[Bug 45535] New: Rekordbox 5.3.0 terminates with the message " Unexpected application error" (dwrite: dwritetextlayout_Draw out-of-bounds access on empty clustermetrics after failure to resolve layout fonts )
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Jul 30 05:35:37 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45535
Bug ID: 45535
Summary: Rekordbox 5.3.0 terminates with the message
"Unexpected application error"
(dwrite:dwritetextlayout_Draw out-of-bounds access on
empty clustermetrics after failure to resolve layout
fonts)
Product: Wine
Version: 3.13
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: dwrite
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
Prerequisite:
* 'wine_get_version' export must be hidden (use Wine-Staging and 'Hide Wine
version from applications' option in 'winecfg' or turn it into '-noname'
ordinal export in vanilla Wine) -> bug 45514 (broken Wine awareness)
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Pioneer/rekordbox 5.3.0
$ file *.{exe,dll}
edb_streamd.exe: PE32+ executable (console) x86-64, for MS
Windows
fixrevoke.exe: PE32 executable (console) Intel 80386, for MS
Windows
kill_daemon.exe: PE32+ executable (console) x86-64, for MS
Windows
LS-Unity-rekordbox-win-64bit.exe: PE32+ executable (GUI) x86-64, for MS Windows
Pioneer_MIX_ASIO_Config.exe: PE32+ executable (GUI) x86-64, for MS Windows
PSvLinkSysMgr.exe: PE32+ executable (GUI) x86-64, for MS Windows
PSvNFSd.exe: PE32+ executable (GUI) x86-64, for MS Windows
rbHttpServer.exe: PE32 executable (console) Intel 80386
(stripped to external PDB), for MS Windows
rbinit.exe: PE32 executable (console) Intel 80386, for MS
Windows
rekordbox.exe: PE32+ executable (GUI) x86-64, for MS Windows
Uninstall rekordbox.exe: PE32 executable (GUI) Intel 80386, for MS
Windows
Upmgr rekordbox.exe: PE32+ executable (GUI) x86-64, for MS Windows
vcredist_x64.exe: PE32 executable (GUI) Intel 80386, for MS
Windows
vcredist_x86.exe: PE32 executable (GUI) Intel 80386, for MS
Windows
libmpg123.dll: PE32+ executable (DLL) (console) x86-64
(stripped to external PDB), for MS Windows
libpulse.dll: PE32+ executable (DLL) (GUI) x86-64, for MS
Windows
NFSDaemon.dll: PE32+ executable (DLL) (GUI) x86-64, for MS
Windows
PioneerControllerMIX.dll: PE32+ executable (DLL) (GUI) x86-64, for MS
Windows
sqlite3.dll: PE32+ executable (DLL) (GUI) x86-64, for MS
Windows
--- snip ---
--- snip ---
$ WINEDEBUG=+seh,+relay,+dwrite wine ./rekordbox.exe >>log.txt 2>&1
...
0039:trace:dwrite:localizedstrings_GetCount (0x8e8950)
0039:trace:dwrite:localizedstrings_GetString (0x8e8950)->(0 0x23eb30 255)
0039:Call ntdll.RtlFreeHeap(00010000,00000000,00000000) ret=7f3a64018d7c
0039:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f3a64018d7c
0039:warn:dwrite:layout_resolve_fonts [0,17): failed to map family L"Verdana",
collection 0x863ff0, hr 0x80004005.
0039:trace:dwrite:dwritefontcollection_Release (0x863ff0)->(5)
0039:trace:dwrite:fontfallback_Release (0x4f70f60)
0039:trace:dwrite:shareddwritefactory_Release (0x7ddd20)
0039:warn:dwrite:layout_compute_runs Failed to resolve layout fonts, hr
0x80004005.
0039:trace:dwrite:layout_compute run [0,16], len 17, bidilevel 0
0039:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028) ret=140e2d7ef
0039:Ret ntdll.RtlAllocateHeap() retval=04f5d670 ret=140e2d7ef
0039:trace:dwrite:dwritetextlayout_Draw (0x20a0870)->(0x1bee370 0x4f5d670 0.00
0.00)
0039:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x7f3a64055bb3
ip=7f3a64055bb3 tid=0039
0039:trace:seh:NtRaiseException info[0]=0000000000000000
0039:trace:seh:NtRaiseException info[1]=00000008032c6e9e
0039:trace:seh:NtRaiseException rax=00000008032c6e98 rbx=0000000004f5d670
rcx=000000007bdc1405 rdx=00000000032c6ea0
0039:trace:seh:NtRaiseException rsi=0000000000000000 rdi=000000000023f200
rbp=000000000023f260 rsp=000000000023f1f0
0039:trace:seh:NtRaiseException r8=0000000000000000 r9=0000000000000001
r10=0000000000000002 r11=0000000000000000
0039:trace:seh:NtRaiseException r12=00000000ffffffff r13=0000000000000001
r14=0000000000000000 r15=0000000000000000
--- snip ---
App code:
--- snip ---
...
00000001412E250B | mov rcx, rdi
00000001412E250E | call rekordbox.1403D8840
00000001412E2513 | mov ecx, 28
00000001412E2518 | call rekordbox.140E2D580
00000001412E251D | mov rbx, rax
00000001412E2520 | mov qword ptr ss:[rsp+50], rax
00000001412E2525 | test rax, rax
00000001412E2528 | je rekordbox.1412E255D
00000001412E252A | lea rax, qword ptr ds:[143326938]
00000001412E2531 | mov qword ptr ds:[rbx], rax
00000001412E2534 | mov dword ptr ds:[rbx+8], 0
00000001412E253B | lea rax, qword ptr ds:[143326BC8]
00000001412E2542 | mov qword ptr ds:[rbx], rax
00000001412E2545 | mov qword ptr ds:[rbx+10], rbp
00000001412E2549 | mov qword ptr ds:[rbx+18], rsi
00000001412E254D | mov dword ptr ds:[rbx+20], FFFFFFFF
00000001412E2554 | mov dword ptr ds:[rbx+24], C61C4000
00000001412E255B | jmp rekordbox.1412E255F
00000001412E255D | xor ebx, ebx
00000001412E255F | mov qword ptr ss:[rsp+58], rbx
00000001412E2564 | test rbx, rbx
00000001412E2567 | je rekordbox.1412E2573
00000001412E2569 | mov rax, qword ptr ds:[rbx]
00000001412E256C | mov rcx, rbx
00000001412E256F | call qword ptr ds:[rax+8]
00000001412E2572 | nop
00000001412E2573 | mov rcx, qword ptr ss:[rsp+40]
00000001412E2578 | mov rax, qword ptr ds:[rcx]
00000001412E257B | xorps xmm3, xmm3
00000001412E257E | movss dword ptr ss:[rsp+20], xmm3
00000001412E2584 | mov r8, rbx
00000001412E2587 | mov rdx, rdi
00000001412E258A | call qword ptr ds:[rax+1D0] ; dwritetextlayout_Draw()
00000001412E2590 | nop
00000001412E2591 | test rbx, rbx
00000001412E2594 | je rekordbox.1412E259F
00000001412E2596 | mov rax, qword ptr ds:[rbx]
00000001412E2599 | mov rcx, rbx
00000001412E259C | call qword ptr ds:[rax+10]
00000001412E259F | mov eax, dword ptr ss:[rsp+80]
00000001412E25A6 | lea rcx, qword ptr ds:[rax+rax*2]
...
--- snip ---
Debugger session:
--- snip ---
Stopped on breakpoint 1 at 0x00007f41578e6208 dwritetextlayout_Draw
[/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453] in dwrite
dwritetextlayout_Draw () at
/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453
3453 {
Wine-dbg>bt
Backtrace:
=>0 0x00007f41578e6208 dwritetextlayout_Draw()
[/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3453] in dwrite
(0x000000000023f7b0)
1 0x00000001412e2590 in rekordbox (+0x12e258f) (0x000000000023f7b0)
2 0x00000001412e2352 in rekordbox (+0x12e2351) (0x000000000023f870)
3 0x000000014133467a in rekordbox (+0x1334679) (0x000000000023f870)
Wine-dbg>info locals
0x00007f41578e6208 dwritetextlayout_Draw: (0023f7b0)
struct dwrite_textlayout* This=(nil) (local [RSP+496])
BOOL disabled=0 (local [RSP+204])
BOOL skiptransform=0 (local [RSP+540])
struct layout_effective_inline* inlineobject=0x1100000000 (local [RSP+528])
struct layout_effective_run* run=0x182 (local [RSP+520])
struct layout_strikethrough* s=0x14134802b (local [RSP+512])
struct layout_underline* u=0x678af80 (local [RSP+504])
FLOAT det=0.000000 (local [RSP+200])
FLOAT ppdip=0.000000 (local [RSP+196])
DWRITE_MATRIX m={m11=0.000000, m12=0.000000, m21=0.000000, m22=0.000000,
dx=0.000000, dy=0.000000} (local [RSP+160])
HRESULT hr=0 (local [RSP+480])
...
Wine-dbg>n
Unhandled exception: page fault on read access to 0x806ed74ee in 64-bit code
(0x00007f41578debb3).
0030:fixme:dbghelp:interpret_function_table_entry PUSH_MACHFRAME 6
0030:fixme:dbghelp:interpret_function_table_entry PUSH_MACHFRAME 6
Register dump:
rip:00007f41578debb3 rsp:000000000023f1f0 rbp:000000000023f260 eflags:00010306
( R- -- IT - -P- )
rax:0000000806ed74e8 rbx:00000000098eeba0 rcx:0000000005be0f30
rdx:0000000006ed74f0
rsi:0000000000000000 rdi:000000000023f200 r8:00000000098eeba0
r9:00000000000000ff r10:0000000007ff94f0
r11:0000000005be0f48 r12:00000000ffffffff r13:0000000000000001
r14:0000000000000000 r15:0000000000000000
Stack dump:
0x000000000023f1f0: 0000034446505853 0000000005be0f30
0x000000000023f200: 0000000000000000 0000000000000000
0x000000000023f210: 0000000000000000 0000000000000000
0x000000000023f220: 0000000000000000 0000000000000000
0x000000000023f230: 0000000000000000 0000000000000000
0x000000000023f240: ffffffff00000000 0000000000000000
0x000000000023f250: 000000000023f360 0000000005be0f30
0x000000000023f260: 000000000023f560 00007f41578e63b9
0x000000000023f270: 000000000023f360 000000007bcadd1c
0x000000000023f280: 8000400500000011 00007fffffea8000
0x000000000023f290: 000000000023f7b0 0000000000000038
0x000000000023f2a0: 00000000098eeb98 0000000205440000
Backtrace:
=>0 0x00007f41578debb3 layout_compute_effective_runs+0x376()
[/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:2092] in dwrite
(0x000000000023f260)
1 0x00007f41578e63b9 dwritetextlayout_Draw+0x1b0()
[/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:3466] in dwrite
(0x000000000023f560)
2 0x00000001412e2590 in rekordbox (+0x12e258f) (0x000000000023f7b0)
3 0x00000001412e2352 in rekordbox (+0x12e2351) (0x000000000023f870)
4 0x000000014133467a in rekordbox (+0x1334679) (0x000000000023f870)
0x00007f41578debb3 layout_compute_effective_runs+0x376
[/home/focht/projects/wine/mainline-src/dlls/dwrite/layout.c:2092] in dwrite:
movzbl 0x0000000000000006(%rax),%eax
2092 else if (layout->clustermetrics[layout->cluster_count -
1].isNewline)
--- snip ---
Additional debug trace before the crash to show the member values (64-bit
winedbg is bugged):
--- snip ---
0068:trace:dwrite:layout_compute_effective_runs *** layout->len=17,
layout->cluster_count=0, layout->clustermetrics=0x3477570
--- snip ---
Source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/dwrite/layout.c#l2020
--- snip ---
2020 static HRESULT layout_compute_effective_runs(struct dwrite_textlayout
*layout)
2021 {
2022 BOOL is_rtl = layout->format.readingdir ==
DWRITE_READING_DIRECTION_RIGHT_TO_LEFT;
2023 struct layout_effective_run *erun, *first_underlined;
2024 UINT32 i, start, textpos, last_breaking_point;
2025 DWRITE_LINE_METRICS1 metrics;
2026 FLOAT width;
2027 UINT32 line;
2028 HRESULT hr;
2029
2030 if (!(layout->recompute & RECOMPUTE_LINES))
2031 return S_OK;
2032
2033 free_layout_eruns(layout);
2034
2035 hr = layout_compute(layout);
2036 if (FAILED(hr))
2037 return hr;
...
2086 /* Add dummy line if:
2087 - there's no text, metrics come from first range in this case;
2088 - last ended with a mandatory break, metrics come from last text
position.
2089 */
2090 if (layout->len == 0)
2091 hr = layout_set_dummy_line_metrics(layout, 0);
2092 else if (layout->clustermetrics[layout->cluster_count - 1].isNewline)
2093 hr = layout_set_dummy_line_metrics(layout, layout->len - 1);
2094 if (FAILED(hr))
2095 return hr;
--- snip ---
-> out of bounds access
Workarounds:
* 'winetricks -q corefonts'
or (less preferred):
* WINEDLLOVERRIDES=dwrite=d wine ./rekordbox.exe
With this in place the app starts and shows the main user interface.
$ sha1sum Install_rekordbox_x64_5_3_0.*
da2aac3a54cdbb0122937eab67a8a83942b18679 Install_rekordbox_x64_5_3_0.zip
$ du -sh Install_rekordbox_x64_5_3_0.*
228M Install_rekordbox_x64_5_3_0.zip
$ wine --version
wine-3.13
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list