[Bug 49235] New: Microsoft Visual Studio 2010 Express crashes with stack overflow in IDWriteTextAnalyzer::GetGdiCompatibleGlyphPlacements

WineHQ Bugzilla wine-bugs at winehq.org
Sun May 24 12:10:25 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=49235

            Bug ID: 49235
           Summary: Microsoft Visual Studio 2010 Express crashes with
                    stack overflow in
                    IDWriteTextAnalyzer::GetGdiCompatibleGlyphPlacements
           Product: Wine
           Version: 5.9
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dwrite
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

encountered while checking some old bug reports.

Regression introduced by commit
https://source.winehq.org/git/wine.git/commitdiff/c8f409ed9311c6b84b2383ac5640ad39cfb1d5e5
("dwrite: Keep user features values.").

Wine 5.8 works.

Download:

https://web.archive.org/web/20111016110147/http://download.microsoft.com/download/1/E/5/1E5F1C0A-0D5B-426A-A603-1798B951DDAE/VS2010Express1.iso

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/Microsoft Visual Studio
10.0/Common7/IDE

$ WINEDEBUG=+seh,+relay,+dwrite wine ./VCExpress.exe >>log.txt 2>&1
...
0024:trace:dwrite:dwritefactory_CreateTextAnalyzer 0x1257da0, 0x31a65c. 
...
0024:trace:dwrite:dwritetextanalyzer_GetGlyphs (L"File":4 0x6ad5298 0 0 "Latn"
L"en-US" (nil) 0x1db23b8 0x2665314 2 48 0x31b7a4 0x31b984 0x6ad6218 0x6ad6158
0x31a5e4)
0024:trace:dwrite:analyzer_dump_user_features feature range [0,1)
0024:trace:dwrite:analyzer_dump_user_features feature "calt", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "clig", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "kern", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "liga", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature range [1,4)
0024:trace:dwrite:analyzer_dump_user_features feature "calt", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "clig", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "kern", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "liga", parameter 1
0024:Call ntdll.RtlAllocateHeap(00110000,00000008,00000058) ret=f723159c
0024:Ret  ntdll.RtlAllocateHeap() retval=06ae6488 ret=f723159c
0024:trace:dwrite:dwritefontface_TryGetFontTable 0x6ad5298, "GSUB", 0x6ae6494,
0x6ae649c, 0x6ae6498, 0x31a27c.
0024:trace:dwrite:dwritefontface_TryGetFontTable 0x6ad5298, "GPOS", 0x6ae64b0,
0x6ae64b8, 0x6ae64b4, 0x31a27c.
0024:trace:dwrite:dwritefontface_TryGetFontTable 0x6ad5298, "GDEF", 0x6ae64cc,
0x6ae64d4, 0x6ae64d0, 0x31a27c.
...
0024:warn:dwrite:opentype_layout_apply_gsub_lookup Unimplemented lookup 4.
0024:warn:dwrite:opentype_layout_apply_gsub_lookup Unimplemented lookup 4.
0024:warn:dwrite:opentype_layout_apply_gsub_lookup Unimplemented lookup 4.
0024:warn:dwrite:opentype_layout_apply_gsub_lookup Unimplemented lookup 4. 
...
0024:trace:dwrite:dwritetextanalyzer_GetGdiCompatibleGlyphPlacements (L"File"
0x31b7a4 0x31b984 4 0x6ad6218 0x6ad6158 4 0x6ad5298 11.00 1.00 0x31a698 0 0 0
"Latn" L"en-US" 0x1db2428 0x2665650 2 0x1db23b8 0x1db2400)
0024:trace:dwrite:analyzer_dump_user_features feature range [0,1)
0024:trace:dwrite:analyzer_dump_user_features feature "calt", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "clig", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "kern", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "liga", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature range [1,4)
0024:trace:dwrite:analyzer_dump_user_features feature "calt", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "clig", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "kern", parameter 1
0024:trace:dwrite:analyzer_dump_user_features feature "liga", parameter 1
...
0024:trace:dwrite:shape_get_positions script "latn", language deflangsys.
0024:Call KERNEL32.HeapFree(00110000,00000000,00000000) ret=f722fb57
0024:Ret  KERNEL32.HeapFree() retval=00000001 ret=f722fb57
0024:Call KERNEL32.HeapFree(00110000,00000000,06ae6518) ret=f7231777
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc6ea54
ip=7bc6ea54 tid=0024
0024:trace:seh:raise_exception  info[0]=00000001
0024:trace:seh:raise_exception  info[1]=00000005
0024:trace:seh:raise_exception  eax=00000001 ebx=06ae6510 ecx=06ae6718
edx=00000001 esi=06a00000 edi=00000208
0024:trace:seh:raise_exception  ebp=0031a088 esp=00319f90 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0024:trace:seh:call_vectored_handlers calling handler at 0x791f5a7c
code=c0000005 flags=0 
...
0024:trace:seh:call_stack_handlers handler at 0x7968f358 returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x791ccc44 code=c0000005
flags=0
0024:Call KERNEL32.GetLastError() ret=7919c63c
0024:Ret  KERNEL32.GetLastError() retval=00000000 ret=7919c63c
0024:Call ntdll.RtlAllocateHeap(00110000,00000000,0000004c) ret=7919bf7e
0024:err:seh:setup_exception_record stack overflow 816 bytes in thread 0024 eip
f7be36c5 esp 00221000 stack 0x220000-0x221000-0x320000 
--- snip ---

Unrelated: It would be helpful if 'dwrite' could be turned into a PE with PDB
symbols. Winedbg is really useless as of now.

$ sha1sum VS2010Express1.iso 
adef5e361a1f64374f520b9a2d03c54ee43721c6  VS2010Express1.iso

$ du -sh VS2010Express1.iso 
694M    VS2010Express1.iso

$ wine --version
wine-5.9

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list