[Bug 45044] New: Microsoft Visual C++ 2005, 2008 Redistributable installers fail with 'action L"SxsInstallCA" returned 1603'
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Apr 22 03:51:53 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45044
Bug ID: 45044
Summary: Microsoft Visual C++ 2005, 2008 Redistributable
installers fail with 'action L"SxsInstallCA" returned
1603'
Product: Wine
Version: 3.6
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: msi
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
noticed this on recent Wine build from Git while investigating some other
issue.
The installer bundles MSVC++ 2005 runtime and it fails to run the
sub-installer.
This worked in the past.
--- snip ---
$ WINEDEBUG=+seh,+relay,+msi wine ./vcredist_x86.exe >>log.txt 2>&1
...
0032:Call KERNEL32.MultiByteToWideChar(00000000,00000001,00411290 "msiexec /i
vcredist.msi",00000018,004112b0,00000018) ret=f7b1c6bf
...
0032:trace:msi:HANDLE_CustomType1 Calling function
L"CustomAction_SxsMsmInstall" from L"C:\\users\\focht\\Temp\\msi3fd.tmp"
0033:Starting thread proc 0x7ebbc0db (arg=0x1d736c)
0033:trace:msi:DllThread custom action (33) started
...
0033:trace:msi:ACTION_CallDllFunction calling L"CustomAction_SxsMsmInstall"
...
0033:Call msi.MsiGetActiveDatabase(00000002) ret=00402d45
0033:trace:msi:MsiGetActiveDatabase (2)
0033:trace:msi:MsiGetActiveDatabase (1)
0033:trace:msi:alloc_msihandle 0x159508 -> 3
0033:trace:msi:alloc_msi_remote_handle 3 -> 4
0033:Ret msi.MsiGetActiveDatabase() retval=00000004 ret=00402d45
0033:Call msi.MsiDatabaseOpenViewA(00000004,0040146c "SELECT `Component_`,
`Guid` FROM `SxsMsmGenComponents`",0061fd28) ret=00402d5e
...
0033:Call msi.MsiDatabaseOpenViewA(00000004,00401290 "SELECT `Directory_`,
`ComponentId` FROM `Component` WHERE `Component` = ?",0061fcd8) ret=00402335
0033:trace:msi:MsiDatabaseOpenViewA 4 "SELECT `Directory_`, `ComponentId` FROM
`Component` WHERE `Component` = ?" 0x61fcd8
...
0033:Ret msi.MsiDatabaseOpenViewA() retval=00000000 ret=00402335
...
0033:Call msi.MsiRecordSetStringA(0000000d,00000001,00411388
"uplevel.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E") ret=00402355
...
0033:Call msi.MsiViewExecute(00000017,0000000d) ret=00402377
0033:trace:msi:MsiViewExecute 23 13
0033:Call ntdll.RtlAllocateHeap(00110000,00000008,00000030) ret=7ebd516c
0033:Ret ntdll.RtlAllocateHeap() retval=001e32a8 ret=7ebd516c
0033:trace:msi:alloc_msihandle 0x1e32a8 -> 24
0033:Ret msi.MsiViewExecute() retval=0061fbe8 ret=00402377
...
0033:trace:msi:DllThread custom action (33) returned 1603
...
0032:err:msi:ITERATE_Actions Execution halted, action L"SxsInstallCA" returned
1603
...
0032:err:msi:ITERATE_Actions Execution halted, action L"ExecuteAction" returned
1603
--- snip ---
Debugger:
--- snip ---
$ MsiBreak=CustomAction_SxsMsmInstall wine msiexec -i vcredist.msi
...
$ winedbg
Wine-dbg>attach 0x8
Wine-dbg>c
DbgBreakPoint () at
/home/focht/projects/wine/wine.repo/src/include/winternl.h:2223
0x7b442fe0 DbgBreakPoint+0x4
[/home/focht/projects/wine/wine.repo/src/include/winternl.h:2223] in kernel32:
nop
2223 static inline void WINAPI DbgBreakPoint(void) { __asm__
__volatile__("int3"); }
$ Wine-dbg>b MsiViewExecute
002f:fixme:dbghelp_dwarf:dwarf2_parse_const_type Unsupported children
Breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
Wine-dbg>c
Stopped on breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
MsiViewExecute () at
/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475
Wine-dbg>c
Stopped on breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
Wine-dbg>c
Stopped on breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
Wine-dbg>c
Stopped on breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
Wine-dbg>c
Stopped on breakpoint 1 at 0x7ebe87b9 MsiViewExecute
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:475] in msi
Wine-dbg>b copy_remote_record
Breakpoint 2 at 0x7ebf6888 copy_remote_record
[/home/focht/projects/wine/wine.repo/src/dlls/msi/record.c:1059] in msi
Wine-dbg>c
Stopped on breakpoint 2 at 0x7ebf6888 copy_remote_record
[/home/focht/projects/wine/wine.repo/src/dlls/msi/record.c:1059] in msi
copy_remote_record () at
/home/focht/projects/wine/wine.repo/src/dlls/msi/record.c:1059
Wine-dbg>bt
Backtrace:
=>0 0x7ebf6888 copy_remote_record(in=0x1d3b0c, out=0x1f)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/record.c:1059] in msi
(0x0061fc18)
1 0x7ebe9d3e remote_ViewExecute+0x29(view=<couldn't compute location>,
remote_rec=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:1106] in msi
(0x0061fc48)
2 0x7ebe8894 MsiViewExecute+0xda(hView=<couldn't compute location>,
hRec=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/msiquery.c:497] in msi
(0x0061fc98)
3 0x00402377 in msifcec.tmp (+0x2376) (0x0061fce0)
4 0x00402fd6 in msifcec.tmp (+0x2fd5) (0x0061fd38)
5 0x00403336 in msifcec.tmp (+0x3335) (0x0061fd48)
6 0x7ebbbd2e CUSTOMPROC_wrapper+0xd() in msi (0x0061fd58)
7 0x7ebbbf19 ACTION_CallDllFunction+0x1e8(guid=0x1c585c)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:564] in msi
(0x0061fe98)
8 0x7ebbc14d DllThread+0x71(arg=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:598] in msi
(0x0061fed8)
9 0x7bc95468 call_thread_func_wrapper+0xb() in ntdll (0x0061feec)
10 0x7bc954ce call_thread_func+0x63(entry=0x7ebbc0db, arg=0x1c585c)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/signal_i386.c:2625] in
ntdll (0x0061ffdc)
11 0x7bc9545a call_thread_entry+0x9() in ntdll (0x0061ffec)
Wine-dbg>info locals
0x7ebf6888 copy_remote_record: (0061fc18)
struct wire_record* in=0x1d3b0c (parameter [ESP+4])
MSIHANDLE out=0x1f (parameter [ESP+8])
MSIRECORD* rec=0x61fc60 (local [ESP-24])
unsigned int i=0x7ebf6a82 (local [ESP-16])
UINT r=0x61fc18 (local [ESP-20])
Wine-dbg>n
1064 if (!(rec = msihandle2msiinfo(out, MSIHANDLETYPE_RECORD)))
Wine-dbg>n
1067 for (i = 0; i <= in->count; i++)
Wine-dbg>n
1067 for (i = 0; i <= in->count; i++)
Wine-dbg>n
1069 switch (in->fields[i].type)
Wine-dbg>n
1072 MSI_FreeField(&rec->fields[i]);
Wine-dbg>n
1073 rec->fields[i].type = MSIFIELD_NULL;
Wine-dbg>n
1074 break;
Wine-dbg>n
1089 if (r)
Wine-dbg>n
1091 msiobj_release(&rec->hdr);
Wine-dbg>n
1092 return r;
--- snip ---
Two cases of the switch use uninitialized 'r' value.
Source:
https://source.winehq.org/git/wine.git/blob/a373054b72f396a04ab4f191e1f6c2c9e0476aa0:/dlls/msi/record.c#l1058
--- snip ---
1058 UINT copy_remote_record(const struct wire_record *in, MSIHANDLE out)
1059 {
1060 MSIRECORD *rec;
1061 unsigned int i;
1062 UINT r;
1063
1064 if (!(rec = msihandle2msiinfo(out, MSIHANDLETYPE_RECORD)))
1065 return ERROR_INVALID_HANDLE;
1066
1067 for (i = 0; i <= in->count; i++)
1068 {
1069 switch (in->fields[i].type)
1070 {
1071 case MSIFIELD_NULL:
1072 MSI_FreeField(&rec->fields[i]);
1073 rec->fields[i].type = MSIFIELD_NULL;
1074 break;
1075 case MSIFIELD_INT:
1076 r = MSI_RecordSetInteger(rec, i, in->fields[i].u.iVal);
1077 break;
1078 case MSIFIELD_WSTR:
1079 r = MSI_RecordSetStringW(rec, i, in->fields[i].u.szwVal);
1080 break;
1081 case MSIFIELD_STREAM:
1082 r = MSI_RecordSetIStream(rec, i, in->fields[i].u.stream);
1083 break;
1084 default:
1085 ERR("invalid field type %d\n", in->fields[i].type);
1086 break;
1087 }
1088
1089 if (r)
1090 {
1091 msiobj_release(&rec->hdr);
1092 return r;
1093 }
1094 }
1095
1096 msiobj_release(&rec->hdr);
1097 return ERROR_SUCCESS;
1098 }
--- snip ---
The custom action dll later converts the garbage value 0x61fc18 to 0x8007FC18
(meaningless) but ultimately to 1603.
--- snip ---
004022E6 56 PUSH ESI
004022E7 E8 63F5FFFF CALL 0040184F
004022EC 85FF TEST EDI,EDI ; 0x0061FC18
004022EE 7E 0C JLE SHORT 004022FC
004022F0 81E7 FFFF0000 AND EDI,0FFFF ; 0x0000FC18
004022F6 81CF 00000780 OR EDI,80070000 ; 0x8007FC18
004022FC 837D FC 00 CMP DWORD PTR SS:[EBP-4],0
00402300 74 08 JE SHORT 0040230A
00402302 FF75 FC PUSH DWORD PTR SS:[EBP-4]
00402305 E8 30150000 CALL 0040383A
0040230A 837D F8 00 CMP DWORD PTR SS:[EBP-8],0
0040230E 74 08 JE SHORT 00402318
00402310 FF75 F8 PUSH DWORD PTR SS:[EBP-8]
00402313 E8 22150000 CALL 0040383A
--- snip ---
This is a regression, introduced by
https://source.winehq.org/git/wine.git/commitdiff/bbf0f2da8211da73066fb36a444593ab0e8901f2
("msi: Make MsiProcessMessage() RPC-compatible") which introduced a buggy
'unmarshal_record' helper.
The code was later refactored into 'copy_remote_record' helper:
https://source.winehq.org/git/wine.git/commitdiff/c79fbc241e3c9a62ab50fb0826e33e85e97ae883
("msi: Make MsiViewModify() RPC-compatible.")
'MsiViewExecute' modified to call the remote wrappers which contain the bug:
https://source.winehq.org/git/wine.git/commitdiff/afb5eede24c35308d2370fd3b492545aed607ce6
("msi: Make MsiViewExecute() RPC-compatible.")
With a fix applied to properly initialize 'r', the installers work again.
$ ha1sum vcredist_x86.EXE
b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847 vcredist_x86.EXE
$ du -sh vcredist_x86.EXE
2.6M vcredist_x86.EXE
$ wine --version
wine-3.6-138-ga373054b72
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list