[Bug 26235] Pioneer DJs 1.6 hangs on startup (SetupDiEnumDeviceInterfaces needs to retain DeviceInterfaceData->cbSize upon reset)

https://bugs.winehq.org/show_bug.cgi?id=26235

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |setupapi Summary|Pioneer DJs: page fault on |Pioneer DJs 1.6 hangs on |read access in MFC71.dll |startup | |(SetupDiEnumDeviceInterface | |s needs to retain | |DeviceInterfaceData->cbSize | |upon reset) Ever confirmed|0 |1 Regression SHA1| |53b287530961beaaae89bd063bc | |0d63ef41036ff

--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming comment #2 - the app hangs on startup.

Trace log yields the following:

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Pioneer/DJS 1.0/DJS

$ WINEDEBUG=+tid,+seh,+relay,+setupapi wine ./DJS10.exe >>log.txt 2>&1 ... 0024:Call PE DLL (proc=0x343b69,module=0x340000 L"MMPCOM.dll",reason=PROCESS_ATTACH,res=0x1) ... 0024:Ret PE DLL (proc=0x7e4eb1e0,module=0x7e4e0000 L"hid.dll",reason=PROCESS_ATTACH,res=0x1) retval=1 0024:Call PE DLL (proc=0x3537fe,module=0x350000 L"hidcom.dll",reason=PROCESS_ATTACH,res=0x1) ... 0024:Call KERNEL32.CreateFileA(0033e644 "\\.\MMPCdc0",c0000000,00000003,00000000,00000003,00000000,00000000) ret=003410b8 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=003410b8 0024:Call KERNEL32.CreateFileA(0033e644 "\\.\MMPCdc1",c0000000,00000003,00000000,00000003,00000000,00000000) ret=003410b8 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=003410b8 ... 0024:Call setupapi.SetupDiGetClassDevsA(0033e5ec,00000000,00000000,00000012) ret=0035195b 0024:trace:setupapi:SetupDiGetClassDevsExW {4d1e55b2-f16f-11cf-88cb-001111000030} (null) (nil) 0x00000012 (nil) (null) (nil) 0024:warn:setupapi:SetupDiGetClassDevsExW unsupported flags 00000002 0024:trace:setupapi:SetupDiCreateDeviceInfoListExW {4d1e55b2-f16f-11cf-88cb-001111000030} (nil) (null) (nil) 0024:Call ntdll.RtlAllocateHeap(00110000,00000000,00000024) ret=7ea40a47 0024:Ret ntdll.RtlAllocateHeap() retval=001ca2e0 ret=7ea40a47 0024:Call advapi32.RegOpenKeyExW(80000002,7ea6b460 L"System\CurrentControlSet\Control\DeviceClasses",00000000,00020019,0033e364) ret=7ea4618e 0024:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=7ea4618e 0024:trace:setupapi:SETUPDI_EnumerateInterfaces 0x1ca2e0, {4d1e55b2-f16f-11cf-88cb-001111000030}, (null), 00000012 0024:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ea424ff 0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea424ff 0024:Ret setupapi.SetupDiGetClassDevsA() retval=001ca2e0 ret=0035195b 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000000,0033e5d0) ret=00351988 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 0, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351988 0024:Call KERNEL32.GetLastError() ret=00351a25 0024:Ret KERNEL32.GetLastError() retval=00000103 ret=00351a25 0024:Call KERNEL32.LocalAlloc(00000040,00000000) ret=00351513 0024:Ret KERNEL32.LocalAlloc() retval=001c1820 ret=00351513 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000000,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 0, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000001,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 1, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e 0024:Call setupapi.SetupDiEnumDeviceInterfaces(001ca2e0,00000000,0033e5ec,00000002,0033e5d0) ret=00351a7c 0024:trace:setupapi:SetupDiEnumDeviceInterfaces 0x1ca2e0, (nil), {4d1e55b2-f16f-11cf-88cb-001111000030}, 2, 0x33e5d0 0024:Ret setupapi.SetupDiEnumDeviceInterfaces() retval=00000000 ret=00351a7c 0024:Call KERNEL32.GetLastError() ret=00351b2e 0024:Ret KERNEL32.GetLastError() retval=00000057 ret=00351b2e

<endless repeating> --- snip ---

The app searches for HID devices (managed by PnP device manager):

{4D1E55B2-F16F-11CF-88CB-001111000030} -> GUID_DEVINTERFACE_HID

MSDN: http://msdn.microsoft.com/en-us/library/windows/hardware/ff545860%28v=vs.85%...

There is some code in app hidcom.dll that checks for:

vid = 08E4 (Pioneer) pid = [0140,0141,0143]

Before coming to that part it enumerates devices using following code (reduced snippet just to show the problem):

--- snip --- ... 00351A67 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30] 00351A6A 50 PUSH EAX 00351A6B FF75 C4 PUSH DWORD PTR SS:[EBP-3C] 00351A6E 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] 00351A71 50 PUSH EAX 00351A72 53 PUSH EBX 00351A73 FF75 CC PUSH DWORD PTR SS:[EBP-34] 00351A76 FF15 D4103500 CALL DWORD PTR SETUPAPI.SetupDiEnumDeviceInterfaces 00351A7C 85C0 TEST EAX,EAX 00351A7E 0F84 A4000000 JE hidcom.00351B28 ... 00351B28 FF15 B0103500 CALL DWORD PTR DS:[<&KERNEL32.GetLastError>] 00351B2E 3D 03010000 CMP EAX,103 ; ERROR_NO_MORE_ITEMS 00351B33 74 30 JE SHORT hidcom.00351B65 00351B35 FF45 C4 INC DWORD PTR SS:[EBP-3C] 00351B38 E9 2AFFFFFF JMP hidcom.00351A67 --- snip ---

Poor error handling on app side and some Wine oversight results in endless looping here.

In first call to SetupDiEnumDeviceInterfaces( member index = 0), Wine resets DeviceInterfaceData (user supplied buffer) and returns ERROR_NO_MORE_ITEMS.

Source:

http://source.winehq.org/git/wine.git/blob/9c76ccfda124ca471b3de4d8a04aed1e1...

--- snip --- 2770 BOOL WINAPI SetupDiEnumDeviceInterfaces(HDEVINFO DeviceInfoSet, PSP_DEVINFO_DATA DeviceInfoData, 2771 const GUID *InterfaceClassGuid, DWORD MemberIndex, 2772 PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData) 2773 { ... 2792 if (!DeviceInterfaceData || 2793 DeviceInterfaceData->cbSize != sizeof(SP_DEVICE_INTERFACE_DATA)) 2794 { 2795 SetLastError(ERROR_INVALID_PARAMETER); 2796 return FALSE; 2797 } 2798 /* In case application fails to check return value, clear output */ 2799 memset(DeviceInterfaceData, 0, sizeof(*DeviceInterfaceData)); 2800 if (DeviceInfoData) ... --- snip ---

In the second call which ought to restart it (member index = 0), the app still passes the _same_ buffer:

--- snip --- p *DeviceInterfaceData {cbSize=0, InterfaceClassGuid={Data1=0, Data2=0, Data3=0, Data4=""}, Flags=0, Reserved=0} --- snip ---

That of course doesn't work because 'DeviceInterfaceData->cbSize' member is now zero due to previous 'reset' by Wine code.

Just from reading the code this looks like a regression if it worked earlier (initial report by OP):

http://source.winehq.org/git/wine.git/commitdiff/53b287530961beaaae89bd063bc...

If you fix that -> DeviceInterfaceData->cbSize = sizeof(SP_DEVICE_INTERFACE_DATA) the app starts fine and the even the initial problem is gone. I imported some mp3 files without crash.

$ sha1sum instdjs1601tr_en.exe fb31a1caba42c56d19ef09713cdefe12ba9c126a instdjs1601tr_en.exe

$ du -sh instdjs1601tr_en.exe 54M instdjs1601tr_en.exe

$ wine --version wine-1.7.14

Regards