[Bug 37900] Xara Photo Graphic Designer 2013 (8.1.1) crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jul 26 08:44:17 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=37900

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Xara Photo Graphic Designer |Xara Photo Graphic Designer
                   |2013 crashes on startup     |2013 (8.1.1) crashes on
                   |                            |startup

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

good that it "works for comment #2 and comment #3 but it doesn't work for me
and probably not for OP.

I'm using the trial from the download URL ('continue trial' each startup).

There is an invalid vtable member access within a nested object hierarchy.
The object hierarchy changes multiple times during startup phase (progress
updates/filters imports).

Since I run a debug-enabled, non-optimized Wine build. threading/timing/heap
usage related app bugs are more likely bound to happen.

No tracing at all (terminal output):

--- snip ---
...
fixme:wininet:InternetCheckConnectionW 
fixme:urlmon:IsValidURL ((nil),
L"http://downloadsv8.xara.com/webresourceserver/get.php?prefix=xx&file=designs/eng/catindex.txt&pcdb=CRS2&i=mITd1qVpRziUf1NhkSAd9g",
0): stub
fixme:urlmon:InternetBindInfo_GetBindString not supported string type 20
fixme:msg:pack_message msg 134 (WM_CTLCOLORLISTBOX) not supported yet
fixme:wininet:InternetCheckConnectionW 
wine: Unhandled page fault on read access to 0x61427275 at address 0x61427275
(thread 0023), starting debugger...
--- snip ---

"lightweight" trace:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Xara/Xara Photo Graphic Designer 2013

$ WINEDEBUG=+tid,+seh,+loaddll,+process,+debugstr wine
./PhotoGraphicDesigner.exe >> log.txt 2>&1

...
0040:fixme:wininet:InternetCheckConnectionW 
0040:warn:debugstr:OutputDebugStringA ">> Downloading file
URL=http://downloadsv8.xara.com/webresourceserver/get.php?prefix=xx&file=designs/eng/catindex.txt&pcdb=CRS2&i=vBmpLIfFQH66UGoKaQKSKw\n"
...
0040:fixme:urlmon:IsValidURL ((nil),
L"http://downloadsv8.xara.com/webresourceserver/get.php?prefix=xx&file=designs/eng/catindex.txt&pcdb=CRS2&i=vBmpLIfFQH66UGoKaQKSKw",
0): stub
0040:fixme:urlmon:InternetBindInfo_GetBindString not supported string type 20
0040:fixme:msg:pack_message msg 134 (WM_CTLCOLORLISTBOX) not supported yet
0040:warn:debugstr:OutputDebugStringA ">> Setting internet shutdown flag\n"
...
0040:warn:debugstr:OutputDebugStringA ">> Error hrState=80004004
URL=http://downloadsv8.xara.com/webresourceserver/get.php?prefix=xx&file=designs/eng/catindex.txt&pcdb=CRS2&i=vBmpLIfFQH66UGoKaQKSKw\n"
...
0040:fixme:wininet:InternetCheckConnectionW 
0040:warn:debugstr:OutputDebugStringA ">> Index download abort ... 1 current
index downloads, 1 pending\n"
...
0040:warn:debugstr:OutputDebugStringA ">> Skipping index downloads, Camelot is
exiting\n"
...
0040:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4cbc89 ip=004cbc89
tid=0040
0040:trace:seh:raise_exception  info[0]=00000000
0040:trace:seh:raise_exception  info[1]=00000024
0040:trace:seh:raise_exception  eax=00000000 ebx=0032967c ecx=0e066478
edx=01f30064 esi=048492a8 edi=00000000
0040:trace:seh:raise_exception  ebp=00000001 esp=00329518 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210202
0040:trace:seh:call_stack_handlers calling handler at 0xfe8905 code=c0000005
flags=0
0040:trace:seh:call_stack_handlers handler at 0xfe8905 returned 1 
...
--- snip ---

App code at crash site:

--- snip ---
004CBB30   6A FF            PUSH -1
004CBB32   68 0589FE00      PUSH PhotoGra.00FE8905
004CBB37   64:A1 00000000   MOV EAX,DWORD PTR FS:[0]
004CBB3D   50               PUSH EAX
004CBB3E   81EC F4000000    SUB ESP,0F4
004CBB44   A1 843E4A01      MOV EAX,DWORD PTR DS:[___security_cookie]
004CBB49   33C4             XOR EAX,ESP
...
004CBC70   53               PUSH EBX
004CBC71   E8 6AC3F9FF      CALL PhotoGra.?CheckReferences at BaseDocument@@...
004CBC76   8B8E 48040000    MOV ECX,DWORD PTR DS:[ESI+448]
004CBC7C   E8 9F540A00      CALL PhotoGra.?SetCurrent at Document@@QAEXXZ
004CBC81   8B8E 48040000    MOV ECX,DWORD PTR DS:[ESI+448]
004CBC87   8B01             MOV EAX,DWORD PTR DS:[ECX]
004CBC89   8B50 24          MOV EDX,DWORD PTR DS:[EAX+24]
004CBC8C   FFD2             CALL EDX                        ; *boom*
004CBC8E   85C0             TEST EAX,EAX
004CBC90   74 0B            JE SHORT PhotoGra.004CBC9D
004CBC92   8B8E 48040000    MOV ECX,DWORD PTR DS:[ESI+448]
004CBC98   E8 E3760A00      CALL PhotoGra.?ResetInsertionPosition at Document@@...
004CBC9D   E8 EEC73B00      CALL PhotoGra.?Update at QualitySliderDescriptor@@...
...
--- snip ---

Object hierarchy at this point:

--- snip ---
$-8      048491D8   00000E28  
$-4      048491DC   00455355  USE.
$ ==>    048491E0   0115F84C  .... OFFSET PhotoGra.??_7CamelotNativeFilter@@..
$+4      048491E4   0484B528  ....
$+8      048491E8   04848B88  ....
$+C      048491EC   010BC314  .... OFFSET PhotoGra.??_7?$StringFixed@$0BAA at ..
$+10     048491F0   048491F8  .... UNICODE "Xara Photo & Graphic Designer 2013"
$+14     048491F4   00000101  ....
...
$+444    04849624   00000000  ....
$+448    04849628   0E05C6F0  .... ; [ESI+448] -> document instance?
$+44C    0484962C   00007135  5q..

$-8      0E05C6E8   00002792  
$-4      0E05C6EC   00455355  USE.
$ ==>    0E05C6F0   0121FC4C  ....  OFFSET PhotoGra.??_7CCObject@@6B@ ; [ECX]
$+4      0E05C6F4   00000000  ....
...

$ ==>    0121FC4C   00A9ACA0  .... PhotoGra.?GetRuntimeClass at CCObject@@UB...
$+4      0121FC50   00A9AFA0  .... PhotoGra.??_GCCObject@@UAEPAXI at Z
$+8      0121FC54   00403FC0  .... PhotoGra.?SetStellation at RectangleTool...
$+C      0121FC58   00A9AD40  .... PhotoGra.?AssertValid at CCObject@@UBEXXZ
$+10     0121FC5C   00A9AD50  .... PhotoGra.?Dump at CCObject@@UBEXAAVCDumpConte
$+14     0121FC60   007DBE60  .... PhotoGra.?IgnoreWhenSavingCurrentAttributes
$+18     0121FC64   00403FC0  .... PhotoGra.?SetStellation at RectangleTool@@UA
$+1C     0121FC68   6D614343  CCam
$+20     0121FC6C   6F6C6F43  Colo
$+24     0121FC70   61427275  urBa ; *boom*
...
--- snip ---

Running with +heap (which takes a long time) results in a different crash.

--- snip ---
...
0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0x466dda ip=00466dda
tid=0026
0026:trace:seh:raise_exception  info[0]=00000000
0026:trace:seh:raise_exception  info[1]=feeefeee
0026:trace:seh:raise_exception  eax=00000000 ebx=feeefeee ecx=00f73ded
edx=00000000 esi=074f2900 edi=00000001
0026:trace:seh:raise_exception  ebp=03583070 esp=00338df0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210283 
...
Unhandled exception: page fault on read access to 0xfeeefeee in 32-bit code
(0x00466dda).
...
Backtrace:
=>0 0x00466dda in photographicdesigner (+0x66dda) (0x03583070)
  1 0x89c0458b (0x03583070)
  2 0x00000000 (0x011b790c)
  3 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  4 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  5 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  6 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  7 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  8 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0)
  9 0x00892bc0 in photographicdesigner (+0x492bbf) (0x00888ce0) 
--- snip ---

There are two .pdb files in the app install directory which might be a hint
that app crashes are kind of expected.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list