[Bug 38966] LG Mobile Support Tool v1.8 crashes during selection of cell carrier when executing USB driver installation

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jul 24 16:54:42 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=38966

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |download
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://tool.xcdn.gdms.lge.c
                   |                            |om/client/app/B2CAppSetup.e
                   |                            |xe
                 CC|                            |focht at gmx.net
          Component|-unknown                    |wininet
            Summary|force close after hitting   |LG Mobile Support Tool v1.8
                   |install usb drivers on lg   |crashes during selection of
                   |mobile support tool and     |cell carrier when executing
                   |when enter cell carrier     |USB driver installation
     Ever confirmed|0                           |1

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/users/Public/Application Data/LGMOBILEAX/B2C_Client

$ WINEDEBUG=+tid,+seh,+relay wine ./LGUserCSTool.exe B2CST_WDLTB >>log.txt 2>&1
...
Unhandled exception: page fault on read access to 0x00000008 in 32-bit code
(0x0043851c).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:0043851c ESP:0032e928 EBP:00000000 EFLAGS:00210246(  R- --  I  Z- -P- )
 EAX:0032e944 EBX:00000004 ECX:00000000 EDX:00571628
 ESI:003300cc EDI:00000000
...
Backtrace:
=>0 0x0043851c in lgusercstool (+0x3851c) (0x00000000)
0x0043851c: movl    0x8(%ecx),%eax
Modules:
Module    Address            Debug info    Name (140 modules)
PE      400000-  565000    Export          lgusercstool
PE    10000000-1002f000    Deferred        lgmobiledl
ELF    48e28000-48e31000    Deferred        libffi.so.6
ELF    48e33000-48e8e000    Deferred        libp11-kit.so.0
ELF    49048000-490ba000    Deferred        libpcre.so.1
ELF    490bc000-490e1000    Deferred        libselinux.so.1
ELF    495dd000-495fb000    Deferred        libgcc_s.so.1
PE    73d10000-73e0e000    Deferred        mfc42 
...
Threads:
process  tid      prio (all id:s are in hex)
...    
0000003f (D) C:\users\Public\Application
Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
    00000034    0
    00000033    0
    00000032    0
    00000031    0
    0000001c    0 <== 
--- snip ---

The crash is kind of random. Sometimes it works, sometimes not.
Running with gui debugger or relay tracing it always works for me.

--- snip ---
...
0031:Call wininet.HttpOpenRequestA(00000002,004c7a20 "POST",00601078
"csmg/nb2c/gn_upgrade_model_img.jsp",004c7a28
"HTTP/1.1",00000000,00000000,00800000,00000000) ret=004438ca
...
0031:Ret  wininet.HttpOpenRequestA() retval=00000003 ret=004438ca
0031:Call wininet.HttpSendRequestA(00000003,004c79f0 "Content-Type:
application/x-www-form-urlencoded",0000002f,73de86d4,00000000) ret=004438fb
...
0031:Ret  wininet.HttpSendRequestA() retval=00000001 ret=004438fb
0031:Call wininet.InternetReadFile(00000003,003165b8,00007800,004cc0ac)
ret=0044396d 
...
0031:Ret  ws2_32.recv() retval=00000b40 ret=7e7bc62b
0031:Call secur32.DecryptMessage(00cdf544,003162d0,00000000,00000000)
ret=7e7bd66b
...
0031:Ret  ws2_32.recv() retval=000005a0 ret=7e7bc62b
0031:Call secur32.DecryptMessage(00cdf544,00316210,00000000,00000000)
ret=7e7bd66b
...
0031:Call KERNEL32.lstrlenA(003165b8 "<?xml version='1.0'
encoding='utf-8'?>\r\n<response req_cmd='gn_upgrade_model_img'
status='OK'>\r\n<gn_upgrade_model_img>\r\n<model>JutYdSNqF77lcNZLyGBj5Q==</model>\r\n<file_name>IbLbkFTgTsEpzcDT8GykArs/7dQ4flBe+M5qfmhQyX4=</file_name>\r\n<url>lu1NRqv/QoYh1PKRStj9JwU5zZdqa0vo+wqjo1nJlYCwXj+nWnOXN1S3L"...)
ret=73d14956
0031:Ret  KERNEL32.lstrlenA() retval=00003339 ret=73d14956
0031:Call msvcrt.malloc(00003346) ret=73d14154
0031:Call ntdll.RtlAllocateHeap(00570000,00000000,00003346) ret=7e847150
0031:Ret  ntdll.RtlAllocateHeap() retval=0063fb70 ret=7e847150
0031:Ret  msvcrt.malloc() retval=0063fb70 ret=73d14154
0031:Call msvcrt.memcpy(0063fb7c,73de86d4,00000000) ret=73d143f3
0031:Ret  msvcrt.memcpy() retval=0063fb7c ret=73d143f3
0031:Call msvcrt.memcpy(0063fb7c,003165b8,00003339) ret=73d14402
0031:Ret  msvcrt.memcpy() retval=0063fb7c ret=73d14402
...
--- snip ---

The app sends a JSP request and parses a rather large XML response which
contains lists of models into a series of string arrays.
It sanitizes/trims the input and removes XML specific data.

If the response status code for the model list request doesn't contain 'OK' the
app code misses out the creation of a string array.
This later leads to NULL ptr dereference when the carrier selection is done.

One reason could be return of partial data on first request for whatever
reason.

You might try: 'winetricks -q wininet'

Anyway, it's as Austin already said: what you're trying to do won't work by
design.

Wine is not an operating system and doesn't implement the "Windows kernel"
infrastructure needed to support these kind of hardware driver classes.

If your hardware is not recognized by your Linux kernel, you're out
of luck. Wine can't help you with that.

$ sha1sum B2CAppSetup.exe 
3ad4c2aececf1c8fa9bc77019c25e741c9ef9fcf  B2CAppSetup.exe

$ du -sh B2CAppSetup.exe 
256K    B2CAppSetup.exe

$ wine --version
wine-1.7.47-196-g4e6e9a1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list