[Bug 27033] crash while installing usb-over-network-client.msi
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat May 14 14:20:49 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=27033
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |Installer
Status|UNCONFIRMED |NEW
CC| |focht at gmx.net
Component|-unknown |setupapi
Ever Confirmed|0 |1
--- Comment #2 from Anastasius Focht <focht at gmx.net> 2011-05-14 14:20:48 CDT ---
Hello,
the installer creates and tries to start "ftusbsrvc" service which crashes.
To reproduce without messing the whole WINEPREFIX, set the "Start" DWORD value
of the service from "2" to "3" (manual start).
HKLM\System\CurrentControlSet\Services\ftusbsrvc
WINEDEBUG=+tid,+seh,+loaddll,+process,+setupapi wine net start ftusbsrvc
--- snip ---
...
The USB over Network (Client) service service is starting.
0015:trace:process:create_process_impl app (null) cmdline
L"C:\\windows\\system32\\ftusbsrvc.exe"
...
0015:trace:process:create_process_impl starting
L"C:\\windows\\system32\\ftusbsrvc.exe" as Win32 binary (0x400000-0x590000)
...
0015:trace:process:create_process_impl started process pid 0021 tid 0022
...
0022:trace:setupapi:SetupDiGetClassDevsExW
{a93d7ea5-df4c-4f5b-91cf-4ded03ca862d} (null) (nil) 0x00000012 (nil) (null)
(nil)
0022:warn:setupapi:SetupDiGetClassDevsExW unsupported flags 00000002
0022:trace:setupapi:SetupDiCreateDeviceInfoListExW
{a93d7ea5-df4c-4f5b-91cf-4ded03ca862d} (nil) (null) (nil)
0022:trace:setupapi:SETUPDI_EnumerateInterfaces 0x12f628,
{a93d7ea5-df4c-4f5b-91cf-4ded03ca862d}, (null), 00000012
0022:trace:setupapi:SetupDiEnumDeviceInterfaces 0x12f628, (nil),
{a93d7ea5-df4c-4f5b-91cf-4ded03ca862d}, 0, 0x33f724
0022:trace:setupapi:SetupDiGetDeviceInterfaceDetailW (0x12f628, 0x33f724,
(nil), 0, 0x33f710, (nil))
0022:trace:seh:raise_exception code=c0000005 flags=0 addr=0x687cbcb1
ip=687cbcb1 tid=0022
0022:trace:seh:raise_exception info[0]=00000000
0022:trace:seh:raise_exception info[1]=45455246
0022:trace:seh:raise_exception eax=45455246 ebx=68802ff4 ecx=00000000
edx=7bcc35a8 esi=0012f628 edi=0033f774
0022:trace:seh:raise_exception ebp=0033f66c esp=0033f65c cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00210206
...
wine: Unhandled page fault on read access to 0x45455246 at address 0x687cbcb1
(thread 0022), starting debugger...
...
Backtrace:
=>0 0x687cbcb1 lstrlenW+0x15(str=*** invalid address 0x45455246 ***)
[/opt/projects/wine/wine-git/include/winbase.h:2268] in setupapi (0x0033f66c)
1 0x687d2b80 SetupDiGetDeviceInterfaceDetailW+0x179(DeviceInfoSet=0x12f628,
DeviceInterfaceData=0x33f724, DeviceInterfaceDetailData=(nil),
DeviceInterfaceDetailDataSize=0, RequiredSize=0x33f710, DeviceInfoData=(nil))
[/opt/projects/wine/wine-git/dlls/setupapi/devinst.c:3039] in setupapi
(0x0033f6dc)
2 0x0040afa8 in ftusbsrvc (+0xafa7) (0x687d2621)
0x687cbcb1 lstrlenW+0x15 [/opt/projects/wine/wine-git/include/winbase.h:2268]
in setupapi: movzwl 0x0(%eax),%eax
2268 while (*s) s++;
--- snip ---
The problem arises due to bad application code.
Maybe the app developers need to drink more beer to improve code quality (see
bug 27162 for possible fix).
The following app code illustrates the problem (I added comments for better
understanding):
--- snip ---
...
mov edx, [edi+44h]
lea ecx, [esp+28h]
push ecx ; PSP_DEVICE_INTERFACE_DATA
push 0
push ebx
push 0
push esi
mov dword ptr [esp+3Ch], 1Ch ; sizeof(SP_DEVICE_INTERFACE_DATA)
call edx ; setupapi.SetupDiEnumDeviceInterfaces()
test eax, eax
jnz short label1
call ds:GetLastError ; lack of alcohol caused this
label1:
mov edx, [edi+48h]
push 0 ; PSP_DEVINFO_DATA DeviceInfoData
lea eax, [esp+18h]
push eax ; PDWORD RequiredSize
push 0
push 0 ; PSP_DEVICE_INTERFACE_DETAIL_DATA_W
DeviceInterfaceDetailData
lea ecx, [esp+38h]
push ecx ; PSP_DEVICE_INTERFACE_DATA
DeviceInterfaceData
push esi ; HDEVINFO DeviceInfoSet
call edx ;
setupapi.SetupDiGetDeviceInterfaceDetailW()
test eax, eax
jz short label2
...
--- snip ---
The app simply ignores any setupapi.SetupDiEnumDeviceInterfaces() error
condition and proceeds with setupapi.SetupDiGetDeviceInterfaceDetailW().
Wine accesses the "DeviceInterfaceData->Reserved" member which just points to
uninitialized (stack) area, leading to crash.
--- snip dlls/setupapi/devinst.c ---
BOOL WINAPI SetupDiGetDeviceInterfaceDetailW(
HDEVINFO DeviceInfoSet,
PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData,
PSP_DEVICE_INTERFACE_DETAIL_DATA_W DeviceInterfaceDetailData,
DWORD DeviceInterfaceDetailDataSize,
PDWORD RequiredSize,
PSP_DEVINFO_DATA DeviceInfoData)
{
...
info = (struct InterfaceInfo *)DeviceInterfaceData->Reserved;
if (info->symbolicLink)
bytesNeeded += sizeof(WCHAR)*lstrlenW(info->symbolicLink);
...
--- snip dlls/setupapi/devinst.c ---
Because most applications will call SetupDiEnumDeviceInterfaces() (in a loop)
before SetupDiGetDeviceInterfaceDetail() I suggest you zero/reset the
"DeviceInterfaceData->Reserved" field member if no enumerated interface was
found to work around stupid application code like this.
I already tested this and it prevents the service crash.
Though the installer still fails due to another (msi) bug.
$ sha1sum usb-over-network-client.msi
a580cee5660348a80892ed008954345dddb4e3cb usb-over-network-client.msi
$ wine --version
wine-1.3.20
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list