I'm trying to track down a crash in a commercial application (Lotus 123 '97)
and would appreciate some advice on how to proceed.
The application crashes while painting its splash screen due to the use of a
null pointer in a function called from X11DRV_BitBlt. Tracing back, things begin
to go wrong in GDI_GetObjPtr which is called to get a pointer to the source
bitmap (handle 0xfd2). The retrieved object has a magic of REGION_MAGIC (0x4f4c)
instead of the expected BITMAP_MAGIC (0x4f4b), resulting in the failure.
Edited transcript of the log (wine -synchronous -debugmsg +relay 123w):
Call user32.92: CreateWindowExA(00000000,03dc88fc "123GuiltScreen",03dc1494
"",84000000,00000000,00000000,80000000,00000000,00000000,00000000,00400000,00000000)
ret=03b6762b fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCREATE,wp=00000000,lp=405c69b4)
Call user32.136: DefWindowProcA(00000138,00000081,00000000,405c69b4) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000001 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCREATE,wp=00000000,lp=405c69b4) ret=00000001
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCALCSIZE,wp=00000000,lp=405c67c0)
Call user32.136: DefWindowProcA(00000138,00000083,00000000,405c67c0) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCALCSIZE,wp=00000000,lp=405c67c0)
ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_CREATE,wp=00000000,lp=405c69b4)
Call user32.568: SetWindowLongA(00000138,00000000,00000000) ret=03b35620 fs=008f
Ret user32.568: SetWindowLongA() retval=00000000 ret=03b35620 fs=008f
Call user32.386: LoadBitmapA(03550000,00000045) ret=03ca1dec fs=008f
Ret user32.386: LoadBitmapA() retval=00000fd2 ret=03ca1dec fs=008f
Call gdi32.336: GetObjectA(00000fd2,00000018,405c6398) ret=03ca1e1d fs=008f
Ret gdi32.336: GetObjectA() retval=00000018 ret=03ca1e1d fs=008f
Call user32.318: GetSystemMetrics(00000001) ret=03ca1e33 fs=008f
Ret user32.318: GetSystemMetrics() retval=00000300 ret=03ca1e33 fs=008f
Call user32.318: GetSystemMetrics(00000000) ret=03ca1e41 fs=008f
Ret user32.318: GetSystemMetrics() retval=00000400 ret=03ca1e41 fs=008f
Call user32.433: MoveWindow(00000138,000000f2,000000e5,0000021c,00000136,00000000)
ret=03ca1e59 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=405c623c)
Call user32.136: DefWindowProcA(00000138,00000046,00000000,405c623c) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=405c623c)
ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCALCSIZE,wp=00000001,lp=405c610c)
Call user32.136: DefWindowProcA(00000138,00000083,00000001,405c610c) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCCALCSIZE,wp=00000001,lp=405c610c)
ret=00000000
Call x11drv.29: Synchronize() ret=408139d6 fs=008f
Ret x11drv.29: Synchronize() retval=00000000 ret=408139d6 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=405c623c)
Call user32.136: DefWindowProcA(00000138,00000047,00000000,405c623c) ret=03b35609
fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_MOVE,wp=00000000,lp=00e500f2)
Call user32.136: DefWindowProcA(00000138,00000003,00000000,00e500f2) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_MOVE,wp=00000000,lp=00e500f2) ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SIZE,wp=00000000,lp=0136021c)
Call user32.136: DefWindowProcA(00000138,00000005,00000000,0136021c) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SIZE,wp=00000000,lp=0136021c) ret=00000000
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=405c623c)
ret=00000000
Ret user32.433: MoveWindow() retval=00000001 ret=03ca1e59 fs=008f
Call user32.249: GetDC(00000138) ret=03ca1e69 fs=008f
Ret user32.249: GetDC() retval=00000050 ret=03ca1e69 fs=008f
Call gdi32.139: CreateCompatibleDC(00000050) ret=03ca1e99 fs=008f
Ret gdi32.139: CreateCompatibleDC() retval=0000044c ret=03ca1e99 fs=008f
Call user32.568: SetWindowLongA(00000138,00000000,0000044c) ret=03ca1ec4 fs=008f
Ret user32.568: SetWindowLongA() retval=00000000 ret=03ca1ec4 fs=008f
Call gdi32.432: SelectObject(0000044c,00000fd2) ret=03ca1ecc fs=008f
Ret gdi32.432: SelectObject() retval=000000be ret=03ca1ecc fs=008f
(Lots of GDI painting here)
Call gdi32.179: DeleteObject(00000fd2) ret=03ca21ba fs=008f <<<---
Ret gdi32.179: DeleteObject() retval=00000001 ret=03ca21ba fs=008f
Call kernel32.273: FreeResource(03577688) ret=03b01c3f fs=008f
Ret kernel32.273: FreeResource() retval=00000000 ret=03b01c3f fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_CREATE,wp=00000000,lp=405c69b4) ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SIZE,wp=00000000,lp=0136021c)
Call user32.136: DefWindowProcA(00000138,00000005,00000000,0136021c) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SIZE,wp=00000000,lp=0136021c) ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_MOVE,wp=00000000,lp=00e500f2)
Call user32.136: DefWindowProcA(00000138,00000003,00000000,00e500f2) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_MOVE,wp=00000000,lp=00e500f2) ret=00000000
Ret user32.92: CreateWindowExA() retval=00000138 ret=03b6762b fs=008f
Call user32.588: ShowWindow(00000138,00000005) ret=03b67636 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SHOWWINDOW,wp=00000001,lp=00000000)
Call user32.136: DefWindowProcA(00000138,00000018,00000001,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SHOWWINDOW,wp=00000001,lp=00000000)
ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=405c69d0)
Call user32.136: DefWindowProcA(00000138,00000046,00000000,405c69d0) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=405c69d0)
ret=00000000
fixme:task:GetFastQueue16 (): should initialize thread-local queue, expect failure!
fixme:task:GetFastQueue16 (): should initialize thread-local queue, expect failure!
Call x11drv.29: Synchronize() ret=408139d6 fs=008f
Ret x11drv.29: Synchronize() retval=00000000 ret=408139d6 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000)
Call user32.136: DefWindowProcA(00000138,0000030f,00000000,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000)
ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ACTIVATEAPP,wp=00000001,lp=00000000)
Call user32.136: DefWindowProcA(00000138,0000001c,00000001,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ACTIVATEAPP,wp=00000001,lp=00000000)
ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCACTIVATE,wp=00000001,lp=00000000)
Call user32.136: DefWindowProcA(00000138,00000086,00000001,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000001 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_NCACTIVATE,wp=00000001,lp=00000000)
ret=00000001
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ACTIVATE,wp=00000001,lp=00000000)
Call user32.136: DefWindowProcA(00000138,00000006,00000001,00000000) ret=03b35609
fs=008f
Call x11drv.29: Synchronize() ret=408139d6 fs=008f
Ret x11drv.29: Synchronize() retval=00000000 ret=408139d6 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SETFOCUS,wp=00000000,lp=00000000)
Call user32.136: DefWindowProcA(00000138,00000007,00000000,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_SETFOCUS,wp=00000000,lp=00000000) ret=00000000
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ACTIVATE,wp=00000001,lp=00000000) ret=00000000
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=405c69d0)
Call user32.136: DefWindowProcA(00000138,00000047,00000000,405c69d0) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=405c69d0)
ret=00000000
Ret user32.588: ShowWindow() retval=00000000 ret=03b67636 fs=008f
Call user32.623: UpdateWindow(00000138) ret=03b6763d fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_PAINT,wp=00000000,lp=00000000)
Call user32.11: BeginPaint(00000138,405c67f4) ret=03b3567e fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ERASEBKGND,wp=00000054,lp=00000000)
Call user32.136: DefWindowProcA(00000138,00000014,00000054,00000000) ret=03b35609
fs=008f
Ret user32.136: DefWindowProcA() retval=00000000 ret=03b35609 fs=008f
trace:relay:WINPROC_CallWndProc
(wndproc=0x3b355c7,hwnd=00000138,msg=WM_ERASEBKGND,wp=00000054,lp=00000000)
ret=00000000
Ret user32.11: BeginPaint() retval=00000054 ret=03b3567e fs=008f
Call user32.332: GetWindowLongA(00000138,00000000) ret=03b35689 fs=008f
Ret user32.332: GetWindowLongA() retval=0000044c ret=03b35689 fs=008f
Call user32.238: GetClientRect(00000138,405c67e4) ret=03b3569b fs=008f
Ret user32.238: GetClientRect() retval=00000001 ret=03b3569b fs=008f
Call gdi32.115:
BitBlt(00000054,00000000,00000000,0000021c,00000136,0000044c,00000000,00000000,00cc0020)
ret=03b356c0 fs=008f
The program is deleting the bitmap object selected into its memory DC before
BitBlitting out to the screen, and without selecting the old object back into
the DC. This I suspect is the root cause of the problem; Wine's memory
management is reusing the object handle resulting in the BitBlt failure.
Assuming the diagnosis is correct, is this fixable or (as I suspect) is there a
fundamental difference in memory handling between the two systems?
--
Dave Pickles
