[Bug 45718] QtWebEngineProcess.exe (Origin) crashes ('Webkit' based web browser engine, 'Arial' and 'Times New Roman' font face name validation)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Sep 14 07:50:48 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=45718

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |DUPLICATE
            Summary|Origin installer fails to   |QtWebEngineProcess.exe
                   |install (QTwebengine        |(Origin) crashes ('Webkit'
                   |process.exe related)        |based web browser engine,
                   |                            |'Arial' and 'Times New
                   |                            |Roman' font face name
                   |                            |validation)
           Keywords|                            |download, Installer
             Status|UNCONFIRMED                 |RESOLVED
          Component|-unknown                    |fonts
                 CC|                            |focht at gmx.net
                URL|                            |https://filehippo.com/downl
                   |                            |oad_origin/

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

dupe of bug 44576 which is dupe of bug 32342

Honestly, this has been documented a million times (also appdb entry)!

-> 'winetricks -q corefonts'

--- snip ---
...
Unhandled exception: page fault on write access to 0x00000000 in 32-bit code
(0x1123ef92).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:1123ef92 ESP:0033dff4 EBP:0033e014 EFLAGS:00010246(  R- --  I  Z- -P- )
 EAX:0033e008 EBX:0033e30c ECX:00000000 EDX:00000000
 ESI:00000000 EDI:3e848738
...
Backtrace:
=>0 0x1123ef92 in qt5webenginecore (+0x123ef92) (0x0033e014)
  1 0x1123f034 in qt5webenginecore (+0x123f033) (0x0033e044)
  2 0x1124fccc in qt5webenginecore (+0x124fccb) (0x0033e2ec)
  3 0x11241023 in qt5webenginecore (+0x1241022) (0x0033e3c0)
  4 0x11240f2c in qt5webenginecore (+0x1240f2b) (0x0033e3dc)
  5 0x11240e62 in qt5webenginecore (+0x1240e61) (0x0033e420)
  6 0x1124053d in qt5webenginecore (+0x124053c) (0x0033e440)
  7 0x11241196 in qt5webenginecore (+0x1241195) (0x0033e4a0)
  8 0x1121853e in qt5webenginecore (+0x121853d) (0x0033e4f0)
...
  66 0x10efc280 in qt5webenginecore (+0xefc27f) (0x0033fd74)
  67 0x10efc115 in qt5webenginecore (+0xefc114) (0x0033fdd0)
  68 0x10efb473 in qt5webenginecore (+0xefb472) (0x0033fde0)
  69 0x10099921 in qt5webenginecore (+0x99920) (0x0033fe18)
  70 0x0040102d in qtwebengineprocess (+0x102c) (0x00e12ba0)
  71 0x00e12c48 (0x00e12c00)
  72 0x72676f72 (0x505c3a43)
0x1123ef92: movb    $0x0,0x00000000
Modules:
Module    Address            Debug info    Name (185 modules)
PE      340000-  378000    Deferred        qt5positioning
PE      380000-  3a1000    Deferred        qt5webchannel
PE      400000-  409000    Export          qtwebengineprocess
PE      410000-  752000    Deferred        qt5quick
PE      760000-  cfa000    Deferred        qt5gui
PE    10000000-13452000    Export          qt5webenginecore
PE    64000000-64126000    Deferred        qt5network
PE    66000000-66361000    Deferred        qt5qml
PE    67000000-67543000    Deferred        qt5core
ELF    7b1ce000-7b1f2000    Deferred        libgpg-error.so.0
ELF    7b1f2000-7b24e000    Deferred        libblkid.so.1
ELF    7b24e000-7b26c000    Deferred        libgcc_s.so.1
ELF    7b26c000-7b34e000    Deferred        libgcrypt.so.20
ELF    7b34e000-7b400000    Deferred        libsystemd.so.0
ELF    7b400000-7b7f4000    Deferred        kernel32<elf>
  \-PE    7b420000-7b7f4000    \               kernel32
ELF    7b802000-7b86a000    Deferred        libmount.so.1
ELF    7b86a000-7b896000    Deferred        liblzma.so.5
ELF    7b896000-7b8f5000    Deferred        libdbus-1.so.3
ELF    7b8f5000-7b98e000    Deferred        libcups.so.2
ELF    7b98e000-7bc00000    Deferred        libcrypto.so.1.1
ELF    7bc00000-7bd10000    Deferred        ntdll<elf>
  \-PE    7bc30000-7bd10000    \               ntdll
...
Threads:
process  tid      prio (all id:s are in hex)
...
0000017c OriginThinSetupInternal.exe
    000001db    0
...
000001a8 (D) C:\ProgramData\Origin\SelfUpdate\Staged\QtWebEngineProcess.exe
    000001e4    0
    000001d3    0
    000001cd   -2
    000001cc    0
    000001cb    0
    000001ca    0
    000001c9    0
    000001c7    0
    000001c6    0
    000001c5    0
    000001c4    0
    000001c3    0
    000001c2    0
    000001a9    0 <==
--- snip ---

ProtectionID scan:

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning ->
Z:\home\focht\wine-games\wineprefix64-origin\drive_c\users\focht\Local
Settings\Application Data\Origin\ThinSetup\10.5.25.7131\Qt5WebEngineCore.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 54063616 (0338F200h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5AA9FED8 -> Thu 15th Mar 2018 05:04:24 (GMT)
[TimeStamp] 0x5AA9FED8 -> Thu 15th Mar 2018 05:04:24 (GMT) | PE Header | - |
Offset: 0x00000140 | VA: 0x10000140 | -
[TimeStamp] 0x5AA9FECB -> Thu 15th Mar 2018 05:04:11 (GMT) | Export | - |
Offset: 0x03170DA4 | VA: 0x131725A4 | -
[TimeStamp] 0x5AA9FED8 -> Thu 15th Mar 2018 05:04:24 (GMT) | DebugDirectory | -
| Offset: 0x03162EB4 | VA: 0x131646B4 | -
[TimeStamp] 0x5AA9FED8 -> Thu 15th Mar 2018 05:04:24 (GMT) | DebugDirectory | -
| Offset: 0x03162ED0 | VA: 0x131646D0 | -
[!] Executable uses TLS callbacks (3 total... 0 invalid addresses)
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (20 calculated 3 recorded... 15
invalid addresses) 
[!]    * table may be compressed / encrypted *
[LoadConfig] CodeIntegrity -> Flags 0x7468 | Catalog 0x1322 (4898) | Catalog
Offset 0x132274B8 | Reserved 0x1316F83C
[LoadConfig] GuardAddressTakenIatEntryTable 0x11BEECBB | Count 0x11BEED22
(297725218)
[LoadConfig] GuardLongJumpTargetTable 0x6E6B6E55 | Count 0x206E776F (544110447)
[LoadConfig] HybridMetadataPointer 0x65637865 | DynamicValueRelocTable
0x6F697470
[LoadConfig] FailFastIndirectProc 0x6E | FailFastPointer 0x1316F884
[LoadConfig] UnknownZero1 0x11BEECBB
[File Heuristics] -> Flag #1 : 00000100000001001101000100000000 (0x0404D100)
[Entrypoint Section Entropy] : 6.65 (section #0) ".text   " | Size : 0x2938275
(43221621) byte(s)
[DllCharacteristics] -> Flag : (0x0140) -> ASLR | DEP
[SectionCount] 9 (0x9) | ImageSize 0x3452000 (54861824) byte(s)
[Export] 99% of function(s) (502 of 505) are in file | 0 are forwarded | 469
code | 36 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : The Qt Company Ltd
[VersionInfo] Product Name : Qt5
[VersionInfo] Product Version : 5.8.0.0
[VersionInfo] File Description : C++ application development framework.
[VersionInfo] File Version : 5.8.0.0
[VersionInfo] Original FileName : Qt5WebEngineCore.dll
[VersionInfo] Legal Copyrights : Copyright (C) 2015 The Qt Company Ltd.
[ModuleReport] [IAT] Modules -> KERNEL32.dll | Qt5Positioning.dll |
Qt5Quick.dll | Qt5WebChannel.dll | Qt5Gui.dll | Qt5Network.dll | Qt5Core.dll |
IMM32.dll | COMCTL32.dll | MSVCP140.dll | VCRUNTIME140.dll |
api-ms-win-crt-runtime-l1-1-0.dll | api-ms-win-crt-math-l1-1-0.dll |
api-ms-win-crt-heap-l1-1-0.dll | api-ms-win-crt-stdio-l1-1-0.dll |
api-ms-win-crt-time-l1-1-0.dll | api-ms-win-crt-convert-l1-1-0.dll |
api-ms-win-crt-string-l1-1-0.dll | api-ms-win-crt-filesystem-l1-1-0.dll |
api-ms-win-crt-utility-l1-1-0.dll | api-ms-win-crt-locale-l1-1-0.dll |
api-ms-win-crt-environment-l1-1-0.dll | VERSION.dll | WS2_32.dll | USP10.dll |
PSAPI.DLL | WINMM.dll | SHLWAPI.dll | ADVAPI32.dll | CRYPT32.dll | dhcpcsvc.DLL
| IPHLPAPI.DLL | RPCRT4.dll | Secur32.dll | urlmon.dll | WINHTTP.dll |
GDI32.dll | WINSPOOL.DRV | COMDLG32.dll | ole32.dll | OLEAUT32.dll |
USERENV.dll
[ModuleReport] [DelayImport] Modules -> USER32.dll | SHELL32.dll | dwmapi.dll |
MF.dll | MFPlat.DLL | MFReadWrite.dll | d3d9.dll | dxva2.dll | dbghelp.dll |
CFGMGR32.dll | SETUPAPI.dll | bthprops.cpl | BluetoothApis.dll | d3d11.dll
[Debug Info] (record 1 of 2) (file offset 0x3162EB0)
Characteristics : 0x0 | TimeDateStamp : 0x5AA9FED8 (Thu 15th Mar 2018 05:04:24
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x44 (68) 
AddressOfRawData : 0x31705CC | PointerToRawData : 0x316EDCC
CvSig : 0x53445352 | SigGuid 52DBB66A-5677-4DAD-8BCA181B8C2062F7
Age : 0x1 (1) | Pdb : C:\Qt\5.8.0\qtbase\lib\Qt5WebEngineCore.pdb
[Debug Info] (record 2 of 2) (file offset 0x3162ECC)
Characteristics : 0x0 | TimeDateStamp : 0x5AA9FED8 (Thu 15th Mar 2018 05:04:24
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x400 (1024) 
AddressOfRawData : 0x3170610 | PointerToRawData : 0x316EE10
...
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 8.261 Second(s) [000002223h (8739) tick(s)] [246 of 580 scan(s)
done]
--- snip ---

-> QT 5.8.0.0 -> QtWebEngine/5.8.0 Chrome/53.0.2785.148

Disassembly around crash with debugger attached:

--- snip ---
...
1121FB20  PUSH EBP
1121FB21  MOV EBP,ESP
1121FB23  SUB ESP,14
1121FB26  PUSH EBX
1121FB27  PUSH ESI
1121FB28  MOV ESI,DWORD PTR SS:[ARG.2]
121FB62   OR EAX,00000001
1121FB65  PUSH OFFSET 12B9BB18 ; ASCII "const char *__cdecl
WTF::getStringWithTypeName<class blink::FontFaceCreationParams>(void)"
1121FB6A  PUSH 14
1121FB6C  MOV DWORD PTR DS:[1321D9D4],EAX
1121FB71  CALL 110BCEC0        ; Qt5WebEngineCore.110BCEC0
1121FB76  MOV EBX,EAX
...
1121FB82  PUSH OFFSET 12B9BAF0 ; ASCII "Sans"
1121FB87  CALL 110C9AC0        ; Qt5WebEngineCore.110C9AC0
...
1121FBC7  PUSH OFFSET 12B9BB18 ; ASCII "const char *__cdecl
WTF::getStringWithTypeName<class blink::FontFaceCreationParams>(void)"
1121FBCC  PUSH 14
1121FBCE  MOV DWORD PTR DS:[1321D9D4],EAX
1121FBD3  CALL 110BCEC0        ; Qt5WebEngineCore.110BCEC0
1121FBD8  MOV EBX,EAX
1121FBDA  ADD ESP,8
1121FBDD  TEST EBX,EBX
1121FBDF  JZ SHORT 1121FBFC
1121FBE1  PUSH ECX 
1121FBE2  MOV ECX,ESP
1121FBE4  PUSH OFFSET 12B701B0 ; ASCII "Arial"
1121FBE9  CALL 110C9AC0        ; Qt5WebEngineCore.110C9AC0
1121FBEE  MOV ECX,EBX
1121FBF0  CALL 111D5C70        ; Qt5WebEngineCore.111D5C70
...
1123EF05  JE SHORT 1123EF56
1123EF07  PUSH OFFSET 12BA0CB8 ; ASCII "const char *__cdecl
WTF::getStringWithTypeName<class blink::FontDataForRangeSet>(void)"
1123EF0C  PUSH 10
1123EF0E  CALL 110BCEC0        ; Qt5WebEngineCore.110BCEC0
1123EF13  ADD ESP,8
1123EF16  TEST EAX,EAX
1123EF18  JZ SHORT 1123EF36
1123EF1A  INC DWORD PTR DS:[ESI+4]
...
1123EF8C  CALL DWORD PTR DS:[EAX]
1123EF8E  TEST ESI,ESI
1123EF90  JNE SHORT 1123EF99
1123EF92  MOV BYTE PTR DS:[0],0 ; *boom*
1123EF99  PUSH OFFSET 12BA0CB8 ; ASCII "const char *__cdecl
WTF::getStringWithTypeName<class blink::FontDataForRangeSet>(void)"
1123EF9E  PUSH 10
1123EFA0  CALL 110BCEC0        ; Qt5WebEngineCore.110BCEC0
...
--- snip ---

https://chromium.googlesource.com/chromium/src.git/+/53.0.2785.135

https://chromium.googlesource.com/chromium/src.git/+/53.0.2785.135/third_party/WebKit/Source/platform/fonts/win/FontFallbackWin.cpp

$ sha1sum OriginSetup.exe 
959772f723c6a45cd74ef8f30ebc84b8d41f40da  OriginSetup.exe

$ du -sh OriginSetup.exe 
219M    OriginSetup.exe

$ wine --version
wine-3.15-188-g0799550075

Regards

*** This bug has been marked as a duplicate of bug 32342 ***

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list