GNOME Bugzilla – Bug 316645
W2K : GIMP start -> crash (floating point exception in icm32.dll)
Last modified: 2013-10-15 20:41:00 UTC
Steps to reproduce: System: W2K + all fixpacks Install GIMP 2.2.8+ GTK++ 2.6.9 everthings fine. reboot machine start gimp -> crash: unknown software exception 0xc00008e at 0x6e8e3deb this is : float divide by 0 in ICM32.dll in CMGetNamedProfileInfo When i terminate my Outlook2k (which is startet in startup folder with outlook Quotefix) and restart it (thios last step is not nec, but doesnt matter). (after gimp is started one time without crash i can run it as often as i want until the next reboot where the troubles start again...) Stack trace: i started my idebug debugger at the crash at this shows: Stacks:gimp-2.2:1920 Thread 1 [State:Unknown,Enabled,Priority:9 System TID:1580] CMGetNamedProfileInfo [ICM32.DLL-1: ] CMGetNamedProfileInfo [ICM32.DLL-1:0x6E8E3517] CMGetNamedProfileInfo [ICM32.DLL-1:0x6E8E4591] CMCreateProfileW [ICM32.DLL-1:0x6E8E1A4B] GetSystemPaletteEntries [GDI32.DLL-1:0x77F5868A] gdk_display_get_maximal_cursor_size [LIBGDK-WIN32-2.0-0.DLL-1:0x009FD34D] gdk_display_get_maximal_cursor_size [LIBGDK-WIN32-2.0-0.DLL-1:0x009FD4F5] gdk_display_get_maximal_cursor_size [LIBGDK-WIN32-2.0-0.DLL-1:0x009FD6D4] gdk_display_get_maximal_cursor_size [LIBGDK-WIN32-2.0-0.DLL-1:0x009FD74D] gdk_window_set_icon_list [LIBGDK-WIN32-2.0-0.DLL-1:0x00A22BF9] gtk_window_get_decorated [LIBGTK-WIN32-2.0-0.DLL-1:0x00CA5FD9] gtk_window_reshow_with_initial_size [LIBGTK-WIN32-2.0-0.DLL-1:0x00CA7C30] g_cclosure_marshal_VOID__VOID [LIBGOBJECT-2.0-0.DLL-1:0x00867A4A] g_cclosure_new_swap [LIBGOBJECT-2.0-0.DLL-1:0x0085370B] g_closure_invoke [LIBGOBJECT-2.0-0.DLL-1:0x008534DE] g_signal_emit_by_name [LIBGOBJECT-2.0-0.DLL-1:0x00865F6A] g_signal_emit_valist [LIBGOBJECT-2.0-0.DLL-1:0x00865434] g_signal_emit [LIBGOBJECT-2.0-0.DLL-1:0x00865676] gtk_widget_realize [LIBGTK-WIN32-2.0-0.DLL-1:0x00C98F7B] gtk_widget_realize [LIBGTK-WIN32-2.0-0.DLL-1:0x00C98F5A] gtk_widget_realize [LIBGTK-WIN32-2.0-0.DLL-1:0x00C98F5A] gtk_widget_realize [LIBGTK-WIN32-2.0-0.DLL-1:0x00C98F5A] 0x00407D56 [gimp-2.2-1:0x00407D5B] Thread 2 [State:Unknown,Enabled,Priority:9 System TID:544] Other information:
Having similar problems on Windows XP SP2. I have a workaround .... the workaround may break other parts of GIMP, especially printing :) cd "\Program Files\GIMP-2.0\bin" copy bzip2.dll icm32.dll This creates a bogus icm32.dll which will get loaded ... then unloaded, when it realises it has none of the exported functions it needs. The same effect can be achieved by creating an empty file called icm32.dll in the GIMP directory, but it will then continually claim that icm32.dll is corrupt... I did a limited stack trace in WinDbg and have come to pretty much the same conclusion as you have: (e30.8ac): Unknown exception - code c000008e (first chance) (e30.8ac): Unknown exception - code c000008e (!!! second chance !!!) eax=0022e460 ebx=00000176 ecx=0022e3e0 edx=2cd30000 esi=0022e49c edi=00269a04 eip=66e9426a esp=0022e3b0 ebp=0022e418 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200202 icm32!NormalizeColor+0x40: 66e9426a d8c9 fmul st,st(1) 0:000> kb ChildEBP RetAddr Args to Child 0022e418 66e94a5c 00269718 00269724 00269730 icm32!NormalizeColor+0x40 0022e4f4 66e915ef 00269704 002696fc 0022e51c icm32!MyNewAbstractW+0x1e0 0022e504 73b35c55 00269704 002696fc 002696fc icm32!CMCreateProfileW+0x18 0022e51c 73b3608e 00269704 002696fc 00000001 mscms!InternalCreateProfileFromLCS+0x5c 0022e530 77f3ff82 00269704 002696fc 00269700 mscms!CreateProfileFromLogColorSpaceW+0x12 0022e548 77f36c91 00269704 002696fc 00269700 GDI32!IcmCreateProfileFromLCS+0x14 0022e568 77f34814 3c011242 0022e5b8 0022e58c GDI32!IcmCreateColorSpaceByColorSpace+0x1b9 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll - 0022e808 6b0603f6 3c011242 0022e8c0 00000000 GDI32!CreateDIBSection+0x106 WARNING: Stack unwind information not available. Following frames may be wrong. 0022e978 6b060832 00000003 00000002 00000002 libgdk_win32_2_0_0!gdk_display_get_maximal_cursor_size+0x5f6 *** ERROR: Module load completed but symbols could not be loaded for image00400000 0022e998 004f1a6e 00fb5018 0209ae40 00000003 libgdk_win32_2_0_0!gdk_cursor_new_from_pixbuf+0xd2 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll - 0022e9f8 6066ebe1 0197b2d8 00fde058 00000001 image00400000+0xf1a6e 0022ea18 004f1b82 00fb5018 00000001 00000401 libgtk_win32_2_0_0!gtk_widget_get_display+0x31 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgobject-2.0-0.dll - 0022ea38 62757e86 0209b020 0000005c 00000001 image00400000+0xf1b82 0022ea58 0044e215 0197b2d8 00000001 00000401 libgobject_2_0_0!g_signal_emit+0x26 00000000 00000000 00000000 00000000 00000000 image00400000+0x4e215 So ... gtk is attempting to set a new cursor. In the course of doing so, mscms.dll calls icm32.dll, and the crash occurs in icm32.dll when trying to create a colour space. Apparently, this problem does not happen with older versions of icm32.dll. (Does anyone know exactly at *what* version of icm32.dll this problem began to appear?) This means there are several avenues of attack which we need to go through: - Is the cursor pixmap supplied to Windows subtly wrong? [including colour specs...] - If it is, then has some exception-checking code been removed from later versions of icm32.dll? - If not, then are we not doing a basic check on validity which other Windows apps do to ensure the cursor pixmap is compliant? - Failing all that and if icm32.dll is buggy and beyond redemption, can we trap the exception and continue running?
The following may be of use... I was reading http://www.vmware.com/community/thread.jspa?threadID=16536&filterOrder=DESC&tstart=0 and from there followed on to: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1491 'Users reporting the problem have been running Macro Magic or some other program created with Borland development tools.' ... And what's the last DLL loaded before it crashes? .... 'ModLoad: 02880000 02891000 C:\Program Files\AllChars\ALLCHR32.DLL' ... Guess what that's compiled with? Borland :) (AllChars is a keyboard hook thing that allows you to type accented characters on an ordinary keyboard) The link suggests two workarounds, one of which may be less useful for some people (disabling ICM entirely). Seems it could be a generic problem with keyboard hook drivers compiled using Borland C. Is there a way to code around it is the next question...?
Well, even if total garbage is passed to some Win32 API, it shouldn't cause a crash... But as far as I know, the cursor data supplied to Windows is fine. The code in gdk/win32 that creates cursor should be relatively easy to pick out and make into a standalone test program (if you don't feel like building all of gdk) that you can tinker with and see if you can make the problem go away.
(In reply to comment #3) > Well, even if total garbage is passed to some Win32 API, it shouldn't cause a > crash... But as far as I know, the cursor data supplied to Windows is fine. The > code in gdk/win32 that creates cursor should be relatively easy to pick out and > make into a standalone test program (if you don't feel like building all of > gdk) that you can tinker with and see if you can make the problem go away. > I'll check out undoing my workaround and disabling AllChars and see what the result is ... if the bug goes away, perhaps there are newer Borland runtimes which sort the problem ... Yahoo! Messenger had similar problems, and there was a fix for that, so there will be ways to fix it (perhaps they simply disabled all keyboard hook drivers ;))
Disabling AllChars does indeed 'solve' the problem. Recommendation: Look for any macro recorders/players/etc you have installed on your system and disable them. This should hopefully make the problem go away. Cause of bug: Unknown instability caused by keyboard hook applications compiled using Borland tools. No known solutions other than to disable said applications. Workaround might be possible within GTK, but cannot find supporting information. Two known examples of such applications: AllChars and Macro Magic (see VMWare link). Problem will be triggered when an application makes a call which asks for text input. DLL Load traces show that (in my instance) the application crashes after loading AllChr32.dll, part of AllChars. Compare a) an instance where a crash occurrs and b) a normal execution of GIMP. a) Crash ** [Open dialog box for Image->Scale Image in GIMP] ModLoad: 024d0000 02689000 C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll ModLoad: 7c140000 7c243000 C:\Program Files\Common Files\Ahead\lib\MFC71.DLL ModLoad: 7c340000 7c396000 C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll ModLoad: 7c3a0000 7c41b000 C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll ModLoad: 5d360000 5d36e000 C:\WINDOWS\system32\MFC71ENU.DLL ** [Note that AllChr32.DLL is dynamically loaded] ModLoad: 02880000 02891000 C:\Program Files\AllChars\ALLCHR32.DLL ** [Close dialog, AFTER typing in percent values to scale (25%)] ** [Scale operation completes successfully, followed by crash] (e30.8ac): Unknown exception - code c000008e (first chance) (e30.8ac): Unknown exception - code c000008e (!!! second chance !!!) eax=0022e460 ebx=00000176 ecx=0022e3e0 edx=2cd30000 esi=0022e49c edi=00269a04 eip=66e9426a esp=0022e3b0 ebp=0022e418 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200202 icm32!NormalizeColor+0x40: 66e9426a d8c9 fmul st,st(1) b) Normal execution after AllChars is disabled: ** [Open dialog box for Image->Scale Image in GIMP] ModLoad: 7c140000 7c243000 C:\Program Files\Common Files\Ahead\lib\MFC71.DLL ModLoad: 7c340000 7c396000 C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll ModLoad: 7c3a0000 7c41b000 C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll ModLoad: 5d360000 5d36e000 C:\WINDOWS\system32\MFC71ENU.DLL ** [Close dialog, AFTER typing in percent values to scale (25%)] ** [Scale operation completes successfully] I will leave it to the pros to find a permanent solution to the problem (perhaps, trapping the exception from icm32.dll ...?)
In the case of users with AllChars, upgrading AllChars to version 3.63 also causes the problem to disappear.
Hm, mentioning Borland and the 'float divide by 0' in the first bug report reminds me of this: <http://www.virtualdub.org/blog/pivot/entry.php?id=53>. I've also heard reports that some HP printer drivers cause similar problems. Could this be what's happening here?
(In reply to comment #7) > Hm, mentioning Borland and the 'float divide by 0' in the first bug report > reminds me of this: <http://www.virtualdub.org/blog/pivot/entry.php?id=53>. > I've also heard reports that some HP printer drivers cause similar problems. > > Could this be what's happening here? > That looks like EXACTLY what is wrong to me :) [Other applications also crash with floating point exceptions, seeminly randomly] All that is needed now is for someone skilled enough to code and test a patch [I'm not!]
Analysis Category: NOTGNOME, UNFIXABLE More analysis into this problem reveals it IS down to the Borland runtimes manipulating the FPCW. No fix is really possible as the code which destabilises the GIMP is external and unknown to the GIMP and can be called without the GIMP's knowledge (same true for other GTK+ apps). Because of the nature of the fault, the only real answer is to check third-party programs on your machine... update them if possible ... and be suspicious of anything compiled with Borland tools. These seem to be the main culprit for this bug. Below is a trace of the cause of the crash (the manipulation of the FPCW) due to a third-party utility called AllChars. Before I begin may I point out to users that his latest patch for AllChars, version 3.6.3 patch, fixes the problem :). Having corresponded with the author too, there is no difference between the two versions other than the version of Delphi used to compile them... Comments are preceded with '>>>'. Opened log file 'c:\gimpdbg2.log' CommandLine: "C:\Program Files\GIMP-2.0\bin\gimp-2.2.exe" Starting directory: C:\Program Files\GIMP-2.0\bin Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: ModLoad: 00400000 00741000 image00400000 ModLoad: 7c900000 7c9b0000 ntdll.dll ModLoad: 7c800000 7c8f4000 C:\WINDOWS\system32\kernel32.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpmodule-2.0-0.dll - ModLoad: 68840000 6884a000 C:\Program Files\GIMP-2.0\bin\libgimpmodule-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll - ModLoad: 672c0000 67351000 C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll *** WARNING: Unable to verify checksum for C:\Program Files\Common Files\GTK\2.0\bin\iconv.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\iconv.dll - ModLoad: 10000000 100da000 C:\Program Files\Common Files\GTK\2.0\bin\iconv.dll ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\MSVCRT.dll *** WARNING: Unable to verify checksum for C:\Program Files\Common Files\GTK\2.0\bin\intl.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\intl.dll - ModLoad: 003d0000 003db000 C:\Program Files\Common Files\GTK\2.0\bin\intl.dll ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.DLL ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll ModLoad: 774e0000 7761d000 C:\WINDOWS\system32\OLE32.dll ModLoad: 77f10000 77f57000 C:\WINDOWS\system32\GDI32.dll ModLoad: 77d40000 77dd0000 C:\WINDOWS\system32\USER32.dll ModLoad: 7c9c0000 7d1d5000 C:\WINDOWS\system32\SHELL32.DLL ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.DLL ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgmodule-2.0-0.dll - ModLoad: 6ca00000 6ca0a000 C:\Program Files\Common Files\GTK\2.0\bin\libgmodule-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgobject-2.0-0.dll - ModLoad: 62740000 6277b000 C:\Program Files\Common Files\GTK\2.0\bin\libgobject-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpbase-2.0-0.dll - ModLoad: 63900000 63911000 C:\Program Files\GIMP-2.0\bin\libgimpbase-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpthumb-2.0-0.dll - ModLoad: 67900000 6790e000 C:\Program Files\GIMP-2.0\bin\libgimpthumb-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgdk_pixbuf-2.0-0.dll - ModLoad: 64040000 6405b000 C:\Program Files\Common Files\GTK\2.0\bin\libgdk_pixbuf-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpmath-2.0-0.dll - ModLoad: 6c240000 6c24b000 C:\Program Files\GIMP-2.0\bin\libgimpmath-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll - ModLoad: 62780000 62861000 C:\Program Files\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll - ModLoad: 6b040000 6b0e6000 C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll - ModLoad: 67ac0000 67b16000 C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libfontconfig-1.dll - ModLoad: 007a0000 007c5000 C:\Program Files\Common Files\GTK\2.0\bin\libfontconfig-1.dll *** WARNING: Unable to verify checksum for C:\Program Files\Common Files\GTK\2.0\bin\xmlparse.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\xmlparse.dll - ModLoad: 20000000 2000d000 C:\Program Files\Common Files\GTK\2.0\bin\xmlparse.dll *** WARNING: Unable to verify checksum for C:\Program Files\Common Files\GTK\2.0\bin\xmltok.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\xmltok.dll - ModLoad: 003e0000 003f4000 C:\Program Files\Common Files\GTK\2.0\bin\xmltok.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\freetype6.dll - ModLoad: 66fc0000 67034000 C:\Program Files\Common Files\GTK\2.0\bin\freetype6.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\zlib1.dll - ModLoad: 007d0000 007e3000 C:\Program Files\Common Files\GTK\2.0\bin\zlib1.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libpng13.dll - ModLoad: 67580000 675b6000 C:\Program Files\Common Files\GTK\2.0\bin\libpng13.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libxml2.dll - ModLoad: 007f0000 008e8000 C:\Program Files\GIMP-2.0\bin\libxml2.dll ModLoad: 71ad0000 71ad9000 C:\WINDOWS\system32\WSOCK32.DLL *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libpango-1.0-0.dll - ModLoad: 64280000 642b9000 C:\Program Files\Common Files\GTK\2.0\bin\libpango-1.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libpangocairo-1.0-0.dll - ModLoad: 6c1c0000 6c1cd000 C:\Program Files\Common Files\GTK\2.0\bin\libpangocairo-1.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libpangowin32-1.0-0.dll - ModLoad: 69f80000 69f8f000 C:\Program Files\Common Files\GTK\2.0\bin\libpangowin32-1.0-0.dll ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll - ModLoad: 60480000 6077f000 C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libatk-1.0-0.dll - ModLoad: 008f0000 0090c000 C:\Program Files\Common Files\GTK\2.0\bin\libatk-1.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libgimpcolor-2.0-0.dll - ModLoad: 69bc0000 69bd0000 C:\Program Files\GIMP-2.0\bin\libgimpcolor-2.0-0.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\libart_lgpl_2-2.dll - ModLoad: 00910000 0092c000 C:\Program Files\GIMP-2.0\bin\libart_lgpl_2-2.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\bin\libpangoft2-1.0-0.dll - ModLoad: 6c400000 6c427000 C:\Program Files\Common Files\GTK\2.0\bin\libpangoft2-1.0-0.dll (1654.d88): Break instruction exception - code 80000003 (first chance) eax=00341eb4 ebx=7ffde000 ecx=00000004 edx=00000010 esi=00341f48 edi=00341eb4 eip=7c901230 esp=0022fb20 ebp=0022fc94 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!DbgBreakPoint: 7c901230 cc int 3 >>> >>> Breakpoints shown found from public functions and from disassembly of ALLCHR32 and searching for FLDCW instruction] >>> 0:000> bl 0 eu 0001 (0001) (allchr32!SetKeyboardHook) 1 eu 0001 (0001) (allchr32!RemoveKeyboardHook) 2 eu 0001 (0001) (allchr32!GetDllIdentStr) 3 eu 0001 (0001) (allchr32!ResetActions) 4 eu 0001 (0001) (ALLCHR32!SetKeyboardHook) 5 eu 0001 (0001) (ALLCHR32!RemoveKeyboardHook) 6 eu 0001 (0001) (ALLCHR32!GetDllIdentStr) 7 eu 0001 (0001) (ALLCHR32!ResetActions) 8 eu 0001 (0001) (ALLCHR32+0x28eb) 9 eu 0001 (0001) (ALLCH32+0x8639) 10 eu 0001 (0001) (ALLCHR32+0x86c3) >>> >>> Continue debugger >>> 0:000> g ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.DLL ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll ModLoad: 773d0000 774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ModLoad: 5d090000 5d127000 C:\WINDOWS\system32\comctl32.dll ModLoad: 74720000 7476b000 C:\WINDOWS\system32\MSCTF.dll ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll ModLoad: 76fd0000 7704f000 C:\WINDOWS\system32\CLBCATQ.DLL ModLoad: 77050000 77115000 C:\WINDOWS\system32\COMRes.dll ModLoad: 77120000 771ac000 C:\WINDOWS\system32\OLEAUT32.dll ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll ModLoad: 746f0000 7471a000 C:\WINDOWS\System32\msimtf.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.4.0\engines\libwimp.dll - ModLoad: 61a40000 61a51000 C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.4.0\engines\libwimp.dll ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.4.0\loaders\libpixbufloader-png.dll - ModLoad: 67c40000 67c4a000 C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.4.0\loaders\libpixbufloader-png.dll ModLoad: 73b30000 73b45000 C:\WINDOWS\system32\mscms.dll ModLoad: 73000000 73026000 C:\WINDOWS\system32\WINSPOOL.DRV ModLoad: 66e90000 66ed1000 C:\WINDOWS\system32\icm32.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\GTK\2.0\lib\pango\1.5.0\modules\pango-basic-win32.dll - ModLoad: 014d0000 014da000 C:\Program Files\Common Files\GTK\2.0\lib\pango\1.5.0\modules\pango-basic-win32.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_colorblind.dll - ModLoad: 61c40000 61c4a000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_colorblind.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_gamma.dll - ModLoad: 633c0000 633ca000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_gamma.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_highcontrast.dll - ModLoad: 60b80000 60b8a000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_highcontrast.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_proof.dll - ModLoad: 63440000 6344a000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcdisplay_proof.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\bin\liblcms-1.dll - ModLoad: 01510000 01537000 C:\Program Files\GIMP-2.0\bin\liblcms-1.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_cmyk.dll - ModLoad: 6a080000 6a089000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_cmyk.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_triangle.dll - ModLoad: 64300000 6430b000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_triangle.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_water.dll - ModLoad: 6eec0000 6eeca000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolorsel_water.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcontroller_midi.dll - ModLoad: 61300000 6130a000 C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcontroller_midi.dll ModLoad: 77920000 77a13000 C:\WINDOWS\system32\SETUPAPI.dll ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\netapi32.dll >>> >>> Manually break and query status of FPCW >>> (1654.130c): Break instruction exception - code 80000003 (first chance) eax=7ffde000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005 eip=7c901230 esp=024bffcc ebp=024bfff4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 ntdll!DbgBreakPoint: 7c901230 cc int 3 0:002> ? fpcw Evaluate expression: 639 = 0000027f >>> >>> 27f is Windows default >>> 0:002> g >>> >>> Normal execution continues. >>> A file is loaded through File, Open >>> The file loads OK. From the menu, Image -> Scale Image is selected. >>> Units changed from pixels to percent. >>> The mouse is moved into the top text field and clicked. >>> A key is pressed. At this point, as soon as a key is pressed, ALLCHR32 is 'injected' into the process. >>> *** WARNING: Unable to verify checksum for C:\Program Files\AllChars\ALLCHR32.DLL *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\AllChars\ALLCHR32.DLL - ModLoad: 024b0000 024c1000 C:\Program Files\AllChars\ALLCHR32.DLL >>> >>> Breakpoint 8 is hit >>> Breakpoint 8 hit eax=00000000 ebx=00000002 ecx=0022f33c edx=7c90eb94 esi=00000009 edi=024b9868 eip=024b28eb esp=0022f368 ebp=0022f378 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246 ALLCHR32+0x28eb: 024b28eb d92d00a04b02 fldcw [ALLCHR32!ResetActions+0x7d0 (024ba000)] ds:0023:024ba000=c08b1332 0:000> ? fpcw Evaluate expression: 895 = 0000037f >>> >>> Trace over FLDCW instruction >>> 0:000> t eax=00000000 ebx=00000002 ecx=0022f33c edx=7c90eb94 esi=00000009 edi=024b9868 eip=024b28f1 esp=0022f368 ebp=0022f378 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246 ALLCHR32+0x28f1: 024b28f1 c3 ret 0:000> ? fpcw Evaluate expression: 4978 = 00001372 >>> >>> FPCW has changed from Windows' default. >>> By default, Windows will ignore floating point exceptions >>> (which is the IEEE standard). Now that the FPCW has been altered, any floating >>> point exception could trigger an application crash. Or, not quite. Because >>> the exception catching doesn't work like that ... it's the NEXT floating >>> point instruction AFTER the one which which went wrong which triggers an exception - >>> thus making recovery impossible... >>> >>> Continue the program ... scale operation completes, followed by crash. >>> 0:000> g (1654.d88): Unknown exception - code c000008e (first chance) (1654.d88): Unknown exception - code c000008e (!!! second chance !!!) eax=0022e460 ebx=00000176 ecx=0022e3e0 edx=2cd30000 esi=0022e49c edi=00261fcc eip=66e9426a esp=0022e3b0 ebp=0022e418 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 icm32!NormalizeColor+0x40: 66e9426a d8c9 fmul st,st(1) 0:000> ? fpcw Evaluate expression: 4978 = 00001372 Closing open log file c:\gimpdbg2.log
*** Bug 313546 has been marked as a duplicate of this bug. ***
*** Bug 304326 has been marked as a duplicate of this bug. ***
*** Bug 456391 has been marked as a duplicate of this bug. ***
*** Bug 503851 has been marked as a duplicate of this bug. ***
Summary of this bug report for those who check for duplicates and do not have the time to read the analysis in comment #9 or the other useful comments in the duplicate bug reports: * Some libraries like icm32.dll may occasionally attempt a floating point division by zero. This is not a problem because the result is then marked as invalid (NaN) and the code can deal with that later. So most users never see a problem in these cases. * A few users have installed tools like virtual desktop managers, special graphics drivers or accessibility enhancements. These tools are indirectly loaded in GTK+ programs via keyboard hooks, calls from other DLLs, video codecs and other mechanisms. Some of these tools incorrectly modify the CPU flags and cause the floating point exceptions to become fatal errors (this is usually caused by tools compiled with Borland C/C++ or Delphi, using cbt.dll). * As a result, the code in icm32.dll (or other libraries) that was previously working fine is now causing a fatal error for these users, because of this bad combination of tools and libraries. A workaround for these users is to check if they have installed any tools to "make their life easier" and see if the crash still occurs when these tools are uninstalled or disabled. The usual culprits are virtual desktop managers, keyboard enhancements or special audio or video codecs. See the duplicate bug reports and duplicates of duplicates for a list of culprits. Although the problem is not in GTK+ or in the applications using it, there may be a way to implement a workaround similar to the one implemented by VirtualDub: wrap all direct or indirect calls to external libraries with calls to routines that save and fix the state of the FPU flags before calling the external code. This is not a trivial task because it can occur in many places like setting a cursor, loading some icons, etc. But this could solve the problems described here.
*** Bug 549491 has been marked as a duplicate of this bug. ***
*** Bug 568283 has been marked as a duplicate of this bug. ***
Bug 568283 is about gtk 2.12. Updating version.
Closing as per comment 9