[Bug 46906] New: SIMATIC WinCC V15.1 Runtime installer: SeCon tool ' SeCon_Win32.exe' crashes due to hnetcfg 'INetFwRules::get__NewEnum' not initializing out parameter
https://bugs.winehq.org/show_bug.cgi?id=46906
Bug ID: 46906 Summary: SIMATIC WinCC V15.1 Runtime installer: SeCon tool 'SeCon_Win32.exe' crashes due to hnetcfg 'INetFwRules::get__NewEnum' not initializing out parameter Product: Wine Version: 4.4 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: hnetcfg Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x00417194). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:00417194 ESP:0032fa08 EBP:0032fa7c EFLAGS:00010206( R- -- I - -P- ) EAX:00750000 EBX:00000000 ECX:00000000 EDX:0032fa54 ESI:00000000 EDI:0032fb54 ... Backtrace: =>0 0x00417194 EntryPoint+0xffffffff() in secon_win32 (0x0032fa7c) 1 0x00412400 EntryPoint+0xffffffff() in secon_win32 (0x0032fb10) 2 0x0040a394 EntryPoint+0xffffffff() in secon_win32 (0x0032fbf4) 3 0x00401b8b EntryPoint+0xffffffff() in secon_win32 (0x0032fdf4) 4 0x004013f4 EntryPoint+0xffffffff() in secon_win32 (0x0032fe68) 5 0x0056e9ce EntryPoint+0xffffffff() in secon_win32 (0x0032feb0) 6 0x7b472c56 call_process_entry+0x11() in kernel32 (0x0032fec8) 7 0x7b472d8f start_process+0x12c() [/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1256] in kernel32 (0x0032ffd8) 8 0x7b472c62 start_process_wrapper+0x9() in kernel32 (0x0032ffec) 0x00417194 EntryPoint+0xffffffff in secon_win32: movl 0x0(%ecx),%eax Modules: Module Address Debug info Name (133 modules) PE 400000- 639000 Export secon_win32 ELF 7b2fe000-7b330000 Deferred hnetcfg<elf> -PE 7b310000-7b330000 \ hnetcfg ... ELF f7f01000-f7f02000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000135 (D) C:\Program Files (x86)\Common Files\Siemens\SeCon\SeCon_Win32.exe 00000136 0 <== --- snip ---
Application/installer log file:
--- snip--- ... 13:14:53|.... |Controller::ShowForm() |(01) Show dialog: SeCon 13:14:53|.... |Controller::ShowForm() |(01) 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Running on 64-bit platform... 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) SetupUnit DOES NOT support 64-bit platform, so 32-bit EXE will be used for secutiry settings: SeCon_Win32.exe 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Local cached SeCon found: C:\Program Files (x86)\Common Files\Siemens\Secon\SeCon_Win32.exe 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) (FileVersion: 205.101.101.02_00.00.00.00) 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Bundle SeCon found: Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED V15.1\InstData\Resources\Secon\SeCon_Win32.exe 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) (FileVersion: 205.101.101.02_00.00.00.00) 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) (Local Version: 205.101.101.02_00.00.00.00) >= (Bundle Version: 205.101.101.02_00.00.00.00) 13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Most current Secon will be used: C:\Program Files (x86)\Common Files\Siemens\Secon\SeCon_Win32.exe 13:14:53| |ecurityEnvironment::CreateSeconRtfFile()| 13:14:53| |ecurityEnvironment::CreateSeconRtfFile()|(01) START creating SeconRtfFile 13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01) Creating Secon-OPFILE... 13:14:53|... |SeconOpFile::WriteFile() |(01) Deleting existing INI-file: C:\users\focht\Temp\SeconOpFile.ini 13:14:53|... |SeconOpFile::WriteFile() |(01) Writing the INI-file down: C:\users\focht\Temp\SeconOpFile.ini 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) [GENERAL] 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) SessionID=SIA_20190325131258 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) ResourcePath=Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED V15.1\InstData\Resources\SeCon\ 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) SetupLanguage=1033 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) InstallationMoment=0 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) LogfilePath=C:\ProgramData\Siemens\Automation\Logfiles\Setup 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) SaveCurrentFirewall=OFF 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) [PRODUCT1] 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) UpgradeCode={EC72939E-3D31-4BA7-B5D4-CF6B4C3DFB09} 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) InstallDir=C:\Program Files (x86)\SIEMENS\AUDIT Viewer 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) SecurityXML1=Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED V15.1\InstData\AuditViewer\Media\Resources\secon_auditviewer.xml 13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) 13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01) Calling ReturnFeatures() with OPFILE: C:\users\focht\Temp\SeconOpFile.ini 13:14:53|INFO1 |SeconExe::CallFunction() |(01) CallFunction - Called: ReturnFeatures arg1=C:\users\focht\Temp\SeconOpFile.ini arg2= timeout=0 13:14:53|INFO1 |SeconExe::CallFunction() |(01) CallFunction - ReturnFeatures return value: 10 13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01) ReturnFeatures() returned: 10 ... --- snip ---
Adding +relay "magically" prevents the crash.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/Common Files/Siemens/SeCon
$ WINEDEBUG=+seh,+relay,+hnetcfg wine ./SeCon_Win32.exe ReturnFeatures "C:\users\focht\Temp\SeconOpFile.ini" >>log.txt 2>&1 ... --- snip ---
The reason is stupid application code:
--- snip --- 00417172 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C] 00417175 8B08 MOV ECX,DWORD PTR DS:[EAX] 00417177 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30] ; uninit stack var! 0041717A 52 PUSH EDX 0041717B 50 PUSH EAX 0041717C 8B41 2C MOV EAX,DWORD PTR DS:[ECX+2C] 0041717F FFD0 CALL EAX ; netfw_rules_get__NewEnum 00417181 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] ; garbage out param 00417184 3BC3 CMP EAX,EBX 00417186 74 12 JE SHORT SeCon_Wi.0041719A 00417188 8B08 MOV ECX,DWORD PTR DS:[EAX] 0041718A 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] 0041718D 52 PUSH EDX 0041718E 68 C8D95E00 PUSH SeCon_Wi.005ED9C8 00417193 50 PUSH EAX 00417194 8B01 MOV EAX,DWORD PTR DS:[ECX] 00417196 FFD0 CALL EAX --- snip ---
Instead of checking the HRESULT, the app code directly peeks at the out parameter.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/hnetcfg/policy.c#l234
--- snip --- 234 static HRESULT WINAPI netfw_rules_get__NewEnum( 235 INetFwRules *iface, 236 IUnknown **newEnum) 237 { 238 fw_rules *This = impl_from_INetFwRules( iface ); 239 240 FIXME("%p, %p\n", This, newEnum); 241 return E_NOTIMPL; 242 } --- snip ---
Wine should initialize the 'newEnum' out parameter to NULL.
$ sha1sum SIMATIC_WinCC_Runtime_Advanced_V15_1.exe db1f97bb648b62fa1c5d974d7f2bcb6b4a9fd786 SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
$ du -sh SIMATIC_WinCC_Runtime_Advanced_V15_1.exe 1.3G SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
$ wine --version wine-4.4-188-gc988910cae
Regards
https://bugs.winehq.org/show_bug.cgi?id=46906
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dotnet, download, Installer URL| |https://support.industry.si | |emens.com/cs/document/10976 | |1576/simatic-wincc-v15-1-ru | |ntime-(tia-portal)?dti=0&lc | |=en-US
https://bugs.winehq.org/show_bug.cgi?id=46906
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |16803516ef0967b1290bcdac269 | |f4e157af163f1 Status|NEW |RESOLVED
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/16803516ef0967b1290bcdac26... ("hnetcfg: Initialize INetFwRules::get__NewEnum out parameter.").
Thanks Gijs
$ wine --version wine-4.4-295-g829170f3d6
Regards
https://bugs.winehq.org/show_bug.cgi?id=46906
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.5.
https://bugs.winehq.org/show_bug.cgi?id=46906
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.0.x
https://bugs.winehq.org/show_bug.cgi?id=46906
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|4.0.x |---
--- Comment #3 from Michael Stefaniuc mstefani@winehq.org --- Removing the 4.0.x milestone from bug fixes included in 4.0.2.
https://bugs.winehq.org/show_bug.cgi?id=46906
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://support.industry.si |https://archive.org/downloa |emens.com/cs/document/10976 |d/simatic-win-cc-runtime-ad |1576/simatic-wincc-v15-1-ru |vanced-v-15-1/SIMATIC_WinCC |ntime-(tia-portal)?dti=0&lc |_Runtime_Advanced_V15_1.exe |=en-US |
-
wine-bugs@winehq.org -
WineHQ Bugzilla