[Bug 34869] New: Microsoft Office 2013 full offline installer crashes on startup (TEB access with NULL TLS array pointer, failure to handle case where only late-bound modules have TLS directory)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Nov 6 17:21:43 CST 2013
http://bugs.winehq.org/show_bug.cgi?id=34869
Bug #: 34869
Summary: Microsoft Office 2013 full offline installer crashes
on startup (TEB access with NULL TLS array pointer,
failure to handle case where only late-bound modules
have TLS directory)
Product: Wine
Version: 1.7.5
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntdll
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Classification: Unclassified
Hello folks,
as the summary says...
--- snip ---
...
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:00b51ce1 ESP:0033c754 EBP:0033c77c EFLAGS:00010282( R- -- I S - - - )
EAX:00000000 EBX:00000000 ECX:00000000 EDX:00cdeac8
ESI:00e4d2a0 EDI:00000001
Stack dump:
0x0033c754: b97c320d 00000001 00e4d2a0 00000000
0x0033c764: 00e58a88 0033c78c 0033c714 0033c798
0x0033c774: 00c54f38 ffffffff 0033c7a4 00b51678
0x0033c784: b97c32d5 00000001 00e4d2a0 00000000
0x0033c794: 0033c784 0033cf04 00c54e11 00000002
0x0033c7a4: 0033c7c0 00a5f68d 00000000 00e3ecf0
000c: sel=0067 base=00000000 limit=00000000 16-bit --x
Backtrace:
=>0 0x00b51ce1 in osetup (+0x3e1ce1) (0x0033c77c)
1 0x00b51678 in osetup (+0x3e1677) (0x0033c7a4)
2 0x00a5f68d in osetup (+0x2ef68c) (0x0033c7c0)
3 0x00a42d02 in osetup (+0x2d2d01) (0x0033cee0)
4 0x00a391d4 in osetup (+0x2c91d3) (0x0033cf10)
5 0x009ae85c in osetup (+0x23e85b) (0x0033f5c4)
6 0x1002d3c7 in setup (+0x2d3c6) (0x0033fcd4)
7 0x1002b0c3 in setup (+0x2b0c2) (0x0033fd74)
8 0x004027f2 in setup (+0x27f1) (0x0033fd90)
9 0x00402eb2 in setup (+0x2eb1) (0x0033fe20)
10 0x7b863d4c call_process_entry+0xb() in kernel32 (0x0033fe38)
...
0x00b51ce1: movl 0x0(%eax,%ecx,4),%edi
Modules:
Module Address Debug info Name (84 modules)
PE 350000- 37f000 Deferred osetupui
PE 400000- 434000 Export setup
PE 770000- e3b000 Export osetup
PE 10000000-100d3000 Export setup
...
Threads:
process tid prio (all id:s are in hex)
...
00000023 (D) E:\setup.exe
00000025 0
00000024 0 <==
--- snip ---
Crashing code:
--- snip ---
Wine-dbg>disas $EIP-0xC
0x00b51cd5: movl %fs:0x2c,%eax
0x00b51cdb: movl 0x00ce69d8,%ecx
0x00b51ce1: movl 0x0(%eax,%ecx,4),%edi
--- snip ---
It's accessing a TEB with NULL TLS array pointer.
Wine's loader only allocates process-wide and per-thread structure for module
TLS storage if at least one of the initial modules has a TLS directory
(LdrInitializeThunk).
Unfortunately no early-bound module has TLS directory/section hence
"tls_module_count" is zero.
The DLL in question is late bound -> MODULE_DllThreadAttach -> alloc_thread_tls
-> (tls_module_count == 0).
Loader info for dll in question:
--- snip ---
...
0030:Call KERNEL32.LoadLibraryExW(00548640
L"E:\\omui.id-id\\OSETUP.DLL",00000000,00001000) ret=1002c2db
...
0030:trace:module:load_native_dll Trying native dll
L"E:\\omui.id-id\\OSETUP.DLL"
0030:trace:module:map_image mapped PE file at 0x770000-0xe3b000
0030:trace:module:map_image mapping section .text at 0x771000 off 400 size
51d200 virt 51d0e4 flags 60000020
0030:trace:module:map_image clearing 0xc8e200 - 0xc8f000
0030:trace:module:map_image mapping section .data at 0xc8f000 off 51d600 size
51400 virt 58d38 flags c0000040
0030:trace:module:map_image clearing 0xce0400 - 0xce1000
0030:trace:module:map_image mapping section .tls at 0xce8000 off 0 size 0 virt
9 flags c0000080
0030:trace:module:map_image mapping section .rsrc at 0xce9000 off 56ea00 size
118e00 virt 118db8 flags 40000040
0030:trace:module:map_image clearing 0xe01e00 - 0xe02000
0030:trace:module:map_image mapping section .reloc at 0xe02000 off 687800 size
38c00 virt 38bec flags 42000040
0030:trace:module:map_image clearing 0xe3ac00 - 0xe3b000
0030:trace:module:map_image relocating from 0x10000000-0x106cb000 to
0x770000-0xe3b000
--- snip ---
$ wine --version
wine-1.7.5-336-gb43b7b6
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list