[Bug 45945] SADES SA-908 gaming headset driver installer for Windows 7/8/ 10 crashes on startup ('setupapi.SetupFindFirstLineA/W' needs to treat ' Key' parameter with empty string same as NULL)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jul 7 15:46:44 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=45945

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
            Summary|SA-908 Setup.exe crashes    |SADES SA-908 gaming headset
                   |inside setupapi.dll         |driver installer for
                   |                            |Windows 7/8/10 crashes on
                   |                            |startup
                   |                            |('setupapi.SetupFindFirstLi
                   |                            |neA/W' needs to treat 'Key'
                   |                            |parameter with empty string
                   |                            |same as NULL)
           Keywords|                            |hardware, Installer
          Component|-unknown                    |setupapi

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

Prerequisite: 'winetricks -q mfc42'

--- snip ---
$  WINEDEBUG=+seh,+relay,+setupapi,+loaddll,+process wine ./Setup.exe >>log.txt
2>&1
...
002d:Call KERNEL32.CreateProcessA(00000000,00ce8e08
"C:\\users\\focht\\Temp\\{08B27E4B-C0EC-4EBD-9AC0-AFC265C3E176}\\{B0794A0B-6397-43B4-B04F-2A103AC5A987}\\Cmitool.exe
sades",00000000,00000000,00000000,00000020,00000000,00000000,00a933a8,00a93450)
ret=10073d5d
...
004b:Call KERNEL32.__wine_kernel_init() ret=7bc7b7d0 
...
002d:trace:process:CreateProcessInternalW started process pid 004a tid 004b
002d:Ret  KERNEL32.CreateProcessA() retval=00000001 ret=10073d5d 
...
004b:Call setupapi.SetupOpenInfFileA(00552820
"Z:\\home\\focht\\Downloads\\drivers\\WIN7\\SoftwareDriver\\driver\\SADES.Inf",00000000,00000002,00000000)
ret=00402bda 
...
004b:trace:setupapi:SetupOpenInfFileW
L"Z:\\home\\focht\\Downloads\\drivers\\WIN7\\SoftwareDriver\\driver\\SADES.Inf"
-> 001640C8
...
004b:Call setupapi.SetupFindFirstLineA(001640c8,0042870c "Strings",0032f758
"",0032f748) ret=004030a6 
...
004b:Ret  setupapi.SetupOpenInfFileA() retval=001640c8 ret=00402bda 
...
004b:Call msvcrt._wcsicmp(001658d8 L"Strings",00166b00 L"Version") ret=6a929a3d
004b:Ret  msvcrt._wcsicmp() retval=fffffffd ret=6a929a3d
004b:Call msvcrt._wcsicmp(001658d8 L"Strings",00166c42 L"SourceDisksNames")
ret=6a929a3d
004b:Ret  msvcrt._wcsicmp() retval=00000005 ret=6a929a3d
004b:Call msvcrt._wcsicmp(001658d8 L"Strings",00166c86 L"SourceDisksFiles.x86")
ret=6a929a3d
004b:Ret  msvcrt._wcsicmp() retval=00000005 ret=6a929a3d
004b:Call msvcrt._wcsicmp(001658d8 L"Strings",00166d70
L"SourceDisksFiles.amd64") ret=6a929a3d
004b:Ret  msvcrt._wcsicmp() retval=00000005 ret=6a929a3d 
...
004b:Call msvcrt._wcsicmp(001658d8 L"Strings",0016c30a L"Strings") ret=6a929a3d
004b:Ret  msvcrt._wcsicmp() retval=00000000 ret=6a929a3d
...
004b:Call msvcrt._wcsicmp(001658f0 L"",0032d5dc L"REG_BINARY") ret=6a92be2a
004b:Ret  msvcrt._wcsicmp() retval=ffffff8e ret=6a92be2a
...
004b:trace:setupapi:SetupFindNextMatchLineW (001640C8,L"Strings",L""): not
found
...
004b:Ret  setupapi.SetupFindFirstLineA() retval=00000000 ret=004030a6
...
004b:Call KERNEL32.GetLastError() ret=004030ae
004b:Ret  KERNEL32.GetLastError() retval=e0000102 ret=004030ae
004b:Call KERNEL32.GetLastError() ret=00418a0d
004b:Ret  KERNEL32.GetLastError() retval=e0000102 ret=00418a0d
004b:Call ntdll.RtlAllocateHeap(00550000,00000000,00000051) ret=004133cd
004b:Ret  ntdll.RtlAllocateHeap() retval=00552758 ret=004133cd
004b:Call KERNEL32.GetLastError() ret=00418a0d
004b:Ret  KERNEL32.GetLastError() retval=e0000102 ret=00418a0d
004b:Call setupapi.SetupGetLineTextA(0032f748,001640c8,0042870c
"Strings",0032f758 "",0032f85c,00000104,0032f744) ret=00403128
004b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6a92d0d9
ip=6a92d0d9 tid=004b
004b:trace:seh:raise_exception  info[0]=00000000
004b:trace:seh:raise_exception  info[1]=a3b21da8
004b:trace:seh:raise_exception  eax=0032f7a8 ebx=00000007 ecx=b4680000
edx=7bd2876a esi=7bc592f8 edi=0032f69c
004b:trace:seh:raise_exception  ebp=0032f678 esp=0032f630 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010a83
004b:trace:seh:call_stack_handlers calling handler at 0x426783 code=c0000005
flags=0 
--- snip ---

Disassembly of relevant installer code:

--- snip ---
...
00403090  LEA EDX,[ESP+64]
00403094  PUSH EDX             ; Context
00403095  LEA EAX,[ESP+78]
00403099  PUSH EAX             ; Key
0040309A  PUSH OFFSET 0042870C ; Section, ASCII "Strings"
0040309F  PUSH ESI             ; InfHandle
004030A0  CALL DWORD PTR DS:[<&SETUPAPI.SetupFindFirstLineA>]
004030A6  MOV ESI,DWORD PTR DS:[<&KERNEL32.GetLastError>]
004030AC  CALL ESI
004030AE  MOV EDI,EAX
004030B0  CALL 00408CAC
004030B5  XOR ECX,ECX
004030B7  TEST EAX,EAX
004030B9  SETNZ CL
004030BC  TEST ECX,ECX
004030BE  JNZ SHORT 004030CA
004030C0  PUSH 80004005
004030C5  CALL 004013D0
004030CA  MOV EDX,DWORD PTR DS:[EAX]
004030CC  MOV ECX,EAX
004030CE  MOV EAX,DWORD PTR DS:[EDX+0C]
004030D1  CALL EAX
004030D3  ADD EAX,10
004030D6  MOV DWORD PTR SS:[ESP+10],EAX
004030DA  PUSH EDI
004030DB  LEA ECX,[ESP+14]
004030DF  PUSH OFFSET 004286D0 ; ASCII "GetInfDeviceID() SetupFindFirstLine
error code(zero ok):%x"
004030E4  MOV EBX,7
004030E9  PUSH ECX
004030EA  MOV DWORD PTR SS:[ESP+294],EBX
004030F1  CALL 00401E20
004030F6  MOV EDI,DWORD PTR SS:[ESP+34]
004030FA  ADD ESP,0C
004030FD  LEA EDX,[ESP+60]
00403101  PUSH EDX             ; RequiredSize
00403102  PUSH 104             ; ReturnBufferSize
00403107  LEA EAX,[ESP+180]
0040310E  PUSH EAX             ; ReturnBuffer
0040310F  LEA ECX,[ESP+80]
00403116  PUSH ECX             ; Key
00403117  PUSH OFFSET 0042870C ; Section, ASCII "Strings"
0040311C  PUSH EDI             ; InfHandle
0040311D  LEA EDX,[ESP+7C]     ; Context
00403121  PUSH EDX              
00403122  CALL DWORD PTR DS:[<&SETUPAPI.SetupGetLineTextA>]
...
--- snip ---

Although not important, the 'Strings' section of the .inf file in question:

--- snip ---
...
;---------------------------------------------------------------
;                S t r i n g s
;---------------------------------------------------------------

[Strings]
; non-localizeable
Proxy.CLSID="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"
KSCATEGORY_RENDER="{65E8773E-8F56-11D0-A3B9-00A0C9223196}"
KSCATEGORY_CAPTURE="{65E8773D-8F56-11D0-A3B9-00A0C9223196}"
KSCATEGORY_AUDIO="{6994AD04-93EF-11D0-A3CC-00A0C9223196}"
KSCATEGORY_TOPOLOGY = "{DDA54A40-1E4C-11D1-A050-405705C10000}" ;
non-localizable
KSCATEGORY_REALTIME = "{EB115FFC-10C8-4964-831D-6DCB02E6F23F}" ;
non-localizable

KSNAME_SPEAKER.WAVE="SPKOut00Wave"
KSNAME_SPDIFOUT.WAVE="SPDIFOut00Wave"
KSNAME_HPOUT.WAVE="HPOut00Wave"
KSNAME_RECIN.WAVE="RecIn00Wave"
KSNAME_MICIN.WAVE="MicIn00Wave"
KSNAME_LINEIN.WAVE="LineIn00Wave"
KSNAME_SPDIFIN.WAVE="SPDIFIn00Wave"
KSNAME_GLOBAL.TOPO="GlobalTopo"

SERVICE_KERNEL_DRIVER=1
SERVICE_DEMAND_START=3
SERVICE_ERROR_NORMAL=1
REG_DWORD=0x00010001

MediaCategories="SYSTEM\CurrentControlSet\Control\MediaCategories"

;localizeable
SADESGUID.SpdifOut="{12C15946-BA58-42c1-9F11-8341E2198622}"
SADESGUID.SpdifIn    ="{017D895C-7AE7-4f4d-B78C-CD1FFC0CE776}"
HDAGuidStereoMixPin         ="{8c5716e6-c984-492e-a2fb-1385f2d0f3c9}"
HDAGuidAuxInPin         ="{5f4bb488-a646-408a-9265-8647f9c374d4}"

CMEDIA="C-MEDIA Inc."
ManufacturerString="SADES"
SADES.DeviceDesc="SADES Audio Device"
SADES.SvcDesc="SADES Audio Device GH"
SADES.SPEAKER.WAVE.szPname="Speaker"
SADES.SPDIFOUT.WAVE.szPname="SpdifOut"
SADES.HPOUT.WAVE.szPname="Headphone"
SADES.RECIN.WAVE.szPname="Capture"
SADES.MICIN.WAVE.szPname="MicIn"
SADES.LINEIN.WAVE.szPname="LineIn"
SADES.SPDIFIN.WAVE.szPname="SpdifIn"
SADES.GLOBAL.TOPO.szPname="Global Mixer"
SADES.Audio.DeviceDesc="SADES Audio Device Audio"
cdname="SADES SADES Audio Device Installation Disk"
SADESNode.SpdifOut="SPDIF Out"
SADESNode.SpdifIn="SPDIF In"
HDAStereoMixPinName="Stereo Mix"
HDAAuxInPinName="Aux In"

;; These are the name strings for the wave miniports displayed in mmsys.cpl
;;

KSNODETYPE_ANY                    = "{00000000-0000-0000-0000-000000000000}"
KSNODETYPE_SPEAKER                = "{DFF21CE1-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_LINE_CONNECTOR       = "{DFF21FE3-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_HEADSET_SPEAKERS       = "{DFF21CE6-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_HEADPHONES             = "{DFF21CE2-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_DESKTOP_SPEAKER        = "{DFF21CE4-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_SPDIF_INTERFACE        = "{DFF21FE5-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_MICROPHONE               = "{DFF21BE1-F70F-11D0-B917-00A0C9223196}"
KSNODETYPE_DESKTOP_MICROPHONE     = "{DFF21BE2-F70F-11D0-B917-00A0C9223196}"
;;
;; PropertyKey GUIDS
;;

PKEY_FX_Association          = "{D04E05A6-594B-4FB6-A80D-01AF5EED7D1D},0"
PKEY_FX_PreMixClsid          = "{D04E05A6-594B-4FB6-A80D-01AF5EED7D1D},1"
PKEY_FX_PostMixClsid         = "{D04E05A6-594B-4FB6-A80D-01AF5EED7D1D},2"
PKEY_FX_UiClsid              = "{D04E05A6-594B-4FB6-A80D-01AF5EED7D1D},3"
PKEY_ItemNameDisplay         = "{B725F130-47EF-101A-A5F1-02608C9EEBAC},10"

PKEY_AudioEndpoint_ControlPanelPageProvider =
"{1DA5D803-D492-4EDD-8C23-E0C0FFEE7F0E},1"
PKEY_AudioEndpoint_Association  = "{1DA5D803-D492-4EDD-8C23-E0C0FFEE7F0E},2"
PKEY_AudioEndpoint_Supports_EventDriven_Mode =
"{1DA5D803-D492-4EDD-8C23-E0C0FFEE7F0E},7"

PKEY_AudioEngine_OEMFormat = "{E4870E26-3CC5-4CD2-BA46-CA0A9A70ED04},3"

AUDIOENDPOINT_EXT_UI_CLSID = "{6C57B2A2-91F5-4b90-93D5-FAB82485ECA6}"

SYSFX_UI_CLSID      = "{5666D399-3AFA-408F-9688-CC4B46D0E054}"
SYSFX_PREMIX_CLSID  = "{2CA4E0EA-DA35-44FA-87A8-655B43773508}"
SYSFX_POSTMIX_CLSID = "{72F3C3FD-2473-4790-BCF6-3E579DB8E859}"
SYSFX_FriendlyName  = "CMedia Audio System Effect"

REG_BINARY          = 0x00000001
--- snip ---

The installer passes an empty key (string) to 'SetupFindFirstLineA' API call.
Wine's setupapi distinguishes only between a NULL parameter and a string,
leading to failure. The app code ignores the failure and passes the empty
(uninitialized) context to 'SetupGetLineTextA' API which obviously causes the
crash when trying to access the context struct members.

https://docs.microsoft.com/en-us/windows/win32/api/setupapi/nf-setupapi-setupfindfirstlinea

--- quote ---
...

Parameters

InfHandle

Handle to the INF file to query.

Section

Pointer to a null-terminated string specifying the section of the INF files to
search in.

Key

Optional pointer to a null-terminated string specifying the key to search for
within the section. The null-terminated string should not exceed the size of
the destination buffer. This parameter can be NULL. If Key is NULL, the first
line in the section is returned.

Context

Pointer to a structure that receives the context information used internally by
the INF handle. Applications must not overwrite values in this structure.
Return Value

If the function could not find a line, the return value is zero. To get
extended error information, call GetLastError.
--- quote ---

Apparently passing an empty string as 'Key' parameter has the same effect as it
would have been NULL. I've tested a small fix and it lets the installer run
further. It sill fails in the end with "Please connect the SADES Headset" since
there is obviously no hardware connected/probed.

$ sha1sum SA-908\ DRIVERS.zip 
cf42f0c91c2db6f79a2ad647d654e8d6864ebacb  SA-908 DRIVERS.zip

$ du -sh SA-908\ DRIVERS.zip 
108M    SA-908 DRIVERS.zip

$ wine --version
wine-4.12.1

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list