http://bugs.winehq.org/show_bug.cgi?id=27033
Summary: crash while installing usb-over-network-client.msi Product: Wine Version: 1.3.19 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: fracting@gmail.com
A free demo can be downloaded from http://www.usb-over-network.com/ $ wget http://www.usb-over-network.com/usb-over-network-client.msi
Install: $ msiexec /i usb-over-network-client.msi
Then crash.
fixme:storage:create_storagefile Storage share mode not implemented. fracting@desk:~/Wine/usb/usbip$ fixme:storage:create_storagefile Storage share mode not implemented. fixme:msi:ControlEvent_SpawnWaitDialog Doing Nothing fixme:msi:ACTION_CustomAction Deferring rollback only action fixme:msi:ACTION_CustomAction Deferring rollback only action err:setupapi:detect_compression_type cannot open file L"C:\windows\Driver Cache\i386\driver.cab" err:setupapi:get_file_size cannot open file L"C:\windows\Driver Cache\i386\driver.cab" expand.exe: can't open input file C:\windows\Driver Cache\i386\driver.cab wine: Unhandled page fault on read access to 0x00000007 at address 0x686ccf98 (thread 0033), starting debugger...
There is no other output after "starting debugger..."
http://bugs.winehq.org/show_bug.cgi?id=27033
fracting fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.usb-over-network | |.com/usb-over-network-clien | |t.msi
http://bugs.winehq.org/show_bug.cgi?id=27033
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adys.wh@gmail.com
--- Comment #1 from Jerome Leclanche adys.wh@gmail.com 2011-05-04 04:57:20 CDT --- Doesn't crash here but halts prematurely. I'm on amd64 though and I see a lot of _BrowseProperty / CustomDlgLocation like in attachment 27415 from bug 22398 so might be another bug.
adys@azura:~/downloads$ WINEPREFIX=~/tmp2 msiexec /i usb-over-network-client.msi fixme:storage:create_storagefile Storage share mode not implemented. adys@azura:~/downloads$ fixme:storage:create_storagefile Storage share mode not implemented. fixme:msi:ControlEvent_SpawnWaitDialog Doing Nothing err:setupapi:detect_compression_type cannot open file L"C:\windows\Driver Cache\amd64\driver.cab" err:setupapi:get_file_size cannot open file L"C:\windows\Driver Cache\amd64\driver.cab" expand.exe: can't open input file C:\windows\Driver Cache\amd64\driver.cab fixme:msi:ACTION_CustomAction Deferring rollback only action fixme:msi:ACTION_CustomAction Deferring rollback only action wine: cannot find L"C:\windows\system32\ftusbsrvc.exe" err:msi:ITERATE_StartService Failed to start service L"ftusbsrvc" (2) err:msi:ITERATE_Actions Execution halted, action L"StartServices" returned 1627 err:msi:ITERATE_Actions Execution halted, action L"ExecuteAction" returned 1627
http://bugs.winehq.org/show_bug.cgi?id=27033
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |setupapi Ever Confirmed|0 |1
--- Comment #2 from Anastasius Focht focht@gmx.net 2011-05-14 14:20:48 CDT --- Hello,
the installer creates and tries to start "ftusbsrvc" service which crashes. To reproduce without messing the whole WINEPREFIX, set the "Start" DWORD value of the service from "2" to "3" (manual start).
HKLM\System\CurrentControlSet\Services\ftusbsrvc
WINEDEBUG=+tid,+seh,+loaddll,+process,+setupapi wine net start ftusbsrvc
--- snip --- ... The USB over Network (Client) service service is starting. 0015:trace:process:create_process_impl app (null) cmdline L"C:\windows\system32\ftusbsrvc.exe" ... 0015:trace:process:create_process_impl starting L"C:\windows\system32\ftusbsrvc.exe" as Win32 binary (0x400000-0x590000) ... 0015:trace:process:create_process_impl started process pid 0021 tid 0022 ... 0022:trace:setupapi:SetupDiGetClassDevsExW {a93d7ea5-df4c-4f5b-91cf-4ded03ca862d} (null) (nil) 0x00000012 (nil) (null) (nil) 0022:warn:setupapi:SetupDiGetClassDevsExW unsupported flags 00000002 0022:trace:setupapi:SetupDiCreateDeviceInfoListExW {a93d7ea5-df4c-4f5b-91cf-4ded03ca862d} (nil) (null) (nil) 0022:trace:setupapi:SETUPDI_EnumerateInterfaces 0x12f628, {a93d7ea5-df4c-4f5b-91cf-4ded03ca862d}, (null), 00000012 0022:trace:setupapi:SetupDiEnumDeviceInterfaces 0x12f628, (nil), {a93d7ea5-df4c-4f5b-91cf-4ded03ca862d}, 0, 0x33f724 0022:trace:setupapi:SetupDiGetDeviceInterfaceDetailW (0x12f628, 0x33f724, (nil), 0, 0x33f710, (nil)) 0022:trace:seh:raise_exception code=c0000005 flags=0 addr=0x687cbcb1 ip=687cbcb1 tid=0022 0022:trace:seh:raise_exception info[0]=00000000 0022:trace:seh:raise_exception info[1]=45455246 0022:trace:seh:raise_exception eax=45455246 ebx=68802ff4 ecx=00000000 edx=7bcc35a8 esi=0012f628 edi=0033f774 0022:trace:seh:raise_exception ebp=0033f66c esp=0033f65c cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00210206 ... wine: Unhandled page fault on read access to 0x45455246 at address 0x687cbcb1 (thread 0022), starting debugger... ... Backtrace: =>0 0x687cbcb1 lstrlenW+0x15(str=*** invalid address 0x45455246 ***) [/opt/projects/wine/wine-git/include/winbase.h:2268] in setupapi (0x0033f66c) 1 0x687d2b80 SetupDiGetDeviceInterfaceDetailW+0x179(DeviceInfoSet=0x12f628, DeviceInterfaceData=0x33f724, DeviceInterfaceDetailData=(nil), DeviceInterfaceDetailDataSize=0, RequiredSize=0x33f710, DeviceInfoData=(nil)) [/opt/projects/wine/wine-git/dlls/setupapi/devinst.c:3039] in setupapi (0x0033f6dc) 2 0x0040afa8 in ftusbsrvc (+0xafa7) (0x687d2621) 0x687cbcb1 lstrlenW+0x15 [/opt/projects/wine/wine-git/include/winbase.h:2268] in setupapi: movzwl 0x0(%eax),%eax 2268 while (*s) s++; --- snip ---
The problem arises due to bad application code.
Maybe the app developers need to drink more beer to improve code quality (see bug 27162 for possible fix).
The following app code illustrates the problem (I added comments for better understanding):
--- snip --- ... mov edx, [edi+44h] lea ecx, [esp+28h] push ecx ; PSP_DEVICE_INTERFACE_DATA push 0 push ebx push 0 push esi mov dword ptr [esp+3Ch], 1Ch ; sizeof(SP_DEVICE_INTERFACE_DATA) call edx ; setupapi.SetupDiEnumDeviceInterfaces() test eax, eax jnz short label1 call ds:GetLastError ; lack of alcohol caused this label1: mov edx, [edi+48h] push 0 ; PSP_DEVINFO_DATA DeviceInfoData lea eax, [esp+18h] push eax ; PDWORD RequiredSize push 0 push 0 ; PSP_DEVICE_INTERFACE_DETAIL_DATA_W DeviceInterfaceDetailData lea ecx, [esp+38h] push ecx ; PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData push esi ; HDEVINFO DeviceInfoSet call edx ; setupapi.SetupDiGetDeviceInterfaceDetailW() test eax, eax jz short label2 ... --- snip ---
The app simply ignores any setupapi.SetupDiEnumDeviceInterfaces() error condition and proceeds with setupapi.SetupDiGetDeviceInterfaceDetailW().
Wine accesses the "DeviceInterfaceData->Reserved" member which just points to uninitialized (stack) area, leading to crash.
--- snip dlls/setupapi/devinst.c ---
BOOL WINAPI SetupDiGetDeviceInterfaceDetailW( HDEVINFO DeviceInfoSet, PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData, PSP_DEVICE_INTERFACE_DETAIL_DATA_W DeviceInterfaceDetailData, DWORD DeviceInterfaceDetailDataSize, PDWORD RequiredSize, PSP_DEVINFO_DATA DeviceInfoData) { ... info = (struct InterfaceInfo *)DeviceInterfaceData->Reserved; if (info->symbolicLink) bytesNeeded += sizeof(WCHAR)*lstrlenW(info->symbolicLink); ... --- snip dlls/setupapi/devinst.c ---
Because most applications will call SetupDiEnumDeviceInterfaces() (in a loop) before SetupDiGetDeviceInterfaceDetail() I suggest you zero/reset the "DeviceInterfaceData->Reserved" field member if no enumerated interface was found to work around stupid application code like this. I already tested this and it prevents the service crash. Though the installer still fails due to another (msi) bug.
$ sha1sum usb-over-network-client.msi a580cee5660348a80892ed008954345dddb4e3cb usb-over-network-client.msi
$ wine --version wine-1.3.20
Regards
http://bugs.winehq.org/show_bug.cgi?id=27033
--- Comment #3 from Juan Lang juan_lang@yahoo.com 2011-05-14 17:01:46 CDT --- Thanks! Patch sent: http://www.winehq.org/pipermail/wine-patches/2011-May/101917.html
http://bugs.winehq.org/show_bug.cgi?id=27033
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #4 from Austin English austinenglish@gmail.com 2011-05-16 12:25:23 CDT --- (In reply to comment #3)
Thanks! Patch sent: http://www.winehq.org/pipermail/wine-patches/2011-May/101917.html
Fixed by http://source.winehq.org/git/wine.git/commitdiff/53b287530961beaaae89bd063bc...
Thanks Focht/Juan!
http://bugs.winehq.org/show_bug.cgi?id=27033
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org 2011-05-27 13:35:59 CDT --- Closing bugs fixed in 1.3.21.
http://bugs.winehq.org/show_bug.cgi?id=27033
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |53b287530961beaaae89bd063bc | |0d63ef41036ff
https://bugs.winehq.org/show_bug.cgi?id=27033
Saulius K. saulius2@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |saulius2@gmail.com
-
wine-bugs@winehq.org