search

win32ss / supermium

Chromium fork for Windows XP/2003 and up
https://win32subsystem.live/supermium/
BSD 3-Clause "New" or "Revised" License
2.35k stars 79 forks source link

Status Breakpoint errors when using "Force GDI font rendering" #120

Closed matthewadamsdk closed 3 months ago

matthewadamsdk commented 10 months ago

When I choose Force GDI font rendering in chrome://flags, I'm getting a whole lot of these error messages when I try to open specific homepages (not all webpages, just some - but often enough to be quite irritating).

aw-snap

When I disable "Force GDI font rendering" the problem goes away.

When I use Cent Browser WITH GDI font rendering, this problem doesn't occur when I open the same webpages.

win32ss commented 10 months ago

Dump files should be created in Users\%username%\AppData\Local\Supermium\User Data\Crashpad\reports. They should tell us everything about what happened.

matthewadamsdk commented 10 months ago

Here's the latest dump file from when this happened (just a minute ago). I used WinDbg to read the dmp file and export as .dml - hope this is the right way to go about it.

<DmlText>
************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----&gt; Repository : LocalInstalled, Enabled: true
      ----&gt; Repository : UserExtensions, Enabled: true

&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.218 seconds
   ----&gt; Repository : UserExtensions, Enabled: true, Packages count: 0
   ----&gt; Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\matt1777\AppData\Local\Supermium\User Data\Crashpad\reports\852bfabe-1a45-4f29-9432-b51afc330e83.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Version 22631 (2861) MP (8 procs) Free x64
Product: WinNt
Edition build lab: Windows NT 10.0.22631.2861
Debug session time: Wed Dec 13 21:01:55.000 2023 (UTC + 1:00)
System Uptime: not available
Process Uptime: 0 days 0:00:25.000
............................................
Loading unloaded module list
.
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
For analysis of this file, run <link alt="!analyze -v" cmd="!analyze -v"><u>!analyze -v</u></link>
*** WARNING: Unable to verify checksum for ntdll.dll
ntdll!NtDelayExecution+0x14:
00007ffd`08e8f9f4 c3              ret
</DmlText>
win32ss commented 10 months ago

Unfortunately, no.

You should run !analyze -v in WinDbg to obtain the call stack.

Alternatively, the dump files could be sent to me, but I understand if you don't want to do so for privacy reasons. I will be satisfied with the call stack.

matthewadamsdk commented 10 months ago

Ran the !analyze -v command and copied the result to a text file - hope this is ok. If there's a smarter way to post the results I'd love to know.

dump-file.txt

matthewadamsdk commented 10 months ago

Maybe this helps?

# RetAddr               : Args to Child                                                           : Call Site
00 00007ffd`08e451b3     : 00000000`00000000 00006e4f`00485150 00000000`00000000 00000000`00000003 : ntdll!NtDelayExecution+0x14
01 00007ffd`061a506d     : 00000000`00000000 00007ffc`202a5f54 00000090`279fadd0 00007ffc`25133474 : ntdll!RtlDelayExecution+0x43
02 00007ffc`dd1daa07     : 00000000`00000000 00007ffc`00000000 ffffffff`dc3cba00 00000090`279faf98 : KERNELBASE!SleepEx+0x7d
03 00007ffc`dd1b9755     : 00000090`279fdc28 00007ffc`2cfe808c 00000090`279fb050 00000000`00000000 : chrome_elf!DumpHungProcessWithPtype_ExportThunk+0x21247
04 00007ffc`2649a0f5     : 00000001`00000000 45300000`00000071 00000000`00000000 00007ffc`24f7ec05 : chrome_elf!CrashForException_ExportThunk+0x15
05 00007ffd`08e9441f     : 00000090`279fb050 00007ffc`1fb80000 00000000`00000000 00000090`279fbc30 : chrome!CrashForExceptionInNonABICompliantCodeRange+0x35
06 00007ffd`08e0e466     : 00000090`279fbc30 00007ffc`1fb80000 00007ffc`24f7ec05 00007ffc`2cfe808c : ntdll!RtlpExecuteHandlerForException+0xf
07 00007ffd`08e9340e     : 00000000`00000000 00000000`00000000 00000090`279fc4e0 00000000`00000000 : ntdll!RtlDispatchException+0x286
08 00007ffc`26daec25     : 000001bd`aa827cd0 00450020`00490055 0069006a`006f006d 00000000`00000000 : ntdll!KiUserExceptionDispatch+0x2e
09 00007ffc`26daeb76     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome!CrashForExceptionInNonABICompliantCodeRange+0x914b65
0a 00007ffc`25168ca2     : 00000000`00000000 000001bd`aad809d8 000001bd`aa851010 00000090`279fc920 : chrome!CrashForExceptionInNonABICompliantCodeRange+0x914ab6
0b 00007ffc`2b4351d4     : aaaaaaaa`00000000 00000000`00000000 00000000`00000001 00000000`00000001 : chrome!IsSandboxedProcess+0x25b0782
0c 00007ffc`22fad9d8     : ffffffff`84011977 00007ffc`0049414e 00005f4e`0049414e 00000000`00000018 : chrome!sqlite3_dbdata_init+0x2ecf274
0d 00007ffc`2005fcde     : aaaaaaaa`aaaaaaaa 00aaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : chrome!IsSandboxedProcess+0x3f54b8
0e 00007ffc`20056781     : 000014f0`00a2cac0 000014f0`00ed4380 00005f4e`c123ecd1 00007ffc`2cc03640 : chrome+0x4dfcde
0f 00007ffc`24a144e6     : 000014f0`00e2e140 00007ffc`24c376b6 00000090`279fd2c0 00007ffc`1fb8987a : chrome+0x4d6781
10 00007ffc`24a105d5     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome!IsSandboxedProcess+0x1e5bfc6
11 00007ffc`20f74fe8     : 00000000`00000005 00000000`00000018 00007ffc`2cc77a30 00000000`00000000 : chrome!IsSandboxedProcess+0x1e580b5
12 00007ffc`212dcf2f     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`00000000 00007ffc`2cc908b0 : chrome!ChromeMain+0x7f00c8
13 00007ffc`212dc99c     : 00000090`279fd7b8 00007ffc`212dcb16 00000000`00000000 00000000`00000000 : chrome!ChromeMain+0xb5800f
14 00007ffc`212dc7d3     : 00000090`279fd7f8 00007ffc`29e1c6a9 000014f0`0028e420 00007ffc`25132fcf : chrome!ChromeMain+0xb57a7c
15 00007ffc`21b47b75     : 00005f4e`00000001 000001c6`0065ecb1 000001c6`00000795 ffffffd7`279fd920 : chrome!ChromeMain+0xb578b3
16 00007ffc`2373c0a8     : 4072c000`00000000 00007ffc`24254b83 45300000`43300000 00000000`00000000 : chrome!ChromeMain+0x13c2c55
17 00007ffc`24f7ec05     : 00000000`00000000 00000000`00000024 00000000`00000048 00000000`0000006c : chrome!IsSandboxedProcess+0xb83b88
18 00007ffc`24f7cbaa     : 000001c6`0065ce29 00000000`00000006 000001c6`00644161 000001c6`0050fe55 : chrome!IsSandboxedProcess+0x23c66e5
19 00007ffc`24f7cbaa     : 000001c6`00644119 000001c6`0050fe55 000001c6`0065ecb1 000001c6`0065ecc9 : chrome!IsSandboxedProcess+0x23c468a
1a 00007ffc`24f7cbaa     : 000001c6`00644119 000001c6`0050fe55 000001c6`0065a461 000001c6`0050e08d : chrome!IsSandboxedProcess+0x23c468a
1b 00007ffc`2502d40f     : 000001c6`00644119 000001c6`0065a461 00000000`00000000 000001c6`0050e05d : chrome!IsSandboxedProcess+0x23c468a
1c 00007ffc`24f7cbaa     : 000001c6`0050e05d 000001c6`005103d1 000001c6`0050e401 000001c6`005103d1 : chrome!IsSandboxedProcess+0x2474eef
1d 00007ffc`24f7cbaa     : 000001c6`00644119 000001c6`0050e05d 000001c6`0050e06d 000001c6`0050e08d : chrome!IsSandboxedProcess+0x23c468a
1e 00007ffc`24f7a7dc     : 000001c6`00644119 000001c6`00000219 000001c6`0065a66d 00000000`0000002c : chrome!IsSandboxedProcess+0x23c468a
1f 00007ffc`24f7a3db     : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : chrome!IsSandboxedProcess+0x23c22bc
20 00007ffc`24033364     : 00000000`0000000c 00005f4e`c123c261 000014f0`00910000 000001c6`0065a68d : chrome!IsSandboxedProcess+0x23c1ebb
21 00007ffc`203800bf     : 00000000`00000000 00000000`00000000 00000000`00000000 00007ffc`2513d774 : chrome!IsSandboxedProcess+0x147ae44
22 00007ffc`2037fa43     : 00000090`00000000 00000000`00000001 000014f0`00920030 000014f0`00910000 : chrome+0x8000bf
23 00007ffc`2037c075     : aaaaaaaa`aaaaaaaa 00007ffc`248b7100 aaaaaaaa`aaaaaaaa 00000000`00000000 : chrome+0x7ffa43
24 00007ffc`2037b758     : aaaaaaaa`00000010 00007ffc`1ff378fc 00000090`279fe8b8 00000000`00000000 : chrome+0x7fc075
25 00007ffc`2037b535     : 00000000`00000000 00000000`00000000 45300000`43300000 00000000`00000000 : chrome+0x7fb758
26 00007ffc`2037abca     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : chrome+0x7fb535
27 00007ffc`2037a9ad     : 43300000`00000000 45300000`00000000 00000000`00000000 00005f4e`c123c631 : chrome+0x7fabca
28 00007ffc`233bc93b     : 00000000`00000000 00000000`00000000 00000000`00000001 000014f0`0022a518 : chrome+0x7fa9ad
29 00007ffc`241ccb65     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome!IsSandboxedProcess+0x80441b
2a 00007ffc`24b383db     : 000014f0`00be1610 00000000`00000000 00000000`00000000 00000000`0000049c : chrome!IsSandboxedProcess+0x1614645
2b 00007ffc`20464f1b     : 00007ffc`2cb7a008 00000000`00000008 00007ffc`24a6e1a0 00007ffc`24559c65 : chrome!IsSandboxedProcess+0x1f7febb
2c 00007ffc`2048991a     : 000014f0`00be1040 000014f0`00bc11e0 000014f0`00bc11f8 00000090`279ff820 : chrome+0x8e4f1b
2d 00007ffc`20488536     : 00005f4e`00000010 00007ffd`061d9ea7 00000090`279ff960 00000090`279ff970 : chrome+0x90991a
2e 00007ffc`1fc4b5e9     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome+0x908536
2f 00007ffd`06cf257d     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : chrome+0xcb5e9
30 00007ffd`08e4aa58     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d
31 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28
win32ss commented 10 months ago

This is good enough. I can see which code triggered the assert/breakpoint (and why it asserted).

win32ss commented 10 months ago

So it turns out that it tries to call ScriptItemize from usp10.dll, but fails to delay-load usp10.dll. Windows 11 should have that DLL available, though. This function is successfully called on Windows 10 1809.

If it works with --no-sandbox applied, then it is a process mitigation flag issue (but if so, then it shouldn't have called any GDI function successfully). Ultimately I will have to replace the function.

matthewadamsdk commented 10 months ago

I added --no-sandbox , and hey presto - the afflicted website doesn't crash any more.

Even with --no-sandbox , GDI Font Rendering still works... :-)

When I find the time, I'll have to google "a process mitigation flag issue" ;-)

babanga commented 10 months ago

GDI Font Rendering still works... :-)

But what's the point of having it with the skewed text position?

222 111 (^ gifs, click to see)

win32ss commented 9 months ago

I only noticed offset text on UI elements (most of them, drop-down menus seemed correct to me) but not on web pages. I've been working on correcting the UI elements.