[Bug 30165] Pegasus Mail v4.63 crashes

WineHQ Bugzilla wine-bugs at winehq.org
Thu Dec 30 07:17:59 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=30165

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
          Component|-unknown                    |mshtml
                URL|http://download-us.pmail.co |https://web.archive.org/web
                   |m/w32-463.exe               |/20131024105021/http://down
                   |                            |load-us.pmail.com/w32-463.e
                   |                            |xe

--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

adding stable download link via Internet Archive for documentation.

https://web.archive.org/web/20131024105021/http://download-us.pmail.com/w32-463.exe

$ sha1sum w32-463.exe 
4e35d7c88253d263cf4e0c9b0743571970ad3680  w32-463.exe

$ du -sh w32-463.exe
13M    w32-463.exe

OP's crash was certainly different. My guess: this might have been the result
of OP clicking away error message windows from Wine insufficiencies (bug 30090
et al.), doing actions until the point when the app simply became unstable.

Apps/libs are usually developed to be fault tolerant of certain error classes.
There are cases though when cascading errors can't be reliably handled anymore
and teardown procedures run into partially initialized data, causing faults as
well.

OP's backtrace:

--- snip ---
Unhandled exception: page fault on read access to 0xdddddde5 in 32-bit code
(0x00588fa6).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:00588fa6 ESP:0033c7c0 EBP:0033c898 EFLAGS:00210286(  R- --  I S - -P- )
 EAX:00f6997d EBX:764ebff4 ECX:dddddddd EDX:00f6997d
 ESI:0033c8a4 EDI:0033c898
Stack dump:
0x0033c7c0:  0033caf0 0033c8a4 764ebff4 cccccccc
0x0033c7d0:  cccccccc cccccccc cccccccc cccccccc
0x0033c7e0:  cccccccc cccccccc cccccccc cccccccc
0x0033c7f0:  cccccccc cccccccc cccccccc cccccccc
0x0033c800:  cccccccc cccccccc cccccccc cccccccc
0x0033c810:  cccccccc cccccccc cccccccc cccccccc
Backtrace:
=>0 0x00588fa6 in winpm-32 (+0x188fa6) (0x0033c898)
  1 0x0078ffa9 in winpm-32 (+0x38ffa8) (0x0033caf0)
  2 0x764c3a9a WINPROC_wrapper+0x19() in user32 (0x0033cb20)
  3 0x764c559c in user32 (+0x9559b) (0x0033cb70)
...
  8 0x7648d19c SendMessageW+0x4b() in user32 (0x0033d1d0)
  9 0x764b843b in user32 (+0x8843a) (0x0033d240)
  10 0x764b8bea DestroyWindow+0x259() in user32 (0x0033d290)
...
  21 0x7647ad62 DefMDIChildProcA+0xb1() in user32 (0x0033d6a0)
  22 0x007901c9 in winpm-32 (+0x3901c8) (0x0033d904)
...
  28 0x7648d143 SendMessageA+0x52() in user32 (0x0033db14)
  29 0x0058e4f7 in winpm-32 (+0x18e4f6) (0x0033dc6c)
  30 0x0079bc21 in winpm-32 (+0x39bc20) (0x0033e0dc)
  31 0x764c3a9a WINPROC_wrapper+0x19() in user32 (0x0033e10c)
...
  36 0x7648d143 SendMessageA+0x52() in user32 (0x0033e2ec)
  37 0x0079b999 in winpm-32 (+0x39b998) (0x0033e75c)
  38 0x764c3a9a WINPROC_wrapper+0x19() in user32 (0x0033e78c)
...
  48 0x76478bf0 DefFrameProcA+0x5f() in user32 (0x0033efec)
  49 0x0079d0de in winpm-32 (+0x39d0dd) (0x0033f460)
...
  53 0x76489a1e DispatchMessageA+0x9d() in user32 (0x0033f620)
  54 0x00583ae2 in winpm-32 (+0x183ae1) (0x0033f82c)
  55 0x00584e4a in winpm-32 (+0x184e49) (0x0033fdc4)
  56 0x007e20d6 in winpm-32 (+0x3e20d5) (0x0033fe68)
  57 0x007e1f5f in winpm-32 (+0x3e1f5e) (0x0033fe70)
  58 0x7b85af2c call_process_entry+0xb() in kernel32 (0x0033fe88)
--- snip ---

The app was built with MSVC and /RTC option (see magic 0xCCCCCCCC stack filler
in prolog).

--- snip ---
...
0078FF7B | 51             PUSH ECX
0078FF7C | FF15 E4B18700  CALL DWORD PTR DS:[<&KERNEL32.FreeLibrary>]
0078FF82 | 3BF4           CMP ESI,ESP
0078FF84 | E8 B0F0DDFF    CALL winpm-32.0056F039
0078FF89 | 8B85 A4FEFFFF  MOV EAX,DWORD PTR SS:[EBP-15C]
0078FF8F | 83B8 15010000  CMP DWORD PTR DS:[EAX+115],0
0078FF96 | 74 14          JE SHORT winpm-32.0078FFAC
0078FF98 | 8B85 A4FEFFFF  MOV EAX,DWORD PTR SS:[EBP-15C]
0078FF9E | 05 0D010000    ADD EAX,10D
0078FFA3 | 50             PUSH EAX
0078FFA4 | E8 C5C0DDFF    CALL winpm-32.0056C06E
...
0056C06E | E9 FDCE0100    JMP winpm-32.00588F70
...
00588F70 | 55             PUSH EBP
00588F71 | 8BEC           MOV EBP,ESP
00588F73 | 81EC CC000000  SUB ESP,0CC
00588F79 | 53             PUSH EBX
00588F7A | 56             PUSH ESI
00588F7B | 57             PUSH EDI
00588F7C | 8DBD 34FFFFFF  LEA EDI,DWORD PTR SS:[EBP-CC]
00588F82 | B9 33000000    MOV ECX,33
00588F87 | B8 CCCCCCCC    MOV EAX,CCCCCCCC                 ; MSVC RTC filler
00588F8C | F3:AB          REP STOS DWORD PTR ES:[EDI]
00588F8E | 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
00588F91 | 8338 00        CMP DWORD PTR DS:[EAX],0
00588F94 | 74 52          JE SHORT winpm-32.00588FE8
00588F96 | 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
00588F99 | 8B08           MOV ECX,DWORD PTR DS:[EAX]
00588F9B | 894D F8        MOV DWORD PTR SS:[EBP-8],ECX
00588F9E | 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
00588FA1 | 8B08           MOV ECX,DWORD PTR DS:[EAX]
00588FA3 | 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]
00588FA6 | 8B41 08        MOV EAX,DWORD PTR DS:[ECX+8]     ; *boom*
00588FA9 | 8902           MOV DWORD PTR DS:[EDX],EAX
00588FAB | 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
00588FAE | 0FBF48 12      MOVSX ECX,WORD PTR DS:[EAX+12]
...
--- snip ---

I couldn't reproduce that particular crash with Wine 1.4-rc4 a single time. The
breakpoint at 0x0078FFA4 was never hit.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list