[Bug 38422] SentriLock SentriCard utility installer 4.0.x crashes with arithmetic exception due to large input rect in 'GdipMeasureCharacterRanges'

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Oct 14 04:42:36 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=38422

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.sentrilock.com/c |https://www.sentrilock.com/
                   |u/sentrilock/SentriCardUtil |updates/SentriCardUtilityIn
                   |ityInstaller-4.0.11.exe     |staller-4.0.13.exe
         Resolution|---                         |FIXED
            Summary|Arithmetic exception in     |SentriLock SentriCard
                   |GdipMeasureCharacterRanges  |utility installer 4.0.x
                   |                            |crashes with arithmetic
                   |                            |exception due to large
                   |                            |input rect in
                   |                            |'GdipMeasureCharacterRanges
                   |                            |'
      Fixed by SHA1|                            |6b97abf930ac40dd9a668ec1fed
                   |                            |588fcefd192fb
                 CC|                            |focht at gmx.net
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

I can't reproduce this with recent Wine version.

https://www.sentrilock.com/files/

https://www.sentrilock.com/updates/SentriCardUtilityInstaller-4.0.18.exe

The most matching installer that is still for download (using version
substitution on the URL):

https://www.sentrilock.com/updates/SentriCardUtilityInstaller-4.0.13.exe

With that installer I could reproduce the problem with reported Wine version.

--- snip ---
$ wine --version
wine-1.7.39-2-g84005b8f60
--- snip ---

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/SentriCardUtility

$ WINEDEBUG=+tid,+seh,+relay,+gdiplus wine ./CardUtility.exe >>log.txt 2>&1
...
0023:Call gdiplus.GdipMeasureCharacterRanges(00173758,0016b33c
L"Groupbox",ffffffff,00173848,0033f01c,001736d8,00000001,00f838f8) ret=006ca213
0023:trace:gdiplus:GdipMeasureCharacterRanges (0x173758 L"Groupbox" -1 0x173848
(0.00,0.00,56.88,340282346638528859811704183484516925440.00) 0x1736d8 1
0xf838f8)
0023:Call gdi32.CreateCompatibleDC(00000000) ret=7c252895
0023:Ret  gdi32.CreateCompatibleDC() retval=008c0042 ret=7c252895
0023:trace:gdiplus:GdipMeasureCharacterRanges may be ignoring some format
flags: attr 800
0023:trace:gdiplus:GdipTransformPoints (0x173758, 2, 0, 0x33eef8, 3)
0023:trace:gdiplus:GdipSetMatrixElements (0x33ee38, 1.00, 0.00, 0.00, 1.00,
0.00, 0.00)
0023:trace:gdiplus:GdipMultiplyMatrix (0x33ee38, 0x173798, 1)
0023:trace:gdiplus:GdipScaleMatrix (0x33ee38, 1.00, 1.00, 1)
0023:trace:gdiplus:GdipTransformMatrixPoints (0x33ee38, 0x33eef8, 3)
0023:Call gdi32.CreateCompatibleDC(00000000) ret=7c25219f
0023:Ret  gdi32.CreateCompatibleDC() retval=00420045 ret=7c25219f
0023:trace:gdiplus:GdipTransformPoints (0x173758, 2, 0, 0x33edc0, 3)
0023:trace:gdiplus:GdipSetMatrixElements (0x33ed28, 1.00, 0.00, 0.00, 1.00,
0.00, 0.00)
0023:trace:gdiplus:GdipMultiplyMatrix (0x33ed28, 0x173798, 1)
0023:trace:gdiplus:GdipScaleMatrix (0x33ed28, 1.00, 1.00, 1)
0023:trace:gdiplus:GdipTransformMatrixPoints (0x33ed28, 0x33edc0, 3)
0023:Call gdi32.CreateFontIndirectW(0033ee14) ret=7c25236e
0023:Ret  gdi32.CreateFontIndirectW() retval=00400044 ret=7c25236e
0023:Call gdi32.SelectObject(00420045,00400044) ret=7c25237f
0023:Ret  gdi32.SelectObject() retval=0001001e ret=7c25237f
0023:Call gdi32.GetTextMetricsW(00420045,0033edd8) ret=7c252391
0023:Ret  gdi32.GetTextMetricsW() retval=00000001 ret=7c252391
0023:Call gdi32.CreateFontIndirectW(0033ee14) ret=7c252448
0023:Ret  gdi32.CreateFontIndirectW() retval=00500043 ret=7c252448
0023:Call gdi32.DeleteDC(00420045) ret=7c25245b
0023:Ret  gdi32.DeleteDC() retval=00000001 ret=7c25245b
0023:Call gdi32.DeleteObject(00400044) ret=7c252461
0023:Ret  gdi32.DeleteObject() retval=00000001 ret=7c252461
0023:Call gdi32.SelectObject(008c0042,00500043) ret=7c2526e0
0023:Ret  gdi32.SelectObject() retval=0001001e ret=7c2526e0
0023:trace:gdiplus:GdipSetEmpty 0x1737f0
0023:Call ntdll.RtlAllocateHeap(00110000,00000008,00000012) ret=7c242d44
0023:Ret  ntdll.RtlAllocateHeap() retval=00173828 ret=7c242d44
0023:trace:seh:raise_exception code=c0000090 flags=0 addr=0x7c24ca28
ip=7c24ca2b tid=0023
0023:trace:seh:raise_exception  eax=0033eee8 ebx=7c2a2000 ecx=0033edc0
edx=00000038 esi=00000001 edi=00000000
0023:trace:seh:raise_exception  ebp=0033ee68 esp=0033edd0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0023:trace:seh:call_stack_handlers calling handler at 0x6ca243 code=c0000090
flags=0
0023:trace:seh:call_stack_handlers handler at 0x6ca243 returned 1 
...
0023:Call KERNEL32.MultiByteToWideChar(0000fde9,00000000,005d5a8c
"TText6",00000005,00f7946c,00000006) ret=0040da34
0023:Ret  KERNEL32.MultiByteToWideChar() retval=00000005 ret=0040da34
0023:Call user32.LoadStringW(00400000,0000ff6b,0033b078,00001000) ret=0040d9d2
0023:Ret  user32.LoadStringW() retval=00000018 ret=0040d9d2
0023:Call KERNEL32.RaiseException(0eedfade,00000001,00000007,0033d0ac)
ret=004b9264
0023:trace:seh:raise_exception code=eedfade flags=1 addr=0x7eba938b ip=7eba938b
tid=0023
0023:trace:seh:raise_exception  info[0]=004b9264
0023:trace:seh:raise_exception  info[1]=00f79400
0023:trace:seh:raise_exception  info[2]=00eea820
0023:trace:seh:raise_exception  info[3]=004b9496
0023:trace:seh:raise_exception  info[4]=0033f300
0023:trace:seh:raise_exception  info[5]=0033d0fc
0023:trace:seh:raise_exception  info[6]=0033d0c8
0023:trace:seh:raise_exception  eax=7eb97109 ebx=00000018 ecx=0033cff4
edx=0033d0ac esi=0033d0fc edi=0033d070
0023:trace:seh:raise_exception  ebp=0033d048 esp=0033cfd4 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000216 
...
<exception stack overflow>
--- snip ---

It was fixed by commit
https://source.winehq.org/git/wine.git/commitdiff/6b97abf930ac40dd9a668ec1fed588fcefd192fb
("gdiplus: Handle large input rect in GdipMeasureCharacterRanges.") 

Thanks Vincent

--- snip ---
$ git describe --contains 6b97abf930ac40dd9a668ec1fed588fcefd192fb | sed
's/~.*//'
wine-1.7.40
--- snip ---

$ sha1sum SentriCardUtilityInstaller-4.0.13.exe 
2ab716e12f35ce12eea6a92f7e5b1e1e2b933e36  SentriCardUtilityInstaller-4.0.13.exe

$ du -sh SentriCardUtilityInstaller-4.0.13.exe 
4.1M    SentriCardUtilityInstaller-4.0.13.exe

$ wine --version
wine-3.18

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list