[Bug 36521] Star Wars rebellion update 1.01 crashes on start (quoted process command line only created with special 'My Documents' folder)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat May 24 15:51:55 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=36521

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |download
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://swrebellion.com/down
                   |                            |loads/modules.php?name=Down
                   |                            |loads&d_op=viewdownloaddeta
                   |                            |ils&lid=41&ttitle=1.01_Upda
                   |                            |te_for_Rebellion
                 CC|                            |focht at gmx.net
            Summary|Star Wars rebellion update  |Star Wars rebellion update
                   |1.01 crashes on start       |1.01 crashes on start
                   |                            |(quoted process command
                   |                            |line only created with
                   |                            |special 'My Documents'
                   |                            |folder)
     Ever confirmed|0                           |1

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

The installer expects a double quoted command line.
It calls GetCommandLineA(), skips the first character and copies up to 0x104
characters to a stack-based buffer.
It then continues to search the stack-based buffer for the closing
double-quote.
The search just overruns stack top (increment), landing in unmapped area,
causing the fault.

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine rsupd101.exe >>log.txt 2>&1
...
0023:Call KERNEL32.GetCommandLineA() ret=00401846
0023:Ret  KERNEL32.GetCommandLineA() retval=0012b560 ret=00401846
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x401868 ip=00401868
tid=0023
0023:trace:seh:raise_exception  info[0]=00000000
0023:trace:seh:raise_exception  info[1]=00340000
0023:trace:seh:raise_exception  eax=00000374 ebx=7b8bb000 ecx=00000000
edx=00000000 esi=0012b584 edi=00000000
0023:trace:seh:raise_exception  ebp=0033fe20 esp=0033fc84 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010297
0023:trace:seh:call_stack_handlers calling handler at 0x40bf4b code=c0000005
flags=0
0023:trace:seh:call_stack_handlers handler at 0x40bf4b returned 1
0023:trace:seh:call_stack_handlers calling handler at 0x409ab8 code=c0000005
flags=0
0023:Call KERNEL32.UnhandledExceptionFilter(0033f760) ret=0040900a
wine: Unhandled page fault on read access to 0x00340000 at address 0x401868
...
Unhandled exception: page fault on read access to 0x00340000 in 32-bit code
(0x00401868).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:00401868 ESP:0033fc84 EBP:0033fe20 EFLAGS:00010297(  R- --  I S -A-P-C)
 EAX:00000374 EBX:7b8bb000 ECX:00000000 EDX:00000000
 ESI:0012b584 EDI:00000000
Stack dump:
0x0033fc84:  0012b584 0040c140 6f685c3a 665c656d
0x0033fc94:  7468636f 776f445c 616f6c6e 725c7364
0x0033fca4:  64707573 2e313031 00657865 00000000
0x0033fcb4:  00000000 00000000 00000000 00000000
0x0033fcc4:  00000000 00000000 00000000 00000000
0x0033fcd4:  00000000 00000000 00000000 00000000
000c: sel=0067 base=00000000 limit=00000000 16-bit --x
Backtrace:
=>0 0x00401868 in rsupd101 (+0x1868) (0x0033fe20)
  1 0x7b864208 call_process_entry+0xb() in kernel32 (0x0033fe38)
...
0x00401868: movb    0x8(%esp,%eax,1),%cl
Modules:
Module    Address            Debug info    Name (29 modules)
PE      400000-  414000    Export          rsupd101
...
Threads:
process  tid      prio (all id:s are in hex)
...
00000022 (D) Z:\home\focht\Downloads\rsupd101.exe
    00000023    0 <== 
--- snip ---

In Windows, applications always get a quoted command line when being started
through shell/explorer (ShellExecuteEx).
Wine's Shell/Explorer should do the same - unfortunately it depends on where
you start the executable (double click).

This works: 'wine explorer' -> 'My Documents' -> navigate to folder where the
executable is saved and double click.

This doesn't work: 'wine explorer' -> 'My Computer' -> 'Z:' ... -> navigate to
folder where the executable is saved and double click (installer crashes).

A short debugging sessions shows the behaviour.

NOTE: 'My Documents' symlink doesn't exist on my machine hence $HOME is
substituted.

--- snip ---
$ winedbg "C:\\users\\focht\\My Documents\\Downloads\\rsupd101.exe"

Wine-dbg>b GetCommandLineA
...
Wine-dbg>p cmdlineA
""C:\users\focht\My Documents\Downloads\rsupd101.exe" "

<starts fine>
--- snip ---

--- snip ---
$ winedbg "z:\\home\\focht\\Downloads\\rsupd101.exe"

Wine-dbg>b GetCommandLineA
...
Wine-dbg>p cmdlineA
"z:\home\focht\Downloads\rsupd101.exe "

<crash>
--- snip ---

As current workaround you need to use the special folder trick which creates
the quoted command line.

$ sha1sum rsupd101.exe 
7ae576e99c8b623032e5ab96f384ad354d0e4230  rsupd101.exe

$ du -sh rsupd101.exe 
1.2M    rsupd101.exe

$ wine --version
wine-1.7.19-56-gee13e10

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list