[Bug 36521] Star Wars rebellion update 1.01 crashes on start (quoted process command line only created with special 'My Documents' folder)

24 May 2014


      https://bugs.winehq.org/show_bug.cgi?id=36521
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |download
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://swrebellion.com/down
                   |                            |loads/modules.php?name=Down
                   |                            |loads&d_op=viewdownloaddeta
                   |                            |ils&lid=41&ttitle=1.01_Upda
                   |                            |te_for_Rebellion
                 CC|                            |focht@gmx.net
            Summary|Star Wars rebellion update  |Star Wars rebellion update
                   |1.01 crashes on start       |1.01 crashes on start
                   |                            |(quoted process command
                   |                            |line only created with
                   |                            |special 'My Documents'
                   |                            |folder)
     Ever confirmed|0                           |1
--- Comment #1 from Anastasius Focht focht@gmx.net ---
Hello folks,
confirming.
The installer expects a double quoted command line.
It calls GetCommandLineA(), skips the first character and copies up to 0x104
characters to a stack-based buffer.
It then continues to search the stack-based buffer for the closing
double-quote.
The search just overruns stack top (increment), landing in unmapped area,
causing the fault.
--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine rsupd101.exe >>log.txt 2>&1
...
0023:Call KERNEL32.GetCommandLineA() ret=00401846
0023:Ret  KERNEL32.GetCommandLineA() retval=0012b560 ret=00401846
0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x401868 ip=00401868
tid=0023
0023:trace:seh:raise_exception  info[0]=00000000
0023:trace:seh:raise_exception  info[1]=00340000
0023:trace:seh:raise_exception  eax=00000374 ebx=7b8bb000 ecx=00000000
edx=00000000 esi=0012b584 edi=00000000
0023:trace:seh:raise_exception  ebp=0033fe20 esp=0033fc84 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010297
0023:trace:seh:call_stack_handlers calling handler at 0x40bf4b code=c0000005
flags=0
0023:trace:seh:call_stack_handlers handler at 0x40bf4b returned 1
0023:trace:seh:call_stack_handlers calling handler at 0x409ab8 code=c0000005
flags=0
0023:Call KERNEL32.UnhandledExceptionFilter(0033f760) ret=0040900a
wine: Unhandled page fault on read access to 0x00340000 at address 0x401868
...
Unhandled exception: page fault on read access to 0x00340000 in 32-bit code
(0x00401868).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:00401868 ESP:0033fc84 EBP:0033fe20 EFLAGS:00010297(  R- --  I S -A-P-C)
 EAX:00000374 EBX:7b8bb000 ECX:00000000 EDX:00000000
 ESI:0012b584 EDI:00000000
Stack dump:
0x0033fc84:  0012b584 0040c140 6f685c3a 665c656d
0x0033fc94:  7468636f 776f445c 616f6c6e 725c7364
0x0033fca4:  64707573 2e313031 00657865 00000000
0x0033fcb4:  00000000 00000000 00000000 00000000
0x0033fcc4:  00000000 00000000 00000000 00000000
0x0033fcd4:  00000000 00000000 00000000 00000000
000c: sel=0067 base=00000000 limit=00000000 16-bit --x
Backtrace:
=>0 0x00401868 in rsupd101 (+0x1868) (0x0033fe20)
  1 0x7b864208 call_process_entry+0xb() in kernel32 (0x0033fe38)
...
0x00401868: movb    0x8(%esp,%eax,1),%cl
Modules:
Module    Address            Debug info    Name (29 modules)
PE      400000-  414000    Export          rsupd101
...
Threads:
process  tid      prio (all id:s are in hex)
...
00000022 (D) Z:\home\focht\Downloads\rsupd101.exe
    00000023    0 <== 
--- snip ---
In Windows, applications always get a quoted command line when being started
through shell/explorer (ShellExecuteEx).
Wine's Shell/Explorer should do the same - unfortunately it depends on where
you start the executable (double click).
This works: 'wine explorer' -> 'My Documents' -> navigate to folder where the
executable is saved and double click.
This doesn't work: 'wine explorer' -> 'My Computer' -> 'Z:' ... -> navigate to
folder where the executable is saved and double click (installer crashes).
A short debugging sessions shows the behaviour.
NOTE: 'My Documents' symlink doesn't exist on my machine hence $HOME is
substituted.
--- snip ---
$ winedbg "C:\users\focht\My Documents\Downloads\rsupd101.exe"
Wine-dbg>b GetCommandLineA
...
Wine-dbg>p cmdlineA
""C:\users\focht\My Documents\Downloads\rsupd101.exe" "
<starts fine>
--- snip ---
--- snip ---
$ winedbg "z:\home\focht\Downloads\rsupd101.exe"
Wine-dbg>b GetCommandLineA
...
Wine-dbg>p cmdlineA
"z:\home\focht\Downloads\rsupd101.exe "
<crash>
--- snip ---
As current workaround you need to use the special folder trick which creates
the quoted command line.
$ sha1sum rsupd101.exe 
7ae576e99c8b623032e5ab96f384ad354d0e4230  rsupd101.exe
$ du -sh rsupd101.exe 
1.2M    rsupd101.exe
$ wine --version
wine-1.7.19-56-gee13e10
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 36521] Star Wars rebellion update 1.01 crashes on start (quoted process command line only created with special 'My Documents' folder)