[Bug 47783] New: Rockstar Games Launcher installer crashes

WineHQ Bugzilla wine-bugs at winehq.org
Thu Sep 19 16:20:44 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=47783

            Bug ID: 47783
           Summary: Rockstar Games Launcher installer crashes
           Product: Wine
           Version: 4.16
          Hardware: x86
               URL: https://gamedownloads.rockstargames.com/public/install
                    er/Rockstar-Games-Launcher.exe
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ntdll
          Assignee: wine-bugs at winehq.org
          Reporter: bshanks at codeweavers.com
      Distribution: ---

The Rockstar Games Launcher installer (downloadable from
https://gamedownloads.rockstargames.com/public/installer/Rockstar-Games-Launcher.exe)
displays a window and then crashes quickly after launching.

Running the installer with "warn+all" generates constant heap corruption errors
( i.e. "err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x198350 tail
overwritten at 0x198388 (byte 0/8 == 0x52)"), but the installer does not crash
and successfully installs.

The installer is built with NSIS v3.04, and essentially does the following:

WINDOWINFO *wi = GlobalAlloc(GMEM_ZEROINIT, 56);
wi->cbSize = 56;
GetWindowInfo(hWnd, wi);
GlobalFree(wi);

The problem is that sizeof(WINDOWINFO) is actually 60. For some reason Windows
has always ignored cbSize and writes 60 bytes into the buffer, Wine does the
same.
The hard-coded 56 has been in NSIS example code
(https://nsis.sourceforge.io/GetWindowInfo) for years, it's very possible there
are other installers having this problem.

Based on this article
(https://blogs.msdn.microsoft.com/jiangyue/2010/03/15/windows-heap-overrun-monitoring/)
and some testing I did in a debugger, it appears that Windows heap allocations
leave healthy padding/unused bytes at the end, and this must be why the
installer doesn't crash on Windows.

Running Wine with "warn+heap" adds padding to the end of heap allocations,
which is why the installer doesn't crash there.

I think the fix for this is to increase/add padding to the end of heap
allocations.
Also a WARN should be added to GetWindowInfo() if cbSize is incorrect.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list