[Bug 32082] New: CCleaner 3.x installer crashes at the same point (not fully reproducible)
http://bugs.winehq.org/show_bug.cgi?id=32082
Bug #: 32082 Summary: CCleaner 3.x installer crashes at the same point (not fully reproducible) Product: Wine Version: 1.5.15 Platform: x86 URL: http://www.piriform.com/ccleaner/download/standard OS/Version: Linux Status: UNCONFIRMED Keywords: download, regression Severity: normal Priority: P2 Component: shell32 AssignedTo: wine-bugs@winehq.org ReportedBy: gyebro69@gmail.com CC: fgouget@codeweavers.com Classification: Unclassified Regression SHA1: 40b01c1bfc6635775c2a13485d31340062423356
Created attachment 42296 --> http://bugs.winehq.org/attachment.cgi?id=42296 terminal output
ccsetup324.exe md5: 63871c34f72f2f1f2fba4b5397686abb
I came across the problem when attempting to install the freeware version of CCleaner v3.24 in Wine 1.5.16. I downloaded the installer (ccsetup324.exe) in my ~/Desktop directory and launched the installer from that location. I can get past the first couple of screens (language selection, EULA, install options), but Wine crashes before the next page could appear(where the installer offers to also install Google Chrome). What's odd is that the crash happens only when the installer is launched from certain directories in my /home. Such example is ~/Desktop or the root of my /home. Most of the directories in my /home don't trigger the crash and the installer can get past that screen without crashing. I must add that the crashes are consistent: launching the installer from a certain directory always results in the crash.
If I start the installer with WINEDEBUG=warn+heap wine ccsetup324.exe then the crash doesn't happen and the following message is added to the terminal output (just before the problematic screen appears):
err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x123f70 tail overwritten at 0x123fc0 (byte 0/8 == 0x00)
I found that the problem didn't occur with Wine 1.5.14, and reverting the following commit on 1.5.16 resolves the crash: 40b01c1bfc6635775c2a13485d31340062423356 is the first bad commit commit 40b01c1bfc6635775c2a13485d31340062423356 Author: Francois Gouget fgouget@codeweavers.com Date: Tue Oct 9 00:13:48 2012 +0200
shell32: Fix CommandLineToArgvW()'s handling of the executable path and consecutive quotes.
:040000 040000 80681ab2280bbf6961596fa154197351ef701bb8 fec0ca22e484112ceff0aefdff9f7991fc3a12e2 M dlls
Let me know if you need further logs with specific debug channels enabled (in case you can't reproduce the problem)
Fedora 17 gcc version 4.7.2 20120921 (Red Hat 4.7.2-2) (GCC)
http://bugs.winehq.org/show_bug.cgi?id=32082
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Blocks| |24639 Ever Confirmed|0 |1
--- Comment #1 from Austin English austinenglish@gmail.com 2012-10-30 22:05:53 CDT --- The avatar demo installer consistently crashes because of this commit as well.
austin@aw25 ~/oldbugs/24639 $ wine --version wine-1.5.16-84-g1d3f679 austin@aw25 ~/oldbugs/24639 $ sha1sum Avatar_The_Game_Demo.exe 8d8e4c82312962706bd2620406d592db4f0fa9c1 Avatar_The_Game_Demo.exe
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #2 from François Gouget fgouget@codeweavers.com 2012-10-31 05:51:19 CDT --- I ran the CCleaner installer with and without warn+heap but I could not reproduce the crash and did not get heap errors. Could you add the following trace at the start of CommandLineToArgvW():
TRACE("(%s, %p)\n", debugstr_w(lpCmdline), numargs);
And run the installer with +shell. That will tell us what the command line CommandLineToArgvW() parses is and thus why it may get it wrong. (Alternatively you could run it with +relay and fish that information out of the large log).
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #3 from GyB gyebro69@gmail.com 2012-10-31 10:10:51 CDT --- Created attachment 42359 --> http://bugs.winehq.org/attachment.cgi?id=42359 CCleaner +shell log
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #4 from Austin English austinenglish@gmail.com 2012-10-31 12:45:30 CDT --- Created attachment 42360 --> http://bugs.winehq.org/attachment.cgi?id=42360 +shell trace from avatar installer
http://bugs.winehq.org/show_bug.cgi?id=32082
François Gouget fgouget@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|wine-bugs@winehq.org |fgouget@codeweavers.com
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #5 from François Gouget fgouget@codeweavers.com 2012-11-09 09:40:29 CST --- Created attachment 42461 --> http://bugs.winehq.org/attachment.cgi?id=42461 shell32: Fix a buffer overflow in CommandLineToArgvW().
I think the attached patch should fix this. The problem was the final *d='\0' to close the final argument when there are no arguments. Let me know how it goes.
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #6 from GyB gyebro69@gmail.com 2012-11-09 10:14:57 CST --- (In reply to comment #5)
Created attachment 42461 [details] shell32: Fix a buffer overflow in CommandLineToArgvW().
I think the attached patch should fix this. The problem was the final *d='\0' to close the final argument when there are no arguments. Let me know how it goes.
The patch fixes the crash in CCleaner installer.
http://bugs.winehq.org/show_bug.cgi?id=32082
--- Comment #7 from Austin English austinenglish@gmail.com 2012-11-09 13:09:53 CST --- (In reply to comment #5)
Created attachment 42461 [details] shell32: Fix a buffer overflow in CommandLineToArgvW().
I think the attached patch should fix this. The problem was the final *d='\0' to close the final argument when there are no arguments. Let me know how it goes.
Works for Avatar's demo as well.
http://bugs.winehq.org/show_bug.cgi?id=32082
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |3b6b2107e2648b562c7266b17c6 | |6ab263c374c31 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #8 from Austin English austinenglish@gmail.com 2012-11-12 14:43:44 CST --- http://source.winehq.org/git/wine.git/commitdiff/3b6b2107e2648b562c7266b17c6...
http://bugs.winehq.org/show_bug.cgi?id=32082
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org 2012-11-23 14:30:55 CST --- Closing bugs fixed in 1 5.18.
-
wine-bugs@winehq.org