[Bug 48561] Cadence Allegro Professional 16.6 crashes at startup

WineHQ Bugzilla wine-bugs at winehq.org
Mon Feb 3 14:42:11 CST 2020 

https://bugs.winehq.org/show_bug.cgi?id=48561

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
          Component|-unknown                    |msvcp

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming. The minidump wasn't useful but fortunately I found a distributed
"backup" of Orcad v16.6 for reproduce/debug.

There are actually two bugs - one of them is only surfacing when Wine has been
built with LLVM MingGW toolchain (miscompiled msvcp code). 

Targeting the problem when Wine was built with Gcc here.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Cadence/SPB_16.6/tools/pcb/bin

$ WINEDEBUG=+seh,+relay,+msvcrt,+msvcp wine ./allegro.exe >> log.txt 2>&1
...
004f:trace:msvcrt:MSVCRT__wsopen_dispatch path:
(L"C:/Cadence/SPB_16.6/share/pcb/text/custdatatips.cdt") oflags: 0x0000
shflags: 0x0040 pmode: 0x0000 fd*: 0x306c98c secure: 0
004f:trace:msvcrt:msvcrt_alloc_fd :handle (0x138) allocating fd (6)
004f:trace:msvcrt:MSVCRT__wsopen_dispatch :fd (6) handle (0x138)
004f:trace:msvcrt:msvcrt_init_fp :fd (6) allocating FILE*
004f:trace:msvcrt:msvcrt_init_fp :got FILE* (0x7ea2e460)
004f:trace:msvcrt:MSVCRT__wfsopen :fd (6) mode (L"r") FILE* (0x7ea2e460)
004f:trace:msvcrt:MSVCRT__wfsopen :got (0x7ea2e460) 
...
004f:trace:msvcp:basic_istream_char_getline_delim Format is: "(%p %p %s %s)\n"
(0306DB44 0306D684 400 "\n")
004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:basic_streambuf_char__Lock Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_istream_char__Ipfx Format is: "(%p %d)\n"
(0306DB44 1)
004f:trace:msvcp:ios_base_good Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:basic_ios_char_tie_get Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:ios_base_good Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:basic_streambuf_char_sbumpc Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_streambuf_char__Gnavail Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_filebuf_char_uflow Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_filebuf_char_is_open Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_streambuf_char_gptr Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_streambuf_char_egptr Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcrt:_lock (34)
004f:trace:msvcrt:read_i :fd (6) handle (0x138) buf (0x4a780d0) len (4096)
004f:trace:msvcrt:read_i :EOF ""
004f:trace:msvcrt:read_i (0), ""
004f:trace:msvcrt:_unlock (34)
004f:trace:msvcp:basic_ios_char_rdbuf_get Format is: "(%p)\n"
(0306DB9C)
004f:trace:msvcp:basic_streambuf_char__Unlock Format is: "(%p)\n"
(0306DB4C)
004f:trace:msvcp:basic_ios_char_setstate_reraise Format is: "(%p %x %x)\n"
(0306DB9C 3 0)
004f:trace:msvcp:basic_ios_char_clear_reraise Format is: "(%p %x %x)\n"
(0306DB9C 3 0)
004f:trace:msvcp:ios_base_clear_reraise Format is: "(%p %x %x)\n"
(0306DB9C 3 0)
004f:trace:msvcp:MSVCP_failure_ctor Format is: "%p %s\n"
0306CBE8 eofbit is set
004f:trace:msvcp:MSVCP_runtime_error_ctor Format is: "%p %s\n"
0306CBE8 eofbit is set
004f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e85bc23
ip=7e85bc23 tid=004f
004f:trace:seh:raise_exception  info[0]=00000000
004f:trace:seh:raise_exception  info[1]=00000000
004f:trace:seh:raise_exception  eax=00000041 ebx=0306cbe8 ecx=0306cbc0
edx=00000000 esi=00000000 edi=00000000
004f:trace:seh:raise_exception  ebp=0306cba8 esp=0306cb88 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010216
004f:trace:seh:call_stack_handlers calling handler at 0x1f8fd6e code=c0000005
flags=0
004f:trace:seh:call_stack_handlers handler at 0x1f8fd6e returned 1
004f:trace:seh:call_stack_handlers calling handler at 0x401ed1 code=c0000005
flags=0
004f:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0x7e85bc23 
...
004f:Call msvcr80._strdup(0257a668 "Program has encountered a problem and must
exit. The design will be saved as a .SAV file that can be recovered using
dbdoctor (if applicable). To resolve problem, first obtain the latest software
update from Cadence and if the problem persists contact Cadence Customer
Support. In addition t"...) ret=0197ee27 
...
--- snip ---

The application reads a text file 'custdatatips.cdt' which is 2873 bytes.

--- snip ---
{
    {5
        (1073741825, 0, 0)
        (1073741827, 0, 0)
        (1073741826, 0, 0)
        (63, 0, 1)
    }
    {10
        (1073741825, 0, 0)
        (1073741827, 0, 1)
        (1073741845, 1, 1)
        (1073741843, 1, 1)
    }
    {12
        (1073741825, 0, 0)
        (1073741856, 0, 0)
        (1073741833, 0, 1)
    }
    {27
        (1073741825, 0, 0)
        (1073741828, 1, 1)
        (63, 0, 1)
    }
...
    {32776
        (16777215)
        (0)
        (0)
    }
    {49155
        (16777215)
        (0)
        (0)
    }
}
--- snip ---

There are empty lines (newlines only) at the end, hence
'getline(stream,buffer)' will set 'ios:eofbit' and 'ios:failbit' at one point.

Wine's msvcp crashes when trying to set up failure exception.

Debugger session:

--- snip ---
$ wine64 winedbg ./allegro.exe
WineDbg starting on pid 005b

0x000000007bcb0131 DbgBreakPoint+0x1 in ntdll: ret    
Wine-dbg>c
...
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x000000007e85bbb8).
005a:fixme:dbghelp:x86_64_find_runtime_function RunTime_Function outside
IMAGE_DIRECTORY_ENTRY_EXCEPTION unimplemented yet!
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7e85bbb8 ESP:0306cb90 EBP:0306cba8 EFLAGS:00010246(  R- --  I  Z- -P- )
 EAX:0306cbe8 EBX:0306cbe8 ECX:0306cbc0 EDX:0306cc24
 ESI:00000000 EDI:00000000
...
Backtrace:
=>0 0x000000007e85bbb8 MSVCP_exception_ctor+0x28(this=<couldn't compute
location>, name=<couldn't compute location>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\exception.c:103]
in msvcp80 (0x000000000306cba8)
  1 0x000000007e85bc6d MSVCP_runtime_error_ctor+0x1c(this=<unknown register
329>, name=<unknown register 334>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\exception.c:563]
in msvcp80 (0x000000000306cbd8)
  2 0x000000007e85d36e throw_exception+0x11d(str=<is not available>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\exception.c:673]
in msvcp80 (0x000000000306cc18)
  3 0x000000007e86851f ios_base_clear_reraise+0xde(this=<couldn't compute
location>, state=<couldn't compute location>, reraise=<couldn't compute
location>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\ios.c:5300]
in msvcp80 (0x000000000306cc48)
  4 0x000000007e869988 basic_ios_char_clear_reraise+0x37(this=<couldn't compute
location>, state=<couldn't compute location>, reraise=<couldn't compute
location>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\ios.c:5812]
in msvcp80 (0x000000000306cc88)
  5 0x000000007e869dcb basic_ios_char_setstate_reraise+0x7a() in msvcp80
(0x000000000306ccc8)
  6 0x000000007e86f80b basic_istream_char_getline_delim+0x26a(this=<couldn't
compute location>, str=<couldn't compute location>, count=<couldn't compute
location>, delim=<couldn't compute location>)
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\ios.c:5923]
in msvcp80 (0x000000000306cd28)
  7 0x000000007e86f8c2 basic_istream_char_getline+0x21()
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\ios.c:8552]
in msvcp80 (0x000000000306cd58)
  8 0x0000000001861eb6 EntryPoint+0x14602f7() in allegro (0x000000000306dbe4)
  9 0x00000000018618ac EntryPoint+0x145fced() in allegro (0x000000000306dcf0)
  10 0x00000000018618fa EntryPoint+0x145fd3b() in allegro (0x000000000306dcf8)
  11 0x000000000186528d EntryPoint+0x14636ce() in allegro (0x000000000306dd00)
  12 0x000000000049fb50 EntryPoint+0x9df91() in allegro (0x000000000306f708)
  13 0x000000000049f001 EntryPoint+0x9d442() in allegro (0x000000000306fd00)
  14 0x0000000000402401 EntryPoint+0x842() in allegro (0x000000000306fe64)
  15 0x00000000018c8ecb EntryPoint+0x14c730c() in allegro (0x000000000306fe74)
  16 0x00000000018bac6c EntryPoint+0x14b90ad() in allegro (0x000000000306fe90)
  17 0x000000007820cd75 EntryPoint+0xffffffffffffffff() in mfc80
(0x000000000306ff30)
  18 0x000000007b452222 call_process_entry+0x11() in kernel32
(0x000000000306ff48)
  19 0x000000007b452610 start_process+0xdf(entry=<couldn't compute location>,
peb=<couldn't compute location>)
[Z:\home\focht\projects\wine\mainline-src\dlls\kernel32\process.c:153] in
kernel32 (0x000000000306ffd8)
  20 0x000000007b45222e __wine_start_process+0x9() in kernel32
(0x000000000306ffec)
0x000000007e85bbb8 MSVCP_exception_ctor+0x28
[Z:\home\focht\projects\wine\mainline-src\dlls\msvcp80\..\msvcp90\exception.c:103]
in msvcp80: movl    0x0(%esi),%eax
103        if(EXCEPTION_STR(name)) {

--- snip ---

Wine source:

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l34

--- snip ---
...
  34 #if _MSVCP_VER >= 70 || defined(_MSVCIRT)
  35 typedef const char **exception_name;
  36 #define EXCEPTION_STR(name) (*name)
  37 #define EXCEPTION_NAME(str) ((exception_name)&str)
  38 #else
  39 typedef const char *exception_name;
  40 #define EXCEPTION_STR(name) (name)
  41 #define EXCEPTION_NAME(str) (str)
  42 #endif
...
--- snip ---

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l556

--- snip ---
 556 static runtime_error* MSVCP_runtime_error_ctor( runtime_error *this,
exception_name name )
 557 {
 558     TRACE("%p %s\n", this, EXCEPTION_STR(name));
 559 #if _MSVCP_VER <= 90 && !defined _MSVCIRT
 560 #if _MSVCP_VER == 60
 561     MSVCP_exception_ctor(&this->e, "");
 562 #else
 563     MSVCP_exception_ctor(&this->e, NULL);
 564 #endif
 565     MSVCP_basic_string_char_ctor_cstr(&this->str, EXCEPTION_STR(name));
 566 #else
 567     MSVCP_exception_ctor(&this->e, name);
 568 #endif
 569     this->e.vtable = &MSVCP_runtime_error_vtable;
 570     return this;
 571 }
--- snip ---

Passing NULL exception name causes NULL ptr deref in 'MSVCP_exception_ctor'.
If debug trace is enabled, it with will crash even earlier in
'MSVCP_failure_ctor' (TRACE).

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l670

--- snip ---
 670 static failure* MSVCP_failure_ctor( failure *this, exception_name name )
 671 {
 672     TRACE("%p %s\n", this, EXCEPTION_STR(name));
 673     MSVCP_runtime_error_ctor(&this->base, name);
 674 #if _MSVCP_VER > 90
 675     /* FIXME: set err correctly */
 676     this->err = 0;
 677 #endif
 678     this->base.e.vtable = &MSVCP_failure_vtable;
 679     return this;
 680 }
--- snip ---

https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/msvcp90/exception.c#l95

--- snip ---
  95 /* ??0exception@@QAE at ABQBD@Z */
  96 /* ??0exception@@QEAA at AEBQEBD@Z */
  97 DEFINE_THISCALL_WRAPPER(MSVCP_exception_ctor,8)
  98 exception* __thiscall MSVCP_exception_ctor(exception *this, exception_name
name)
  99 {
 100     TRACE("(%p %s)\n", this, EXCEPTION_STR(name));
 101 
 102     this->vtable = &MSVCP_exception_vtable;
 103     if(EXCEPTION_STR(name)) {
 104         unsigned int name_len = strlen(EXCEPTION_STR(name)) + 1;
 105         this->name = malloc(name_len);
 106         memcpy(this->name, EXCEPTION_STR(name), name_len);
 107         this->do_free = TRUE;
 108     } else {
 109         this->name = NULL;
 110         this->do_free = FALSE;
 111     }
 112     return this;
 113 }
--- snip ---

For the time being you can work around with 'winetricks -q vcrun2005'.

$ wine --version
wine-5.1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list