[Bug 45073] New: Many MSI-based installers crash in remote_GetActionInfo while unmarshalling data

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Apr 27 02:25:33 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=45073

            Bug ID: 45073
           Summary: Many MSI-based installers crash in
                    remote_GetActionInfo while unmarshalling data
           Product: Wine
           Version: 3.6
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: msi
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

likely affects *all* MSI-based installers.

I just run a few winetricks recipes (.NET, ..) and other installers - all of
them crashed.

This is a critical (potential blocker) issue, Wine 3.7 can't be released in
this state.

VirtualPC 2007 (bug 29354)

--- snip ---
Unhandled exception: page fault on read access to 0x00000004 in 32-bit code
(0x7e4ae367).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7e4ae367 ESP:0033f838 EBP:0033f848 EFLAGS:00010206(  R- --  I   - -P- )
 EAX:00000004 EBX:0033f8ac ECX:0033f8ac EDX:00000000
 ESI:0033f8d0 EDI:0033fc34
...
Backtrace:
=>0 0x7e4ae367 align_pointer+0x12(ptr=0x4, align=0x4)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:103] in
rpcrt4 (0x0033f848)
  1 0x7e4b160c NdrPointerUnmarshall+0xd8(pStubMsg=<couldn't compute location>,
ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>,
fMustAlloc='d')
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1564] in
rpcrt4 (0x0033f898)
  2 0x7bc7f4e7 relay_call+0x3e() in ntdll (0x0033f8bc)
  3 0x7e4a5a54 in rpcrt4 (+0x5a53) (0x0033fab8)
  4 0x7ec09214 remote_GetActionInfo+0x27f(guid=<couldn't compute location>,
type=<couldn't compute location>, dllname=<couldn't compute location>,
function=<couldn't compute location>, hinst=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/build-x86/dlls/msi/winemsi_c.c:2570] in
msi (0x0033fab8)
  5 0x7ebab091 __wine_msi_call_dll_function+0x165(guid=0x33fc70)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:525] in msi
(0x0033fc28)
  6 0x7bc7f4e7 relay_call+0x3e() in ntdll (0x0033fc4c)
  7 0x7eb86598 in msi (+0x6597) (0x0033fc88)
  8 0x7efee3e8 DoEmbedding+0x23(key="{AD3887D1-245B-4BFF-ADF3-298FD0BFC1FF}")
[/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:402] in
msiexec (0x0033fc88)
  9 0x7efee9a4 WinMain+0x18f(hInstance=<couldn't compute location>,
hPrevInstance=<couldn't compute location>, lpCmdLine=<couldn't compute
location>, nCmdShow=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:599] in
msiexec (0x0033fde8)
  10 0x7eff059e main+0xeb(argc=<couldn't compute location>, argv=<couldn't
compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_main.c:49] in
msiexec (0x0033fe68)
  11 0x7eff0496 __wine_spec_exe_entry+0x56(peb=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_entry.c:36] in
msiexec (0x0033fea8)
  12 0x7b46d930 call_process_entry+0xb() in kernel32 (0x0033fec8)
  13 0x7b46da71 start_process+0x132(entry=<couldn't compute location>,
peb=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1099] in
kernel32 (0x0033ffd8)
  14 0x7b46d93e start_process_wrapper+0x9() in kernel32 (0x0033ffec)
0x7e4ae367 align_pointer+0x12
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:103] in
rpcrt4: movl    0x0(%eax),%eax
103        *ptr = (unsigned char *)(((ULONG_PTR)*ptr + mask) & ~mask);
...
Modules:
Module    Address            Debug info    Name (73 modules)
ELF    7b400000-7b7f4000    Dwarf           kernel32<elf>
  \-PE    7b420000-7b7f4000    \               kernel32
ELF    7bc00000-7bd0d000    Dwarf           ntdll<elf>
  \-PE    7bc30000-7bd0d000    \               ntdll
ELF    7c000000-7c004000    Deferred        <wine-loader> 
...
Threads:
process  tid      prio (all id:s are in hex)
...
0000002d setup.exe
    0000002e    0
0000002f msxml6-KB927977-enu-x86.exe
    00000031    0
    00000030    0
00000032 msiexec.exe
    00000038    0
    00000035    0
    00000034    0
    00000033    0
00000036 (D) C:\windows\system32\msiexec.exe
    00000037    0 <== 
--- snip ---

'winetricks -q dotnet40'

--- snip ---
Unhandled exception: page fault on write access to 0x00000033 in 32-bit code
(0xf7c1fcea).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:f7c1fcea ESP:0033f57c EBP:0033f5a8 EFLAGS:00010203(  R- --  I   - - -C)
 EAX:00000000 EBX:00000022 ECX:0000000b EDX:00000000
 ESI:00146424 EDI:00000033
...
Backtrace:
=>0 0xf7c1fcea memcpy+0x5a() in libc.so.6 (0x0033f5a8)
  1 0x7e4af0df safe_copy_from_buffer+0xe0(pStubMsg=0x33f9f8, p=0x33, size=0x17)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:730] in
rpcrt4 (0x0033f5a8)
  2 0x7e4b352f array_read_variance_and_unmarshall+0x4d9(fc='"',
pStubMsg=0x33f9f8, ppMemory=0x33fbe0, pFormat=""\    \", fMustAlloc=0,
fUseBufferMemoryServer=1, fUnmarshall=1)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:2234] in
rpcrt4 (0x0033f638)
  3 0x7e4b41c3 NdrConformantStringUnmarshall+0xfe(pStubMsg=<couldn't compute
location>, ppMemory=<couldn't compute location>, pFormat=<couldn't compute
location>, fMustAlloc=0)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:2533] in
rpcrt4 (0x0033f688)
  4 0x7e4afe7f PointerUnmarshall+0x53e(pStubMsg=0x33f9f8, Buffer="",
pPointer=0x33fbe0, pSrcPointer=*** invalid address 0x33 ***, pFormat=""\   
\", fMustAlloc=0)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:969] in
rpcrt4 (0x0033f758)
  5 0x7e4b1644 NdrPointerUnmarshall+0x110(pStubMsg=<couldn't compute location>,
ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>,
fMustAlloc=0)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1569] in
rpcrt4 (0x0033f7b8)
  6 0x7e4afe7f PointerUnmarshall+0x53e(pStubMsg=0x33f9f8, Buffer="",
pPointer=0x33fb0c, pSrcPointer="3", pFormat="", fMustAlloc=0)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:969] in
rpcrt4 (0x0033f888)
  7 0x7e4b1644 NdrPointerUnmarshall+0x110(pStubMsg=<couldn't compute location>,
ppMemory=<couldn't compute location>, pFormat=<couldn't compute location>,
fMustAlloc=0)
[/home/focht/projects/wine/wine.repo/src/dlls/rpcrt4/ndr_marshall.c:1569] in
rpcrt4 (0x0033f8e8)
  8 0x7ec09214 remote_GetActionInfo+0x27f(guid=<couldn't compute location>,
type=<couldn't compute location>, dllname=<couldn't compute location>,
function=<couldn't compute location>, hinst=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/build-x86/dlls/msi/winemsi_c.c:2570] in
msi (0x0033fae8)
  9 0x7ebab091 __wine_msi_call_dll_function+0x165(guid=0x33fc70)
[/home/focht/projects/wine/wine.repo/src/dlls/msi/custom.c:525] in msi
(0x0033fc58)
  10 0x7efee3e8 DoEmbedding+0x23(key="{7E1720C8-F634-46E9-A8D1-FB290A0A8D53}")
[/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:402] in
msiexec (0x0033fc88)
  11 0x7efee9a4 WinMain+0x18f(hInstance=<couldn't compute location>,
hPrevInstance=<couldn't compute location>, lpCmdLine=<couldn't compute
location>, nCmdShow=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/programs/msiexec/msiexec.c:599] in
msiexec (0x0033fde8)
  12 0x7eff059e main+0xeb(argc=<couldn't compute location>, argv=<couldn't
compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_main.c:49] in
msiexec (0x0033fe68)
  13 0x7eff0496 __wine_spec_exe_entry+0x56(peb=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winecrt0/exe_entry.c:36] in
msiexec (0x0033fea8)
  14 0x7b46d930 call_process_entry+0xb() in kernel32 (0x0033fec8)
  15 0x7b46da71 start_process+0x132(entry=<couldn't compute location>,
peb=<couldn't compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/process.c:1099] in
kernel32 (0x0033ffd8)
  16 0x7b46d93e start_process_wrapper+0x9() in kernel32 (0x0033ffec)
0xf7c1fcea memcpy+0x5a in libc.so.6: movsb    (%esi),%es:(%edi)
Modules:
Module    Address            Debug info    Name (73 modules)
ELF    7b400000-7b7f4000    Dwarf           kernel32<elf>
  \-PE    7b420000-7b7f4000    \               kernel32
ELF    7bc00000-7bd0d000    Deferred        ntdll<elf>
  \-PE    7bc30000-7bd0d000    \               ntdll
ELF    7c000000-7c004000    Deferred        <wine-loader>
...
Threads:
process  tid      prio (all id:s are in hex)
00000008 dotNetFx40_Full_x86_x64.exe
    00000009    0
...
00000032 Setup.exe
    0000003d    0
    0000003c    0
    0000003b    0
    00000038    0
    00000037    0
    00000036    0
    00000033    0
00000039 (D) C:\windows\system32\msiexec.exe
    0000003a    0 <==
System information:
    Wine build: wine-3.6-236-gd6654dbf2b
    Platform: i386
    Version: Windows 5.1 (0)
    Host system: Linux
    Host version: 4.15.17-300.fc27.x86_64 
--- snip ---

$ wine --version
wine-3.6-236-gd6654dbf2b

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list