[Bug 41934] Spreaker Studio 1.4.2 fails to install

https://bugs.winehq.org/show_bug.cgi?id=41934

--- Comment #2 from Sagawa sagawa.aki+winebugs@gmail.com --- I can reproduce the issue. From my point of view, the installer code is very buggy. However, it seems that this is a part of some framework (nupkg related?), I'll try to fix somehow.

Details, please look following code snippet:

0x004022be: leal 0xfffff7e4(%ebp),%eax 0x004022c4: repe movsl (%esi),%es:(%edi) 0x004022c6: pushl %ebx 0x004022c7: pushl %eax 0x004022c8: pushl $0x1 0x004022ca: pushl $0x4237d0 ; = "D:PAI(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;OICIIO;GA;;;SY)(A;;0x1301bf;;;BA)(A;OICIIO;GA;;;BA)(A;;0x1200a9;;;BU)(A;OICIIO;GXGR;;;BU)(A;OICIIO;GA;;;CO)(A;;0x1200a9;;;AC)(A;OICIIO;GXGR;;;AC)" 0x004022cf: movsw (%esi),%es:(%edi) 0x004022d1: call *0x41c020 -> 0x7e9940d0 ConvertStringSecurityDescriptorToSecurityDescriptorW [/home/obfuscated/wine-git/dlls/advapi32/security.c:4738] in advapi32 0x004022d7: movl 0xfffff7e4(%ebp),%eax 0x004022dd: movl %eax,0xfffff7d8(%ebp) 0x004022e3: leal 0xfffff7d4(%ebp),%eax 0x004022e9: pushl %eax 0x004022ea: leal 0xfffffdf4(%ebp),%eax 0x004022f0: movl $0xc,0xfffff7d4(%ebp) 0x004022fa: pushl %eax 0x004022fb: movl %ebx,0xfffff7dc(%ebp) 0x00402301: call *0x41c060 -> 0x7b45e3d0 CreateDirectoryW [/home/obfuscated/wine-git/dlls/kernel32/path.c:1529] in kernel32 0x00402307: movl 0x0041c0ec,%esi 0x0040230d: testl %eax,%eax 0x0040230f: jnz 0x0040232d 0x00402311: call *%esi 0x00402313: cmpl $183,%eax 0x00402318: jz 0x0040232d 0x0040231a: pushl 0xfffff7e4(%ebp) 0x00402320: call *0x41c064 -> 0x7b446f60 LocalFree [/home/obfuscated/wine-git/dlls/kernel32/heap.c:1022] in kernel32 0x00402326: call *%esi 0x00402328: jmp 0x0040246f 0x0040232d: pushl 0xfffff7e4(%ebp) 0x00402333: call *0x41c064 -> 0x7b446f60 LocalFree [/home/obfuscated/wine-git/dlls/kernel32/heap.c:1022] in kernel32

At least, three issues are there:

1. It doesn't verify ConvertStringSecurityDescriptorToSecurityDescriptor's return value. There is no "test %eax, %eax" code after the call. On Windows 7, the call always fails because 'AC' isn't known SID string.

2. The next CreateDirectory call uses invalid SECURITY_DESCRIPTOR (SD) pointer (=0xfffff7d4(%ebp)) instead of obtained SD pointer (=0xfffff7e4(%ebp)) in the previous call.

3. On Windows 7, SD pointer isn't valid due to previous call failure. Even so, it calls LocalFree to release memories.