[Bug 8892] CityInfo 2.7 crash on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Feb 15 17:55:25 CST 2008 

http://bugs.winehq.org/show_bug.cgi?id=8892


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #19 from Anastasius Focht <focht at gmx.net>  2008-02-15 17:55:23 ---
Hello,

target is Delphi App (hence the 0xeedfade exception code) packed with Aspack
2.11 

The first bug encountered is mshtml insufficiency...

--- snip ---
..
0009:fixme:mshtml:HTMLBodyElement_put_scroll (0x164cf00)->(L"auto")
0009:Call ole32.GetErrorInfo(00000000,0034fc70) ret=004748c6
0009:Ret  ole32.GetErrorInfo() retval=00000001 ret=004748c6
0009:Call
KERNEL32.FormatMessageA(00003000,00000000,80004001,00000000,0034fab4,00000100,00000000)
ret=0040de44
0009:Ret  KERNEL32.FormatMessageA() retval=00000000 ret=0040de44
0009:Call user32.LoadStringA(00400000,0000ff0f,0034f7ac,00000400) ret=00406e06
0009:Ret  user32.LoadStringA() retval=0000000e ret=00406e06
0009:Call KERNEL32.RaiseException(0eedfade,00000001,00000007,0034fc24)
ret=0050bb59
0009:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b841540
0009:trace:seh:raise_exception  info[0]=0050bb59
0009:trace:seh:raise_exception  info[1]=0088d914
0009:trace:seh:raise_exception  info[2]=80004001
0009:trace:seh:raise_exception  info[3]=0050bb59
0009:trace:seh:raise_exception  info[4]=0059150c
0009:trace:seh:raise_exception  info[5]=0034fc74
0009:trace:seh:raise_exception  info[6]=0034fc40
0009:trace:seh:raise_exception  eax=7b82c259 ebx=7b8ad884 ecx=00000000
edx=0034fc24 esi=0034fc24 edi=0034fba0
0009:trace:seh:raise_exception  ebp=0034fb88 esp=0034fb24 cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00200212
0009:trace:seh:call_stack_handlers calling handler at 0x474980 code=eedfade
flags=1
0009:trace:seh:call_stack_handlers handler at 0x474980 returned 1
..
--- snip ---

You can work around it with following patch:

--- snip ---
diff --git a/dlls/mshtml/htmlbody.c b/dlls/mshtml/htmlbody.c
index d3bbfd0..a6df494 100644
--- a/dlls/mshtml/htmlbody.c
+++ b/dlls/mshtml/htmlbody.c
@@ -325,7 +325,7 @@ static HRESULT WINAPI
HTMLBodyElement_put_scroll(IHTMLBodyElement *iface, BSTR v
 {
     HTMLBodyElement *This = HTMLBODY_THIS(iface);
     FIXME("(%p)->(%s)\n", This, debugstr_w(v));
-    return E_NOTIMPL;
+    return S_OK;
 }

 static HRESULT WINAPI HTMLBodyElement_get_scroll(IHTMLBodyElement *iface, BSTR
*p)
--- snip ---

The second bug is the real showstopper...

--- snip ---
..
0023:Call
advapi32.CryptImportKey(0014d030,0296263c,00000138,001820c0,00000000,0034fdd0)
ret=005461ce
0023:trace:crypt:CryptImportKey (0x14d030, 0x296263c, 312, 0x1820c0, 00000000,
0x34fdd0)
0023:Call
rsaenh.CPImportKey(00000001,0296263c,00000138,00000003,00000000,01d54124)
ret=604cd76b
0023:trace:crypt:RSAENH_CPImportKey (hProv=00000001, pbData=0x296263c,
dwDataLen=312, hPubKey=00000003, dwFlags=00000000, phKey=0x1d54124)
0023:Ret  rsaenh.CPImportKey() retval=00000000 ret=604cd76b
0023:Ret  advapi32.CryptImportKey() retval=00000000 ret=005461ce
0023:Call KERNEL32.GetLastError() ret=0040fdaf
0023:Ret  KERNEL32.GetLastError() retval=80090005 ret=0040fdaf
0023:Call
KERNEL32.FormatMessageA(00003000,00000000,80090005,00000000,0034fb8c,00000100,00000000)
ret=0040de44
0023:Ret  KERNEL32.FormatMessageA() retval=00000000 ret=0040de44
0023:Call user32.LoadStringA(00400000,0000ffca,0034f844,00000400) ret=00406e06
0023:Ret  user32.LoadStringA() retval=0000001c ret=00406e06
0023:Call KERNEL32.RaiseException(0eedfade,00000001,00000007,0034fc78)
ret=0040fe0a
0023:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b841540
0023:trace:seh:raise_exception  info[0]=0040fe0a
0023:trace:seh:raise_exception  info[1]=022173e4
0023:trace:seh:raise_exception  info[2]=80090005
0023:trace:seh:raise_exception  info[3]=01f96c98
0023:trace:seh:raise_exception  info[4]=0034fdd0
0023:trace:seh:raise_exception  info[5]=0034fcb8
0023:trace:seh:raise_exception  info[6]=0034fc94
0023:trace:seh:raise_exception  eax=7b82c259 ebx=7b8ad884 ecx=00000000
edx=0034fc78 esi=0034fc78 edi=0034fbf0
0023:trace:seh:raise_exception  ebp=0034fbd8 esp=0034fb74 cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00200212
0023:trace:seh:call_stack_handlers calling handler at 0x40fe20 code=eedfade
flags=1
0023:trace:seh:call_stack_handlers handler at 0x40fe20 returned 1
..
--- snip ---

Wine fails to import private RSA key (BLOB).

Dumping the BLOB reveals following:

--- snip ---
xxxxx63c:  07 02 00 00 00 a4 00 00 48 ef 5b 4c 8f ec 74 62
xxxxx64c:  5f 4c fc 07 80 85 8d 35 72 0a 6e 56 5f e7 8e 40
xxxxx65c:  fb f1 dd 3b 1e 07 cc b3 af b0 4a d0 18 e9 76 3a
xxxxx66c:  de 6c 84 a2 f2 9b 7d 01 f2 4d 62 3f 02 af 2b 9e
xxxxx67c:  24 a8 ca 11 2e 8a 39 76 82 ba b7 18 70 50 cc 46
xxxxx68c:  52 0c 8a 0e d0 7b 36 26 f0 39 5b 95 08 f5 67 92
xxxxx69c:  0d 38 ae fb ef c0 8e ae 84 3b b8 fc 28 53 8b 1e
xxxxx6ac:  45 eb 11 45 5e 7f a1 42 1f 87 13 2e 07 24 91 1e
xxxxx6bc:  01 78 8a 16 86 d5 e5 4f 81 65 aa b6 bd da 79 01
xxxxx6cc:  bc cb 99 ce ec 51 fc c4 48 bf 75 8d 76 0b a0 92
xxxxx6dc:  aa 53 b5 9a 39 5e e3 97 2e 8a d7 89 14 f4 db f6
xxxxx6ec:  ff 3f 74 45 89 bb 12 6a 6c 52 a3 36 0e a6 ef 0b
xxxxx6fc:  1e 15 ee 13 a8 05 73 7b ff e1 02 ee 6c 41 4a f7
xxxxx70c:  d5 f3 a6 e4 52 07 1f ba b7 f3 80 37 50 8d d0 a3
xxxxx71c:  d1 e1 6b 99 9c ab 97 a3 a0 36 ae 46 de 9f 6c 7e
xxxxx72c:  fa db 70 2a 3a ed 09 c6 c2 c0 76 db 73 80 76 ed
xxxxx73c:  99 d6 53 c7 ce 19 90 12 fc db cc 8b ed ff 3b e4
xxxxx74c:  51 1d 55 40 4e 8b d0 89 c9 a6 89 e2 37 c0 36 e8
xxxxx75c:  c8 18 7a 20 1d 03 55 5d 7d 76 bc 9f e8 c6 69 0b
xxxxx76c:  bc f7 3c 46 58 ac fe af
--- snip ---

typedef struct _PUBLICKEYSTRUC {
    BYTE   bType;    // 0x07 (PRIVATEKEYBLOB)
    BYTE   bVersion; // 0x02 (CUR_BLOB_VERSION)
    WORD   reserved; // 0x0000
    ALG_ID aiKeyAlg; // 0x0000a400 (CALG_RSA_KEYX)
} BLOBHEADER, PUBLICKEYSTRUC;

The type is PRIVATEKEYBLOB which indicates that RSAPUBKEY should follow the
header:

typedef struct _RSAPUBKEY {
    DWORD   magic;
    DWORD   bitlen;
    DWORD   pubexp;
} RSAPUBKEY; 

Wine's RSAENH_CPImportKey() looks at the magic of RSAPUBKEY for 'RSA2' in
PRIVATEKEYBLOB case and gives up if not found:

--- snip dlls/rsaenh/rsaenh.c ---
BOOL WINAPI RSAENH_CPImportKey(HCRYPTPROV hProv, CONST BYTE *pbData, DWORD
dwDataLen, 
                               HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY
*phKey)
{ 
...

    switch (pBlobHeader->bType)
    {
        case PRIVATEKEYBLOB:    
            if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) || 
                (pRSAPubKey->magic != RSAENH_MAGIC_RSA2) ||
                (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + 
                    (2 * pRSAPubKey->bitlen >> 3) + (5 *
((pRSAPubKey->bitlen+8)>>4)))) 
            {
                SetLastError(NTE_BAD_DATA);
                return FALSE;
            }  
...
--- snip dlls/rsaenh/rsaenh.c ---

My educated guess: the key BLOB is encrypted (except the BLOBHEADER of course)
and should be properly decrypted before further processing.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list