[Bug 21579] Multiple applications crash with builtin RichEdit (text host window/gui control methods must not be called during CreateTextServices)(Yahoo Messenger 10, BSSB-Win, ICQ 6,7,8)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Feb 8 04:52:42 CST 2015
https://bugs.winehq.org/show_bug.cgi?id=21579
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
Summary|Yahoo Messenger 10 crash |Multiple applications crash
|when opening IM window with |with builtin RichEdit (text
|a contact |host window/gui control
| |methods must not be called
| |during
| |CreateTextServices)(Yahoo
| |Messenger 10, BSSB-Win, ICQ
| |6,7,8)
--- Comment #22 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
refining summary and copying my analysis from bug 35416 here.
--- snip ---
$ LC_ALL=de_DE WINEDEBUG=+tid,+seh,+relay,+ole,+variant,+snoop wine
./BSSB_Win.exe >>log.txt 2>&1
...
0024:Ret PE DLL (proc=0x7ac4b570,module=0x7ac10000
L"riched20.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0024:Ret KERNEL32.LoadLibraryA() retval=7ac10000 ret=60003485
0024:Call KERNEL32.GetLastError() ret=6000348d
0024:Ret KERNEL32.GetLastError() retval=00000000 ret=6000348d
0024:Call KERNEL32.GetProcAddress(7ac10000,600b3978 "CreateTextServices")
ret=6000353f
0024:Ret KERNEL32.GetProcAddress() retval=7ac15644 ret=6000353f
...
0024:Call riched20.CreateTextServices(0014ed78,0014edd4,0014eddc) ret=600200a1
...
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6001ac4e
ip=6001ac4e tid=0024
0024:trace:seh:raise_exception info[0]=00000000
0024:trace:seh:raise_exception info[1]=00000044
0024:trace:seh:raise_exception eax=00000000 ebx=0033f0c4 ecx=0014edd4
edx=7ac42464 esi=00000044 edi=0033f0c4
0024:trace:seh:raise_exception ebp=0014edd4 esp=0033f034 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
0024:trace:seh:call_stack_handlers calling handler at 0x660291be code=c0000005
flags=0
0024:trace:seh:call_stack_handlers handler at 0x660291be returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x6602e521 code=c0000005
flags=0
0024:trace:seh:call_stack_handlers handler at 0x6602e521 returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x660eeead code=c0000005
flags=0
...
Backtrace:
=>0 0x6001ac4e in fm20 (+0x1ac4e) (0x0014edd4)
1 0x00000000 (0x600b2598)
2 0x6001afab in fm20 (+0x1afaa) (0x6001afa1)
3 0xf123e94c (0x04246c83)
0x6001ac4e: movsl (%esi),%es:(%edi)
Modules:
Module Address Debug info Name (88 modules)
PE 400000- a50000 Deferred bssb_win
...
Threads:
process tid prio (all id:s are in hex)
...
00000023 (D) C:\Program Files\BSSB_Win\BSSB_Win.exe
00000024 0 <==
--- snip ---
Debugger session:
--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x7ac22194 ME_SetDefaultFormatRect+0x12(editor=0x14a28e8)
[/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:2708] in riched20
(0x0033f138)
1 0x7ac277ad ME_HandleMessage+0x49b5(editor=0x14a28e8, msg=0x1, wParam=0,
lParam=0, unicode=0x1, phresult=0x33f6b0)
[/home/focht/projects/wine/wine-git/dlls/riched20/editor.c:4006] in riched20
(0x0033f688)
2 0x7ac436cb CreateTextServices+0x1a6(pUnkOuter=<couldn't compute location>,
pITextHost=<couldn't compute location>, ppUnk=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/riched20/txtsrv.c:417] in riched20
(0x0033f6d8)
3 0x600200a1 in fm20 (+0x200a0) (0x0033f70c)
4 0x600a64e2 in fm20 (+0xa64e1) (0x0013e184)
5 0x00000000 (0x600b2598)
6 0x6001afab in fm20 (+0x1afaa) (0x6001afa1)
7 0xf123e94c (0x04246c83)
Wine-dbg>l
2708 ITextHost_TxGetClientRect(editor->texthost, &editor->rcFormat);
2709 editor->rcFormat.top += editor->exStyleFlags & WS_EX_CLIENTEDGE ? 1 :
0;
2710 editor->rcFormat.left += 1 + editor->selofs;
2711 editor->rcFormat.right -= 1;
2712 }
p *editor->texthost
{lpVtbl=0x600b2598}
--- snip ---
The problem is the app (text host) doesn't expect window/ui control methods
being called in CreateTextServices().
Source:
http://source.winehq.org/git/wine.git/blob/6c1b292f0b781c08041867f2508df5df164f61c6:/dlls/riched20/txtsrv.c#l392
--- snip ---
392 HRESULT WINAPI CreateTextServices(IUnknown *pUnkOuter, ITextHost
*pITextHost, IUnknown **ppUnk)
393 {
...
416
417 ME_HandleMessage(ITextImpl->editor, WM_CREATE, 0, 0, TRUE, &hres);
418
...
--- snip ---
Austin's workaround:
https://bugs.winehq.org/attachment.cgi?id=50272&action=diff
Also tested with ICQ 8.x: http://exe.icq.com/icq.exe
$ sha1sum icq_rfrset.exe
f34b5b0584b329006b16fb2411c84c5d9e3dc73e icq_rfrset.exe
$ du -sh icq_rfrset.exe
37M icq_rfrset.exe
$ wine --version
wine-1.7.36
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list