[Bug 38967] Lotus Approach from Lotus Smartsuite 9.8 crashes on startup (failure to read from OLE compound document files)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Jul 25 09:52:02 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38967
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
CC| |focht at gmx.net
Component|-unknown |ole32
Summary|Lotus Approach crashes on |Lotus Approach from Lotus
|start |Smartsuite 9.8 crashes on
| |startup (failure to read
| |from OLE compound document
| |files)
Ever confirmed|0 |1
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
No, it's not dupe of bug 19661 (that is win16 brain damage/garbage).
--- snip ---
$ pwd
/home/focht/.wine/drive_c/lotus/approach
$ WINEDEBUG=+tid,+seh,+relay,+ole,+storage wine ./approach.exe >>log.txt 2>&1
...
002c:Call ole32.StgIsStorageFile(0032c500
L"C:\\lotus\\smasters\\approach\\db2www.mpr") ret=5f1038e2
002c:trace:storage:StgIsStorageFile
L"C:\\lotus\\smasters\\approach\\db2www.mpr"
002c:Call KERNEL32.CreateFileW(0032c500
L"C:\\lotus\\smasters\\approach\\db2www.mpr",80000000,00000007,00000000,00000003,00000080,00000000)
ret=7e8b97e3
002c:Ret KERNEL32.CreateFileW() retval=00000104 ret=7e8b97e3
002c:Call KERNEL32.ReadFile(00000104,0032c47c,00000008,0032c478,00000000)
ret=7e8b9822
002c:Ret KERNEL32.ReadFile() retval=00000001 ret=7e8b9822
002c:Call KERNEL32.CloseHandle(00000104) ret=7e8b988e
002c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7e8b988e
002c:trace:storage:StgIsStorageFile -> YES
002c:Ret ole32.StgIsStorageFile() retval=00000000 ret=5f1038e2
...
002c:Call ole32.StgOpenStorage(0032c4e8
L"C:\\lotus\\smasters\\approach\\db2www.mpr",00000000,00000020,00000000,00000000,0032c6fc)
ret=5f1037db
002c:trace:storage:StgOpenStorage
(L"C:\\lotus\\smasters\\approach\\db2www.mpr", (nil), 20, (nil), 0, 0x32c6fc)
002c:Call KERNEL32.CreateFileW(0032c4e8
L"C:\\lotus\\smasters\\approach\\db2www.mpr",80000000,00000001,00000000,00000003,10000080,00000000)
ret=7e8b81ff
002c:Ret KERNEL32.CreateFileW() retval=00000104 ret=7e8b81ff
002c:Call KERNEL32.GetFileSize(00000104,00000000) ret=7e8b827e
002c:Ret KERNEL32.GetFileSize() retval=000a7600 ret=7e8b827e
...
002c:trace:storage:StorageImpl_LoadFileHeader
002c:trace:storage:FileLockBytesImpl_ReadAt (0x15a7a0)-> 0 0x32b008 512
0x32affc
...
002c:trace:storage:FileLockBytesImpl_ReadAt finished
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"Root Entry"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,00002044) ret=7e8b5947
002c:Ret ntdll.RtlAllocateHeap() retval=02250380 ret=7e8b5947
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 0 0x32b064 128
0x32b01c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"Root Entry"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,000000c0) ret=7e8b5444
002c:Ret ntdll.RtlAllocateHeap() retval=0224dd18 ret=7e8b5444
002c:trace:storage:FileLockBytesImpl_ReadAt (0x15a7a0)-> 512 0x32a180 512
0x32a12c
002c:Call
KERNEL32.SetFilePointerEx(00000104,00000200,00000000,00000000,00000000)
ret=7e879f7b
002c:Ret KERNEL32.SetFilePointerEx() retval=00000001 ret=7e879f7b
002c:Call KERNEL32.ReadFile(00000104,0032a180,00000200,0032a064,00000000)
ret=7e879fbe
002c:Ret KERNEL32.ReadFile() retval=00000001 ret=7e879fbe
002c:trace:storage:FileLockBytesImpl_ReadAt finished
...
002c:trace:storage:StorageBaseImpl_AddRef (0x2249a40) AddRef to 3
002c:trace:storage:StorageBaseImpl_Release (0x2249a40) ReleaseRef to 2
002c:Call KERNEL32.lstrcpynA(0032ca0c,0032c744
"C:\\lotus\\smasters\\approach\\db2www.mpr",0000007f) ret=0044a8b4
002c:Ret KERNEL32.lstrcpynA() retval=0032ca0c ret=0044a8b4
002c:Call KERNEL32.lstrlenA(006bdf34 "INFO") ret=5f10f730
002c:Ret KERNEL32.lstrlenA() retval=00000004 ret=5f10f730
002c:Call KERNEL32.MultiByteToWideChar(00000000,00000000,006bdf34
"INFO",00000005,0032c50c,00000005) ret=5f10f745
002c:Ret KERNEL32.MultiByteToWideChar() retval=00000005 ret=5f10f745
002c:trace:storage:StorageBaseImpl_OpenStream (0x2249a40, L"INFO", (nil), 10,
0, 0x32c71c)
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 0 0x32c2d4 128
0x32c28c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"Root Entry"
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 256 0x32c2d4 128
0x32c28c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"USERS"
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 128 0x32c2d4 128
0x32c28c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"INFO"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000028) ret=7e8a92f2
002c:Ret ntdll.RtlAllocateHeap() retval=0015b890 ret=7e8a92f2
002c:trace:storage:StorageBaseImpl_AddStream Stream added (stg=0x2249a40
strm=0x15b890)
002c:trace:storage:StorageBaseImpl_OpenStream <-- IStream 0x15b890
002c:trace:storage:StorageBaseImpl_OpenStream <-- 00000000
...
002c:trace:storage:StgStreamImpl_Stat 0x15b890 0x32ca8c 0
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 128 0x32c554 128
0x32c50c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"INFO"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,0000000a) ret=7e882307
002c:Ret ntdll.RtlAllocateHeap() retval=0015a660 ret=7e882307
002c:Call ole32.CoGetMalloc(00000001,0032c6d0) ret=5f102011
002c:Ret ole32.CoGetMalloc() retval=00000000 ret=5f102011
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,00000005) ret=7e882307
002c:Ret ntdll.RtlAllocateHeap() retval=0015a678 ret=7e882307
002c:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0015a660
L"INFO",00000005,0015a678,00000005,00000000,00000000) ret=5f10f899
002c:Ret KERNEL32.WideCharToMultiByte() retval=00000005 ret=5f10f899
002c:Call ole32.CoGetMalloc(00000001,0032c6e8) ret=5f102043
002c:Ret ole32.CoGetMalloc() retval=00000000 ret=5f102043
002c:Call ntdll.RtlFreeHeap(00110000,00000000,0015a660) ret=7e882758
002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e882758
002c:trace:storage:StgStreamImpl_Read (0x15b890, 0x18313ac, 277, (nil))
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 128 0x32c4f4 128
0x32c4ac
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"INFO"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,00002044) ret=7e8b5947
002c:Ret ntdll.RtlAllocateHeap() retval=02252e68 ret=7e8b5947
002c:trace:storage:BlockChainStream_ReadAt (0x224bcc8)-> 128 0x32c394 128
0x32c34c
002c:trace:storage:StorageImpl_ReadDirEntry storage name: L"INFO"
002c:Call ntdll.RtlAllocateHeap(00110000,00000000,000000c0) ret=7e8b5444
002c:Ret ntdll.RtlAllocateHeap() retval=0015aa48 ret=7e8b5444
002c:trace:storage:FileLockBytesImpl_ReadAt (0x15a7a0)-> 512 0x32b4b0 512
0x32b45c
002c:Call
KERNEL32.SetFilePointerEx(00000104,00000200,00000000,00000000,00000000)
ret=7e879f7b
002c:Ret KERNEL32.SetFilePointerEx() retval=00000001 ret=7e879f7b
002c:Call KERNEL32.ReadFile(00000104,0032b4b0,00000200,0032b394,00000000)
ret=7e879fbe
002c:Ret KERNEL32.ReadFile() retval=00000001 ret=7e879fbe
002c:trace:storage:FileLockBytesImpl_ReadAt finished
002c:warn:storage:StorageImpl_GetNextBlockInChain depotBlockCount 8388607,
bigBlockDepotCount 11
..
002c:trace:storage:StgStreamImpl_Read <-- 8007000e
...
002c:trace:storage:StgStreamImpl_Release (0x15b890)
002c:trace:storage:StorageBaseImpl_RemoveStream Stream removed (stg=0x2249a40
strm=0x15b890)
...
002c:Call msvcrt.strstr(00000000,0032caf4 "\n\n") ret=00467f01
002c:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf73a21ed
ip=f73a21ed tid=002c
002c:trace:seh:raise_exception info[0]=00000000
002c:trace:seh:raise_exception info[1]=00000000
002c:trace:seh:raise_exception eax=f74ec000 ebx=00000000 ecx=00000000
edx=00000008 esi=0032c730 edi=00000000
002c:trace:seh:raise_exception ebp=0032caf4 esp=0032c670 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
002c:trace:seh:call_vectored_handlers calling handler at 0x7d965bd2
code=c0000005 flags=0
--- snip ---
The app reads from a compound storage document and parses the returned block
data.
The memory block is initialized with patterns prior to calling
'ole32.StgStreamImpl_Read()':
--- snip ---
00A809A0 00 00 00 00 8C 09 C9 00 01 01 01 01 01 01 01 01
00A809B0 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A809C0 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A809D0 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A809E0 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A809F0 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A10 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A20 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A30 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A40 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A50 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00A80A60 01 01 01 01 01 01 01 01 01 01 01 00 54 0A DF 00 .T...
00A80A70 4C 6F 74 75 73 20 41 70 70 72 6F 61 63 68 0D 0A .Lotus Approach..
--- snip ---
After 'ole32.StgStreamImpl_Read':
--- snip ---
00A809A0 00 00 00 00 8C 09 C9 00 4C 6F 74 75 73 20 41 70 ........Lotus Ap
00A809B0 70 72 6F 61 63 68 0A 0A 43 6F 6E 74 61 63 74 20 proach..Contact
00A809C0 4D 61 6E 61 67 65 72 20 53 6D 61 72 74 4D 61 73 Manager SmartMas
00A809D0 74 65 72 0A 0A 4D 61 6E 61 67 65 73 20 63 6F 6E ter..Manages con
00A809E0 74 61 63 74 73 20 69 6E 63 6C 75 64 69 6E 67 20 tacts including
00A809F0 61 63 74 69 6F 6E 20 69 74 65 6D 73 2C 20 63 61 action items, ca
00A80A00 6C 6C 20 64 65 74 61 69 6C 2C 20 64 69 72 65 63 ll detail, direc
00A80A10 74 20 64 69 61 6C 20 69 6E 66 6F 72 6D 61 74 69 t dial informati
00A80A20 6F 6E 2C 20 61 6E 64 20 6D 61 73 73 20 6D 61 69 on, and mass mai
00A80A30 6C 69 6E 67 20 73 75 70 70 6F 72 74 2E 0A 0A 0A ling support....
00A80A40 0A 31 31 2F 36 2F 39 35 0A 0A 36 3A 31 36 20 41 .11/6/95..6:16 A
00A80A50 4D 0A 0A 31 31 2F 32 30 2F 39 36 0A 0A 37 3A 34 M..11/20/96..7:4
00A80A60 31 20 50 4D 0A 0A 33 30 0A 0A 01 00 54 0A DF 00 1 PM..30....T.ß.
00A80A70 4C 6F 74 75 73 20 41 70 70 72 6F 61 63 68 0D 0A Lotus Approach..
--- snip ---
The app loops over the block data and replaces any occurrence of '\n\n' with
'\r\n'.
--- snip ---
00A809A0 00 00 00 00 8C 09 C9 00 4C 6F 74 75 73 20 41 70 ........Lotus Ap
00A809B0 70 72 6F 61 63 68 0D 0A 43 6F 6E 74 61 63 74 20 proach..Contact
00A809C0 4D 61 6E 61 67 65 72 20 53 6D 61 72 74 4D 61 73 Manager SmartMas
00A809D0 74 65 72 0D 0A 4D 61 6E 61 67 65 73 20 63 6F 6E ter..Manages con
00A809E0 74 61 63 74 73 20 69 6E 63 6C 75 64 69 6E 67 20 tacts including
00A809F0 61 63 74 69 6F 6E 20 69 74 65 6D 73 2C 20 63 61 action items, ca
00A80A00 6C 6C 20 64 65 74 61 69 6C 2C 20 64 69 72 65 63 ll detail, direc
00A80A10 74 20 64 69 61 6C 20 69 6E 66 6F 72 6D 61 74 69 t dial informati
00A80A20 6F 6E 2C 20 61 6E 64 20 6D 61 73 73 20 6D 61 69 on, and mass mai
00A80A30 6C 69 6E 67 20 73 75 70 70 6F 72 74 2E 0D 0A 0D ling support....
00A80A40 0A 31 31 2F 36 2F 39 35 0D 0A 36 3A 31 36 20 41 .11/6/95..6:16 A
00A80A50 4D 0D 0A 31 31 2F 32 30 2F 39 36 0D 0A 37 3A 34 M..11/20/96..7:4
00A80A60 31 20 50 4D 0D 0A 33 30 0D 0A 01 00 54 0A DF 00 1 PM..30....T.ß.
00A80A70 4C 6F 74 75 73 20 41 70 70 72 6F 61 63 68 0D 0A Lotus Approach..
--- snip ---
It then proceeds further...
The app has some crappy error handling in case the storage stream reader
returns failure (such as 'E_OUTOFMEMORY').
It detects the failure, releases the storage stream and resets the block ptr to
zero but still calls the code to parse data from the block, passing ptr which
is now NULL.
I've used some other tools on that compound storage file to check the validity.
'Structured Storage Viewer' -> http://www.mitec.cz/ssv.html
'Compound File Explorer (CFX)' -> http://coco.co.uk/developers/CFX.html
Those tools make use of ole32 (= Wine's impl) to read content of compound
storage and get it wrong too.
Although the storage root directory structure can be read and displayed, the
entry values are completely off (size, creation/access/modified dates etc.).
There is also failure to read certain file entries, such as 'INFO' (same where
'Lotus Approach' fails at).
One tool I found reliably to work is from here:
http://mvole.sourceforge.net/
--- quote ---
MVOLE is program for reading Microsoft OLE Storage file (such as MS Word .doc
or MS Excel .xls). You can get content of any OLE object in this file, even it
is damaged. OLE object's content may be translated from MS Office UNICODE
format to plain text with correct charset, HTML and binary format (for
pictures).
Code of MVOLE is based on original code of cole library, but it is more stable
and it can work with damaged and truncated files. See readme.txt for more
information
--- quote ---
Guess .. it uses its own compound storage reader code, based off 'cole'
library.
--- snip ---
$ wine ./mvole.exe list "db2www.mpr"
MVOLE Ms OLE storage manipulation 0.30b
by Andrey S. Cherepanov & Tomasz Lis, 2001-2007
-------------------------------
Mounting OLE file db2www.mpr, size 685568 bytes...
Reading big blocks allocation table...
Info: Allocated memory for 11 BD alloc. table blocks
Info: Processing allocation table part 0, entry 000000
Info: Processing allocation table part 1, entry 000080
Info: Processing allocation table part 2, entry 000100
Info: Processing allocation table part 3, entry 000180
Info: Processing allocation table part 4, entry 0001fd
Info: Processing allocation table part 5, entry 000259
Info: Processing allocation table part 6, entry 0002e2
Info: Processing allocation table part 7, entry 0002e3
Info: Processing allocation table part 8, entry 0002e4
Info: Processing allocation table part 9, entry 000452
Info: Processing allocation table part 10, entry 000453
Info: Readed 5632 bytes of Big Block depot
Info: Filled 1408 entries of BD allocation table
Reading small blocks allocation table...
Info: Processing allocation entry 000002 to extract block
Info: Processing allocation entry 000015 to extract block
...
Info: Processing allocation entry 000237 to extract block
Info: Loaded 11264 bytes to form SD alloc. table
Info: Created 2816 entries in SD alloc. table
Reading root entry...
Info: Processing allocation entry 000001 to extract block
Info: Processing allocation entry 000004 to extract block
Info: Processing allocation entry 000005 to extract block
...
Info: Processing allocation entry 000535 to extract block
Reading objects tree...
Info: Created entry "Root Entry"; size 174208, first alloc entry 000003
Info: Created entry "INFO"; size 277, first alloc entry 000000
Info: Created entry "USERS"; size 223, first alloc entry 0000de
Info: Created entry "PRIVILEGES"; size 70, first alloc entry 000005
Info: Created entry "SCRIPT"; size 415, first alloc entry 00019e
Info: Created entry "ApproachDoc"; size 447, first alloc entry 0001be
Info: Created entry "OPENING"; size 479, first alloc entry 0001de
Info: Created entry "Body"; size 513, first alloc entry 0001fe
...
Info: Created entry "CurrentView"; size 1884, first alloc entry 000a84
Info: Entry 382 does not exist, skipped
Info: Entry 383 does not exist, skipped
Done, file mounted.
block: 11(0), ext.block: 0, num of real blocks: 1339(685568 bytes)
---
0: ROOT 174208 Root Entry
1: FILE 277 INFO
2: DIR 223 USERS
3: FILE 70 PRIVILEGES
4: DIR 415 SCRIPT
5: DIR 447 ApproachDoc
6: DIR 479 OPENING
7: DIR 513 Body
8: FILE 4 ObjText.e
9: FILE 0 ObjText.o
...
374: FILE 4825 A007AppAppObj888.o
375: FILE 5666 A007AppAppObj888.s
376: FILE 69484 A007ApprGlobObj897.o
377: FILE 186772 A007ApprGlobObj897.s
378: FILE 4 VERSION
379: FILE 115043 DOCUMENT
380: DIR 4 QUICKVIEW
381: FILE 1884 CurrentView
--- snip ---
$ sha1sum Lotus\ SmartSuite\ 9.8\ -\ Int\ English.exe
889d337d6a6f2a0c25978ce2168b86ea5e8a4069 Lotus SmartSuite 9.8 - Int
English.exe
$ du -sh Lotus\ SmartSuite\ 9.8\ -\ Int\ English.exe
149M Lotus SmartSuite 9.8 - Int English.exe
$ wine --version
wine-1.7.47-196-g4e6e9a1
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list