http://bugs.winehq.org/show_bug.cgi?id=31276
Bug #: 31276 Summary: Total Commander 8.0 64-bit installer crashes during cabinet extraction (wrong FCI/FDI structure packing for Win64) Product: Wine Version: 1.5.9 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello,
when bug 30329 is fixed (fix to buggy app installer should be preferred over Wine) the installer runs into another crash.
The crash is mentioned in this TC thread: http://ghisler.ch/board/viewtopic.php?p=252389
Trace log doesn't give much useful info because the crash happens within app supplied FDI notification callback.
Debugging session:
--- snip --- ... Wine-dbg>si 0x00007f76ded7fc60 FDICopy+0xda5 [/home/focht/projects/wine/wine-git/dlls/cabinet/fdi.c:2697] in cabinet: movq 0x0000000000000030(%rbp),%r8 2697 if ((filehf = ((*pfnfdin)(fdintCOPY_FILE, &fdin))) == -1) {
Wine-dbg>si 0x00007f76ded7fc64 FDICopy+0xda9 [/home/focht/projects/wine/wine-git/dlls/cabinet/fdi.c:2697] in cabinet: movq %rax,%rdx 2697 if ((filehf = ((*pfnfdin)(fdintCOPY_FILE, &fdin))) == -1) {
Wine-dbg>si 0x00007f76ded7fc67 FDICopy+0xdac [/home/focht/projects/wine/wine-git/dlls/cabinet/fdi.c:2697] in cabinet: movl $0x2,%rcx 2697 if ((filehf = ((*pfnfdin)(fdintCOPY_FILE, &fdin))) == -1) {
Wine-dbg>si 0x00007f76ded7fc6c FDICopy+0xdb1 [/home/focht/projects/wine/wine-git/dlls/cabinet/fdi.c:2697] in cabinet: calll *%r8d 2697 if ((filehf = ((*pfnfdin)(fdintCOPY_FILE, &fdin))) == -1) {
Wine-dbg>info reg Register dump: rip:00007f76ded7fc6c rsp:000000000023df40 rbp:000000000023e2e0 eflags:00000302 ( - -- IT - - - ) rax:000000000023e0e0 rbx:0000000000241160 rcx:0000000000000002 rdx:000000000023e0e0 rsi:000000014000910c rdi:000000000023e118 r8:0000000140009170 r9:0000000000000000 r10:0000000000000008 r11:0000000000000246 r12:000000000023e810 r13:0000000000000000 r14:0000000140022b80 r15:0000000000000103
Wine-dbg>p fdin {cb=0xc7a, psz1="e\REGISTER.RTF", psz2=0x0(nil), psz3=0x0(nil), pv=0x0(nil), hf=0, date=0x40ed, time=0x4020, attribs=0, setID=0, iCabinet=0, iFolder=0, fdie=FDIERROR_NONE}
Wine-dbg>x/20x $rdx 0x000000000023e0e0: 00000c7a 00241230 00000000 00000000 0x000000000023e0f0: 00000000 00000000 00000000 00000000 0x000000000023e100: 00000000 00000000 00000000 402040ed 0x000000000023e110: 00000000 00000000 00000000 00000000 0x000000000023e120: 003c30bc 004d0001 00008ace 00000000
...
Wine-dbg>si 0x0000000140009265: movq 0x0000000000000008(%rdi),%rbx
Wine-dbg>si Unhandled exception: page fault on read access to 0x00000000 in 64-bit code (0x0000000140009269). Register dump: rip:0000000140009269 rsp:000000000023d7a0 rbp:000000000023e2e0 eflags:00010346 ( R- -- IT Z- -P- ) rax:000000000023d7f0 rbx:0000000000000000 rcx:fffffffec021b9f0 rdx:0000000140021e0c rsi:0000000000000000 rdi:000000000023e0e0 r8:0000000140009170 r9:8101010101010100 r10:81010100f8f8fefe r11:000000000023d7f0 r12:000000000023e810 r13:0000000000000000 r14:0000000140022b80 r15:0000000000000103 Stack dump: 0x000000000023d7a0: 000100020000003c 000000000023d170 0x000000000023d7b0: 000000000023d170 000000000023d0d0 0x000000000023d7c0: 000000000023d0d0 000000000023d0e0 0x000000000023d7d0: 000000000023d0e0 0000000000241160 0x000000000023d7e0: 000000000023d8e0 00007f76e66c281f 0x000000000023d7f0: 6c61746f745c3a63 00007f005c646d63 0x000000000023d800: 000000000023d900 00007f76e66c281f 0x000000000023d810: 000000000023dc24 000000010023dc28 0x000000000023d820: 000000000023d920 000000000023ddf0 0x000000000023d830: 000000000023d930 000000000023de00 0x000000000023d840: 000000000023d940 000000000023de10 0x000000000023d850: 0000000000000000 0000000000000000 Backtrace: =>0 0x0000000140009269 in install (+0x9269) (0x000000000023e2e0) 1 0x00007f76ded7fc6f FDICopy+0xdb3(hfdi=0x241160, pszCabinet="install.cab", pszCabPath="Z:\home\focht\Downloads\wc", flags=0, pfnfdin=0x140009170, pfnfdid=(nil), pvUser=0x0(nil)) [/home/focht/projects/wine/wine-git/dlls/cabinet/fdi.c:2697] in cabinet (0x000000000023e2e0) 2 0x000000014000985b in install (+0x985a) (0x000000000023e5e0) 3 0x0000000140007036 in install (+0x7035) (0x0000000140019784) 4 0x0000000140007fab in install (+0x7faa) (0x000000000023f7f0) ... 0x0000000140009269: cmpb $0x5c,(%rbx)
--- snip ---
It seems the app notification callback code tries to access fdin.psz1 member at wrong offset (+8).
The FDINOTIFICATION structure:
http://source.winehq.org/git/wine.git/blob/4ed257665ccb1e78efcff70306499cd7d...
--- snip --- ... 28 #include <pshpack4.h> ... 228 typedef struct { 229 LONG cb; 230 char *psz1; 231 char *psz2; 232 char *psz3; /* Points to a 256 character buffer */ 233 void *pv; /* Value for client */ 234 235 INT_PTR hf; 236 237 USHORT date; 238 USHORT time; 239 USHORT attribs; 240 241 USHORT setID; /* Cabinet set ID */ 242 USHORT iCabinet; /* Cabinet number (0-based) */ 243 USHORT iFolder; /* Folder number (0-based) */ 244 245 FDIERROR fdie; 246 } FDINOTIFICATION, *PFDINOTIFICATION; --- snip ---
Looking for other 64-bit apps using cabinet API I found this:
http://www.codeproject.com/Articles/15397/Cabinet-File-CAB-Compression-and-E...
The 32-bit version works ok. The 64-bit version (Cabinet_x64.exe) exhibits same behaviour, FDINOTIFICATION psz1 structure member is accessed with wrong offset (+8).
It seems for Win64 the explicit structure packing directives are no longer applicable and compiler/platform defaults are used (applies for both, fdi.h and fci.h header). This allows the installer to succeed.
Regards