MOV EBP,ESP
0048ABE3 81EC 58050000 SUB ESP,558
0048ABE9 8D85 00FFFFFF LEA EAX,[LOCAL.64]
0048ABEF 50 PUSH EAX ; Arg2 (NULL)
0048ABF0 8B4D 08 MOV ECX,DWORD PTR SS:[ARG.1]
0048ABF3 51 PUSH ECX ; Arg1 => [ARG.1]
0048ABF4 E8 77060000 CALL 0048B270
0048ABF9 833D 203D5900 CMP DWORD PTR DS:[593D20],0
0048AC00 75 1C JNE SHORT 0048AC1E
0048AC02 68 243D5900 PUSH OFFSET 00593D24
0048AC07 68 04040000 PUSH 404
0048AC0C 8B15 F4DF5800 MOV EDX,DWORD PTR DS:[58DFF4]
0048AC12 52 PUSH EDX
0048AC13 FF15 A0085800 CALL DWORD PTR DS:[<&dwwin._dwLoadWordArray at 12>]
0048AC19 A3 203D5900 MOV DWORD PTR DS:[593D20],EAX
0048AC1E 8D45 EC LEA EAX,[LOCAL.5]
0048AC21 50 PUSH EAX
0048AC22 68 BC0D5800 PUSH OFFSET 00580DBC
0048AC27 8B4D 0C MOV ECX,DWORD PTR SS:[ARG.2] ; (NULL)
0048AC2A 8B11 MOV EDX,DWORD PTR DS:[ECX] ; *boom*
0048AC2C 8B45 0C MOV EAX,DWORD PTR SS:[ARG.2]
0048AC2F 50 PUSH EAX
0048AC30 FF12 CALL DWORD PTR DS:[EDX]
0048AC32 85C0 TEST EAX,EAX
0048AC34 74 05 JZ SHORT 0048AC3B
...
--- snip ---
In the app message handler for WM_USER+0x14F there is a check on member data
associated to the main browser window.
The member data is NULL at this point and the message handler short-circuits
here, without calling some internal member functions.
It's likely that proper sink hookup will activate more code paths that
create/instantiate missing member data.
Source:
http://source.winehq.org/git/wine.git/blob/10f35222dc8e7184963076a7e8e58ad64651638e:/dlls/ieframe/oleobject.c#l710
--- snip ---
710 static HRESULT WINAPI OleObject_Advise(IOleObject *iface, IAdviseSink
*pAdvSink,
711 DWORD* pdwConnection)
712 {
713 WebBrowser *This = impl_from_IOleObject(iface);
714 FIXME("(%p)->(%p, %p)\n", This, pAdvSink, pdwConnection);
715 return E_NOTIMPL;
716 }
--- snip ---
--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> Z:\home\focht\Downloads\exPressit.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 18222904 (01160F38h)
Byte(s)
Compilation TimeStamp : 0x370D108F -> Thu 08th Apr 1999 20:24:47 (GMT)
[TimeStamp] 0x370D108F -> Thu 08th Apr 1999 20:24:47 (GMT) | PE Header | - |
Offset: 0x000000D0 | VA: 0x004000D0 | -
[TimeStamp] 0x370D108F -> Thu 08th Apr 1999 20:24:47 (GMT) | Export | - |
Offset: 0x000007E4 | VA: 0x004021E4 | -
-> File Appears to be Digitally Signed @ Offset 0115F800h, size : 01738h /
05944 byte(s)
[File Heuristics] -> Flag #1 : 00000000000001001100000000000100 (0x0004C004)
[Entrypoint Section Entropy] : 5.56 (section #0) ".text " | Size : 0x1FE
(510) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x1163000 (18231296) byte(s)
[VersionInfo] Company Name : MicroVision Development
[VersionInfo] File Description : Memorex exPressit Label Design Studio
[VersionInfo] Legal Copyrights : MicroVision Development
[-= Installer =-] Wise Installation Wizard Module !
- Scan Took : 3.905 Second(s) [000000C17h (3095) tick(s)] [499 of 573 scan(s)
done]
Scanning -> C:\Program Files\Memorex exPressit Label Design
Studio\STCD\stcd.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2629632 (0282000h)
Byte(s)
Compilation TimeStamp : 0x43A70E18 -> Mon 19th Dec 2005 19:46:32 (GMT)
[TimeStamp] 0x43A70E18 -> Mon 19th Dec 2005 19:46:32 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x00400120 | -
[TimeStamp] 0x43A70E18 -> Mon 19th Dec 2005 19:46:32 (GMT) | Export | - |
Offset: 0x00186304 | VA: 0x00586304 | -
[TimeStamp] 0x43A70E18 -> Mon 19th Dec 2005 19:46:32 (GMT) | DebugDirectory | -
| Offset: 0x00180D04 | VA: 0x00580D04 | -
[File Heuristics] -> Flag #1 : 00000100000000001000000100000000 (0x04008100)
[Entrypoint Section Entropy] : 6.13 (section #0) ".text " | Size : 0x17E9EF
(1567215) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x28C000 (2670592) byte(s)
[Export] 100% of function(s) (1 of 1) are in file | 0 are forwarded | 1 code |
0 data | 0 uninit data | 0 unknown |
[VersionInfo] Company Name : MicroVision Development. Inc.
[VersionInfo] Product Name : Memorex exPressit Label Design Studio
[VersionInfo] Product Version : 4.3.206
[VersionInfo] File Description : Memorex exPressit Label Design Studio
[VersionInfo] File Version : 4.3.206
[VersionInfo] Original FileName : stcd.exe
[VersionInfo] Internal Name : stcd
[VersionInfo] Version Comments : \CompanyName
[VersionInfo] Legal Trademarks : : OriginalFilename
[VersionInfo] Legal Copyrights : Copyright © 1999-2003 MicroVision Development.
Inc. All rights reserved.
[Debug Info] (record 1 of 1) (file offset 0x180D00)
Characteristics : 0x0 | TimeDateStamp : 0x43A70E18 (Mon 19th Dec 2005 19:46:32
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x36 (54)
AddressOfRawData : 0x181284 | PointerToRawData : 0x181284
CvSig : 0x53445352 | SigGuid DC7D9825-5B1F-40E6-9B8FDF92224B4DFA
Age : 0x1 | Pdb : r:\dest\stcd\release\stcd.pdb
[CompilerDetect] -> Visual C++ 7.0 (Visual Studio 2002)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.579 Second(s) [000000243h (579) tick(s)] [499 of 573 scan(s)
done]
--- snip ---
$ sha1sum exPressit.exe
4c188381c51e109db43f6ac9a51655313dbd1906 exPressit.exe
$ du -sh exPressit.exe
18M exPressit.exe
$ wine --version
wine-1.8-rc3
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list