[Bug 34943] New: Visual C++ 2010 Express web installer exits silently during download of prerequisites

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Nov 18 17:11:56 CST 2013 

http://bugs.winehq.org/show_bug.cgi?id=34943

             Bug #: 34943
           Summary: Visual C++ 2010 Express web installer exits silently
                    during download of prerequisites
           Product: Wine
           Version: 1.7.6
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: winhttp
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello folks,

might be a regression ...
I remember the download of prerequisites was pretty stable some time ago (after
months of instabilities).

Writes past the end of buffer.

--- snip ---
Unhandled exception: page fault on write access to 0x00473000 in 32-bit code
(0xf74a6bc8).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:f74a6bc8 ESP:043be934 EBP:043be978 EFLAGS:00010202(  R- --  I   - - - )
 EAX:02550d80 EBX:f74d7b30 ECX:00000f58 EDX:00472fa0
 ESI:00017000 EDI:00000080
Stack dump:
0x043be934:  003d0f00 7e3e6000 7e3cb069 00472f98
0x043be944:  02550d7c 00001000 7e3cbd95 02550cb0
0x043be954:  00040000 02507e88 043be980 7bcd0000
0x043be964:  043be9f0 00017000 00001000 7bcd0000
0x043be974:  00000000 043be9b8 7e3cbfda 02550cb0
0x043be984:  0045bf98 0002bcc0 00000000 00000001
000c: sel=0067 base=00000000 limit=00000000 16-bit --x
Backtrace:
=>0 0xf74a6bc8 __memcpy_ssse3_rep+0x568() in libc.so.6 (0x043be978)
  1 0x7e3cb069 read_data+0xba(request=0x2550cb0, buffer=0x45bf98, size=0x2bcc0,
read=0x0(nil), async=0x1)
[/home/focht/projects/wine/wine-git/dlls/winhttp/request.c:2119] in winhttp
(0x043be978)
  2 0x7e3cbfda task_read_data+0x3f(task=0x2508508)
[/home/focht/projects/wine/wine-git/dlls/winhttp/request.c:2460] in winhttp
(0x043be9b8)
  3 0x7e3c50fa task_thread+0x1f(param=0x2508508)
[/home/focht/projects/wine/wine-git/dlls/winhttp/request.c:184] in winhttp
(0x043be9e8)
  4 0x7bc8efae worker_thread_proc+0x14a(param=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/ntdll/threadpool.c:114] in ntdll
(0x043bea48)
  5 0x7bc85c04 call_thread_func_wrapper+0xb() in ntdll (0x043bea68)
  6 0x7bc85c4d call_thread_func+0x3e(entry=0x7bc8ee63, arg=0x0(nil),
frame=0x43beb68)
[/home/focht/projects/wine/wine-git/dlls/ntdll/signal_i386.c:2602] in ntdll
(0x043beb48)
  7 0x7bc85be2 call_thread_entry_point+0x11() in ntdll (0x043beb68)
  8 0x7bc8ca58 start_thread+0x165(info=0x81fdcfb8)
[/home/focht/projects/wine/wine-git/dlls/ntdll/thread.c:417] in ntdll
(0x043bf3a8)
  9 0xf75229da start_thread+0xc9() in libpthread.so.0 (0x043bf468)
  10 0xf7454bfe __clone+0x5d() in libc.so.6 (0x00000000)
...
Wine-dbg>frame 1
2120            remove_data( request, count );
Wine-dbg>info locals
0x7e3cb068 read_data+0xba: (043be978)
    request_t* request=0x2550cb0 (parameter [EBP+8])
    void* buffer=0x45bf98 (parameter [EBP+12])
    DWORD size=0x2bcc0 (parameter [EBP+16])
    DWORD* read=0x0(nil) (parameter [EBP+20])
    BOOL async=0x1 (parameter [EBP+24])
    int count=0x1000 (local [EBP-12])
    int bytes_read=0x17000 (local [EBP-16])
--- snip ---

Source of crash:
http://source.winehq.org/git/wine.git/blob/e894c897d52c3e5852498164e246b473e0c6a786:/dlls/winhttp/request.c#l2119

--- snip ---
2105 static BOOL read_data( request_t *request, void *buffer, DWORD size, DWORD
*read, BOOL async )
2106 {
2107     int count, bytes_read = 0;
2108
2109     if (end_of_read_data( request )) goto done;
2110
2111     while (size)
2112     {
2113         if (!(count = get_available_data( request )))
2114         {
2115             if (!refill_buffer( request, async )) goto done;
2116             if (!(count = get_available_data( request ))) goto done;
2117         }
2118         count = min( count, size );
2119         memcpy( (char *)buffer + bytes_read, request->read_buf +
request->read_pos, count );
2120         remove_data( request, count );
2121         if (request->read_chunked) request->read_chunked_size -= count;
2122         size -= count;
2123         bytes_read += count;
2124         request->content_read += count;
2125         if (end_of_read_data( request )) goto done;
2126     }
2127     if (request->read_chunked && !request->read_chunked_size)
refill_buffer( request, async );
...
--- snip ---

$ sha1sum vc_web.exe 
c2d61a5424aa474a169e59199aa2158a858833f6  vc_web.exe

$ du -sh vc_web.exe 
3.2M    vc_web.exe

$ wine --version
wine-1.7.6-273-ga4d8627

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list