[Bug 38901] MEGAsync 2.1.x crashes when downloading external files (not from your account) to your HDD

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jul 12 13:43:07 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=38901

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
          Component|-unknown                    |winhttp
            Summary|MEGAsync crashes when       |MEGAsync 2.1.x crashes when
                   |downloading external files  |downloading external files
                   |(not from your account) to  |(not from your account) to
                   |your HDD                    |your HDD
     Ever confirmed|0                           |1

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

--- snip ---
Wine-dbg>c

Unhandled exception: page fault on read access to 0x02edcec4 in 32-bit code
(0xf74f1749).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:f74f1749 ESP:0a0be928 EBP:0a0be968 EFLAGS:00210206(  R- --  I   - -P- )
 EAX:02ddcf04 EBX:f757b000 ECX:00100000 EDX:07170020
 ESI:00000000 EDI:0a0bfb40
Stack dump:
0x0a0be928:  00000000 7e9a38db 07170020 02ddcf04
0x0a0be938:  00100000 00000040 0a0be960 f7598000
0x0a0be948:  0a0be970 00000039 02ddef28 02ddef28
0x0a0be958:  00000000 00100000 00000003 00000000
0x0a0be968:  0a0be9a8 7e9a4895 02ddce38 07170020
0x0a0be978:  00100000 00000000 00000001 00000002
Backtrace:
=>0 0xf74f1749 __memcpy_sse2_unaligned+0x199() in libc.so.6 (0x0a0be968)
  1 0x7e9a38db read_data+0xae(request=0x2ddce38, buffer=0x7170020,
size=0x100000, read=0x0(nil), async=0x1)
[/home/focht/projects/wine/wine.repo/src/dlls/winhttp/request.c:2209] in
winhttp (0x0a0be968)
  2 0x7e9a4895 task_read_data+0x40(task=0x2de0420)
[/home/focht/projects/wine/wine.repo/src/dlls/winhttp/request.c:2559] in
winhttp (0x0a0be9a8)
  3 0x7e99db26 task_proc+0x77(param=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winhttp/request.c:212] in winhttp
(0x0a0bea08)
  4 0x7bc95c48 call_thread_func_wrapper+0xb() in ntdll (0x0a0bea28)
  5 0x7bc95c85 call_thread_func+0x32(entry=0x7e99daae, arg=0x2ddce38,
frame=0xa0beb28)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2732] in
ntdll (0x0a0beb08)
  6 0x7bc95c26 call_thread_entry_point+0x11() in ntdll (0x0a0beb28)
  7 0x7bc9cc93 start_thread+0x108(info=0x81de4fb8)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/thread.c:443] in ntdll
(0x0a0bf368)
  8 0xf7585380 start_thread+0xdf() in libpthread.so.0 (0x0a0bf428)
  9 0xf74aad4e __clone+0x5d() in libc.so.6 (0x00000000)

Wine-dbg>frame 1

2210            remove_data( request, count );

Wine-dbg>info locals

0x7e9a38da read_data+0xae: (0a0be968)
    request_t* request=0x2ddce38 (parameter [EBP+8])
    void* buffer=0x7170020 (parameter [EBP+12])
    DWORD size=0x100000 (parameter [EBP+16])
    DWORD* read=0x0(nil) (parameter [EBP+20])
    BOOL async=0x1 (parameter [EBP+24])
    int count=0x100000 (local [EBP-12])
    int bytes_read=0 (local [EBP-16])

Wine-dbg>p *request

{hdr={type=0x3, handle=0x43, vtbl=0x7e9b30d8, flags=0, disable_flags=0,
logon_policy=0, redirect_policy=0x1, error=0, context=0x13a1df8, refs=0x2,
callback=0x4d6fd0, notify_mask=0x7f0c30, entry={next=0x2ddc090,
prev=0x2ddc090}, children={next=0x2ddce70, prev=0x2ddce70}}, connect=0x2ddc058,
verb="POST",
path="/dl/Xn69XlQ7lO_MVgJU9vFK5bq4Tv6uRbJIntRDFpE_tokX-Yk1LUrAxbIZHD-MBGePZvBMO8oeC7FZ_VqwNBHyvXKJYJmd3rSePcURsYfEGEFummlnRg/26738688-27787263",
version="HTTP/1.1", raw_headers="HTTP/1.1 403 Rate Limit Exceeded
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: MEGA-Chrome-Antileak
Access-Control-Max-Age: 86400
Connection: close
", optional=0x0(nil), optional_len=0, netconn={socket=0x256, secure=0,
ssl_ctx={dwLower=0, dwUpper=0}, ssl_sizes={cbHeader=0, cbTrailer=0,
cbMaximumMessage=0, cbBuffers=0, cbBlockSize=0}, ssl_buf=0x0(nil),
extra_buf=0x0(nil), extra_len=0, peek_msg=0x0(nil), peek_msg_mem=0x0(nil),
peek_len=0, security_flags=0}, resolve_timeout=0xe290, connect_timeout=0xe290,
send_timeout=0, recv_timeout=0, status_text="Rate Limit Exceeded",
content_length=0xffffffff, content_read=0, read_chunked=0, read_chunked_eof=0,
read_chunked_size=0xffffffff, read_pos=0, read_size=0xffffffff, read_buf="...",
headers=0x2de04f0, num_headers=0xa, accept_types=(nil), num_accept_types=0,
authinfo=(nil), proxy_authinfo=(nil), task_wait=0xa04, task_cancel=0xa18,
task_thread=0xa24, task_queue={next=0x2ddef28, prev=0x2ddef28},
task_cs={DebugInfo=0x2dd14a0, LockCount=0xffffffff, RecursionCount=0,
OwningThread=0x0(nil), LockSemaphore=0x0(nil), SpinCount=0},
creds={{username=0x0(nil), password=0x0(nil)}, {username=0x0(nil),
password=0x0(nil)}, {username=0x0(nil), password=0x0(nil)}, {username=0x0(nil),
password=0x0(nil)}, {username=0x0(nil), password=0x0(nil)}}}

...
--- snip ---

App WINHTTP_STATUS_CALLBACK:

--- snip ---

Wine-dbg>

0x7e9a8f4a send_callback+0xb2
[/home/focht/projects/wine/wine.repo/src/dlls/winhttp/session.c:76] in winhttp:
call    *%ebx
76            hdr->callback( hdr->handle, hdr->context, status, info, buflen );

Wine-dbg>si

fixme:winedbg:be_i386_is_jump unknown 6a
0x004d6fd0: pushl    $0xff

Wine-dbg>si

0x004d6fd2: pushl    $0x595029

...
--- snip ---

Trace of one of multiple threads that causes a fault (large number of parallel
download threads):

--- snip ---
...
004f:trace:winhttp:read_line returning ""
004f:trace:winhttp:read_reply raw headers: L"HTTP/1.1 403 Rate Limit
Exceeded\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers:
MEGA-Chrome-Antileak\r\nAccess-Control-Max-Age: 86400\r\nConnection: close\r\n"
004f:trace:winhttp:query_headers attribute L"Status"
004f:trace:winhttp:get_header_index L"Status"
004f:trace:winhttp:get_header_index returning 5
004f:trace:winhttp:query_headers returning number: 403
004f:trace:winhttp:query_headers attribute L"Content-Length"
004f:trace:winhttp:get_header_index L"Content-Length"
004f:trace:winhttp:get_header_index returning -1
004f:trace:winhttp:query_headers attribute L"Transfer-Encoding"
004f:trace:winhttp:get_header_index L"Transfer-Encoding"
004f:trace:winhttp:get_header_index returning -1
004f:trace:winhttp:send_callback 0xfe1aa0, 0x00020000, (nil), 0
004f:Call
winhttp.WinHttpQueryHeaders(00000043,20000013,00000000,07bbd37c,07bbd374,00000000)
ret=004d7307
004f:trace:winhttp:WinHttpQueryHeaders 0x43, 0x20000013, (null), 0x7bbd37c,
0x7bbd374, (nil)
004f:trace:winhttp:addref_object 0xfe1aa0 -> refcount = 3
004f:trace:winhttp:grab_object handle 0x43 -> 0xfe1aa0
004f:trace:winhttp:query_headers attribute L"Status"
004f:trace:winhttp:get_header_index L"Status"
004f:trace:winhttp:get_header_index returning 5
004f:trace:winhttp:query_headers returning number: 403
004f:trace:winhttp:release_object object 0xfe1aa0 refcount = 2
004f:Ret  winhttp.WinHttpQueryHeaders() retval=00000001 ret=004d7307
004f:Call winhttp.WinHttpQueryDataAvailable(00000043,00000000) ret=004d761e
004f:trace:winhttp:WinHttpQueryDataAvailable 0x43, (nil)
004f:trace:winhttp:addref_object 0xfe1aa0 -> refcount = 3
004f:trace:winhttp:grab_object handle 0x43 -> 0xfe1aa0 
...
004f:trace:winhttp:addref_object 0xfe1aa0 -> refcount = 4
004f:trace:winhttp:queue_task queueing task 0x190318
004f:Call KERNEL32.SetEvent(00000574) ret=7e99de2f
004f:Ret  KERNEL32.SetEvent() retval=00000001 ret=7e99de2f
004f:trace:winhttp:release_object object 0xfe1aa0 refcount = 3
004f:Ret  winhttp.WinHttpQueryDataAvailable() retval=00000001 ret=004d761e
004f:trace:winhttp:send_callback returning from 0x00020000 callback
004f:trace:winhttp:release_object object 0xfe1aa0 refcount = 2
...
004f:trace:winhttp:dequeue_task 1 tasks queued
004f:trace:winhttp:dequeue_task returning task 0x190318
004f:trace:winhttp:send_callback 0xfe1aa0, 0x00040000, 0x7bbe964, 4
004f:Call winhttp.WinHttpReadData(00000043,061a0020,00100000,00000000)
ret=004d7a0f
004f:trace:winhttp:WinHttpReadData 0x43, 0x61a0020, 1048576, (nil)
004f:trace:winhttp:addref_object 0xfe1aa0 -> refcount = 3
004f:trace:winhttp:grab_object handle 0x43 -> 0xfe1aa0
...
004f:trace:winhttp:addref_object 0xfe1aa0 -> refcount = 4
004f:trace:winhttp:queue_task queueing task 0x190260
004f:Call KERNEL32.SetEvent(00000574) ret=7e99de2f
004f:Ret  KERNEL32.SetEvent() retval=00000001 ret=7e99de2f
004f:trace:winhttp:release_object object 0xfe1aa0 refcount = 3
004f:Ret  winhttp.WinHttpReadData() retval=00000001 ret=004d7a0f
004f:Call KERNEL32.SetEvent(0000012c) ret=004d7a90
004f:Ret  KERNEL32.SetEvent() retval=00000001 ret=004d7a90
004f:trace:winhttp:send_callback returning from 0x00040000 callback
004f:trace:winhttp:query_data_available 4294967295 bytes available
004f:trace:winhttp:release_object object 0xfe1aa0 refcount = 2
004f:Call ntdll.RtlFreeHeap(00110000,00000000,00190318) ret=7e99d0b6
004f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7e99d0b6
004f:trace:winhttp:dequeue_task 1 tasks queued
004f:trace:winhttp:dequeue_task returning task 0x190260
004f:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf74ff749
ip=f74ff749 tid=004f
004f:trace:seh:raise_exception  info[0]=00000000
004f:trace:seh:raise_exception  info[1]=010e1b2c
004f:trace:seh:raise_exception  eax=00fe1b6c ebx=f7589000 ecx=00100000
edx=061a0020 esi=00000000 edi=07bbfb40
004f:trace:seh:raise_exception  ebp=07bbe968 esp=07bbe928 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
004f:trace:seh:call_stack_handlers calling handler at 0x7bcb1cc3 code=c0000005
flags=0 
--- snip ---

$ sha1sum MEGAsyncSetup.exe 
96f23b32524f9d560ba62797564edea24d43779a  MEGAsyncSetup.exe

$ du -sh MEGAsyncSetup.exe 
8.9M    MEGAsyncSetup.exe

$ wine --version
wine-1.7.47

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list