https://bugs.winehq.org/show_bug.cgi?id=37793
Bug ID: 37793 Summary: crash FO3launcher.exe wine 1.7 Product: Wine Version: 1.7.18 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: laborde_stephane@yahoo.fr Distribution: ---
Created attachment 50337 --> https://bugs.winehq.org/attachment.cgi?id=50337 crash FO3launcher.exe
Installed OK : FIFA online 3 (FO3 installer) : http://fo3.garena.com/download/installer
When launching fo3launcher.exe it crashes whit report attached bellow.
https://bugs.winehq.org/show_bug.cgi?id=37793
laborde_stephane@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |laborde_stephane@yahoo.fr
https://bugs.winehq.org/show_bug.cgi?id=37793
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |NEW URL| |http://dl.garenanow.com/gam | |es/fo3/installer/fo3Install | |er.exe CC| |focht@gmx.net Component|-unknown |wineserver Summary|crash FO3launcher.exe wine |FIFA Online 3 launcher |1.7 |crashes on startup | |('SEC_RESERVE' attribute | |has no effect for file | |mapping objects that are | |backed by physical files) Ever confirmed|0 |1
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/GarenaFO3
$ WINEDEBUG=+tid,+seh,+relay wine ./FO3Launcher.exe >>log.txt 2>&1 ... 0060:Call KERNEL32.GetModuleFileNameW(00000000,0033d574,00000103) ret=004010bc 0060:Ret KERNEL32.GetModuleFileNameW() retval=0000002a ret=004010bc 0060:Call KERNEL32.CreateFileW(0033d574 L"C:\Program Files\GarenaFO3\FO3Launcher.exe",80000000,00000001,00000000,00000003,00000080,00000000) ret=00401abe 0060:Ret KERNEL32.CreateFileW() retval=00000048 ret=00401abe 0060:Call KERNEL32.GetFileSize(00000048,00000000) ret=00401ada 0060:Ret KERNEL32.GetFileSize() retval=00162930 ret=00401ada 0060:Call KERNEL32.CreateFileMappingA(00000048,00000000,04000002,00000000,00000000,00000000) ret=00401afa 0060:Ret KERNEL32.CreateFileMappingA() retval=00000000 ret=00401afa 0060:trace:seh:raise_exception code=c0000005 flags=0 addr=0x401c17 ip=00401c17 tid=0060 0060:trace:seh:raise_exception info[0]=00000000 0060:trace:seh:raise_exception info[1]=00005000 0060:trace:seh:raise_exception eax=0033d35c ebx=00005000 ecx=00000000 edx=00005000 esi=ffcc7ca4 edi=00000006 0060:trace:seh:raise_exception ebp=0033d35c esp=0033d310 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010293 0060:trace:seh:call_stack_handlers calling handler at 0x404940 code=c0000005 flags=0 ... Unhandled exception: page fault on read access to 0x00005000 in 32-bit code (0x00401c17). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:00401c17 ESP:0033d310 EBP:0033d35c EFLAGS:00010293( R- -- I S -A- -C) EAX:0033d35c EBX:00005000 ECX:00000000 EDX:00005000 ESI:ffcc7ca4 EDI:00000006 ... Backtrace: =>0 0x00401c17 in fo3launcher (+0x1c17) (0x0033d35c) 0x00401c17: movb 0x0(%esi,%eax,1),%dl Modules: Module Address Debug info Name (43 modules) PE 400000- 561000 Export fo3launcher ... Threads: process tid prio (all id:s are in hex) ... 0000005f (D) C:\Program Files\GarenaFO3\FO3Launcher.exe 00000060 0 <== --- snip ---
The app specifies 'SEC_RESERVE | PAGE_READONLY' in page protection (uncommitted read-only range) when asking to create the file mapping/section object for the executable image.
Wineserver rejects this on file backed objects: 'VPROT_COMMITTED' omitted -> 'INVALID_PARAMETER'.
Source: http://source.winehq.org/git/wine.git/blob/e8eb781327457b39c3578f8f651671499...
--- snip --- 469 static struct object *create_mapping( struct directory *root, const struct unicode_str *name, 470 unsigned int attr, mem_size_t size, int protect, 471 obj_handle_t handle, const struct security_descriptor *sd ) 472 { ... 497 if (protect & VPROT_READ) access |= FILE_READ_DATA; 498 if (protect & VPROT_WRITE) access |= FILE_WRITE_DATA; 499 500 if (handle) 501 { 502 const unsigned int sharing = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; 503 unsigned int mapping_access = FILE_MAPPING_ACCESS; 504 505 if (!(protect & VPROT_COMMITTED)) 506 { 507 set_error( STATUS_INVALID_PARAMETER ); 508 goto error; 509 } ... --- snip ---
Passing 'SEC_RESERVE' on file-backed objects should be allowed, MSDN states this has no effect though:
http://msdn.microsoft.com/en-us/library/windows/hardware/aa366537%28v=vs.85%...
--- quote --- SEC_RESERVE 0x4000000
...
This attribute has no effect for file mapping objects that are backed by executable image files or data files (the hfile parameter is a handle to a file).
... --- quote ---
Relevant part of app code showing it's hard-coded:
--- snip --- ... 00401AD1 6A 00 PUSH 0 00401AD3 50 PUSH EAX 00401AD4 FF15 14D05400 CALL DWORD PTR DS:[<&KERNEL32.GetFileSize>] 00401ADA 8B8E 00020000 MOV ECX,DWORD PTR DS:[ESI+200] 00401AE0 6A 00 PUSH 0 00401AE2 6A 00 PUSH 0 00401AE4 6A 00 PUSH 0 00401AE6 68 02000004 PUSH 4000002 00401AEB 6A 00 PUSH 0 00401AED 51 PUSH ECX 00401AEE 8986 0C020000 MOV DWORD PTR DS:[ESI+20C],EAX 00401AF4 FF15 18D05400 CALL DWORD PTR DS:[<&KERNEL32.CreateFileMapping> 00401AFA 85C0 TEST EAX,EAX 00401AFC 8986 04020000 MOV DWORD PTR DS:[ESI+204],EAX 00401B02 74 15 JE SHORT FO3Launc.00401B19 00401B04 6A 00 PUSH 0 00401B06 6A 00 PUSH 0 00401B08 6A 00 PUSH 0 00401B0A 6A 04 PUSH 4 00401B0C 50 PUSH EAX 00401B0D FF15 1CD05400 CALL DWORD PTR DS:[<&KERNEL32.MapViewOfFile> 00401B13 8986 08020000 MOV DWORD PTR DS:[ESI+208],EAX 00401B19 B8 01000000 MOV EAX,1 00401B1E 5E POP ESI 00401B1F C3 RETN ... --- snip ---
The following 'MapViewOfFile' ensures that 'VPROT_COMMITTED' is included when the file object is mapped into memory.
$ sha1sum * 90447d8669d467434c563aa7a41dd0cbf2597086 fo3Installer.exe 01e4c1c5fe7a8a4dc4348b3ac85ad2ebe466e2a5 Garena_FO3_Full_Installer_20141101.1.dat a532c0668623bd8d0a07e705cf319c1eb3185c13 Garena_FO3_Full_Installer_20141101.2.dat 59c1abb556e3aea646bd5191c65ce35042777404 Garena_FO3_Full_Installer_20141101.exe
$ du -sh * 2.8M fo3Installer.exe 2.0G Garena_FO3_Full_Installer_20141101.1.dat 1.4G Garena_FO3_Full_Installer_20141101.2.dat 876K Garena_FO3_Full_Installer_20141101.exe
$ wine --version wine-1.7.33-84-gfecbc88
Regards
https://bugs.winehq.org/show_bug.cgi?id=37793
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #2 from super_man@post.com --- No change 1.7.52
https://bugs.winehq.org/show_bug.cgi?id=37793
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #3 from joaopa jeremielapuree@yahoo.fr --- Does the bug still occur with wine-4.2?
https://bugs.winehq.org/show_bug.cgi?id=37793
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |e5c39a565a4f1ff7db2f228253d | |43aa397dd3e2a Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
this was fixed by commit https://source.winehq.org/git/wine.git/commitdiff/e5c39a565a4f1ff7db2f228253... ("server: Enforce valid flags for file mappings."), part of Wine 2.17
Reduced test case for reproduce (payloads for original installer are 404).
--- snip --- /* x86_64-w64-mingw32-gcc bug37793.c -o bug37793.exe */ #include <windows.h> #include <stdio.h>
int main(void) { char szPath[MAX_PATH]; HANDLE hFile, hMapping;
GetModuleFileName(NULL, szPath, MAX_PATH); hFile = CreateFile(szPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); hMapping = CreateFileMapping(hFile, NULL, SEC_RESERVE | PAGE_READONLY, 0, 0, 0); if(!hMapping) { printf("Couldn't map file: 0x%x\n", GetLastError()); return -1; } printf("success!\n"); return 0; } --- snip ---
$ wine --version wine-4.21-138-g7ca1c4900e
Regards
https://bugs.winehq.org/show_bug.cgi?id=37793
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.0-rc1.
-
wine-bugs@winehq.org -
WineHQ Bugzilla