[Bug 14358] New: fusion: installation .NET assemblies might fail due to incorrect parsing of CLR metadata structures and tables

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jul 8 11:35:34 CDT 2008 

http://bugs.winehq.org/show_bug.cgi?id=14358

           Summary: fusion: installation .NET assemblies might fail due to
                    incorrect parsing of CLR metadata structures and tables
           Product: Wine
           Version: CVS/GIT
          Platform: PC
               URL: http://www.microsoft.com/downloads/details.aspx?familyid
                    =3c9a983a-ac14-4125-8ba0-d36d67e0f4ad
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net


Hello,

a bug for James Hawkins ... low priority.
Encountered this when I accidentally forgot the .NET 2.0 prerequisite before
Office 2007 installation.
Setup dies in wine's fusion due to bugs in CLR metadata processing while
installing primary interop assemblies for Office into GAC.

--- snip ---
003f:trace:fusion:CreateAssemblyCache (0x32fe9c, 0)
003f:Call ntdll.RtlAllocateHeap(00110000,00000000,00000008) ret=79655027
003f:Ret  ntdll.RtlAllocateHeap() retval=00114ec0 ret=79655027
003f:Ret  fusion.CreateAssemblyCache() retval=00000000 ret=694077de
003f:trace:fusion:IAssemblyCacheImpl_InstallAssembly (0x114ec0, 0,
L"Microsoft.mshtml.dll", (nil))
..
003f:Call KERNEL32.CreateFileW(00115168
L"Microsoft.mshtml.dll",80000000,00000001,00000000,00000003,00000080,00000000)
ret=7965724f
003f:Ret  KERNEL32.CreateFileW() retval=00000038 ret=7965724f
003f:Call
KERNEL32.CreateFileMappingW(00000038,00000000,00000002,00000000,00000000,00000000)
ret=7965728e
003f:Ret  KERNEL32.CreateFileMappingW() retval=0000003c ret=7965728e
003f:Call KERNEL32.MapViewOfFile(0000003c,00000004,00000000,00000000,00000000)
ret=796572c4
003f:Ret  KERNEL32.MapViewOfFile() retval=00440000 ret=796572c4
003f:Call ntdll.RtlImageNtHeader(00440000) ret=796572d6
003f:Ret  ntdll.RtlImageNtHeader() retval=00440080 ret=796572d6
003f:Call ntdll.RtlImageRvaToVa(00440080,00440000,00002008,00000000)
ret=7965736d
003f:Ret  ntdll.RtlImageRvaToVa() retval=00441008 ret=7965736d
003f:Call ntdll.RtlImageRvaToVa(00440080,00440000,001237c4,00000000)
ret=7965739f
003f:Ret  ntdll.RtlImageRvaToVa() retval=005627c4 ret=7965739f
003f:Call ntdll.RtlImageRvaToVa(00440080,00440000,001237e4,00000000)
ret=796573d1
003f:Ret  ntdll.RtlImageRvaToVa() retval=005627e4 ret=796573d1
003f:trace:seh:raise_exception code=c0000005 flags=0 addr=0x602636b3
003f:trace:seh:raise_exception  info[0]=00000000
003f:trace:seh:raise_exception  info[1]=00000000
003f:trace:seh:raise_exception  eax=00000000 ebx=79659168 ecx=00000000
edx=0012c8c0 esi=80131018 edi=00000000
003f:trace:seh:raise_exception  ebp=0032fc08 esp=0032fbec cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00010246
003f:trace:seh:call_stack_handlers calling handler at 0x7b877bc0 code=c0000005
flags=0
wine: Unhandled page fault on read access to 0x00000000 at address 0x602636b3
(thread 003f), starting debugger...
003f:trace:seh:start_debugger Starting debugger "winedbg --auto 62 68"
003f:trace:seh:call_stack_handlers handler at 0x7b877bc0 returned 1
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x602636b3). 
--- snip ---

CLR metadata section header is incorrectly processed (offset calculation).
The version length is rounded to DWORD boundary - this needs to be taken into
account (crash on some assemblies).
Also the CLR metadata tables offset calculation is not correct.

A good crash candidate is "Microsoft.mshtml.dll", the primary interop assembly
(PIA) for mshtml.dll

A good source of information about PE CLR data structures is here:
http://www.ntcore.com/Files/dotnetformat.htm

You might also want to have a look at CFF explorer, one of the rare PE tools
which support .NET/CLR metadata: http://www.ntcore.com/exsuite.php

If you use it on assemblies with large amount of CLR metadata, like
Microsoft.mshtml.dll PIA, it might take lots of time to parse all tables.
It gives you all the info (metadata table offsets/RVA's) for verification of
calculations.

I wrote my own little test which just calls fusion's
IAssemblyCache_InstallAssembly on assemblies to verify my findings/patches.
I'll leave out any patch snippets to give potential patch implementor full
freedom.

For testing purposes you can use the "Office 2003 Update: Redistributable
Primary Interop Assemblies" from Micro$oft support which is available for
download (see URL).
Extract and run 'msiexec -x O2003PIA.msi'.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list