https://bugs.winehq.org/show_bug.cgi?id=36521

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |NEW URL| |http://swrebellion.com/down | |loads/modules.php?name=Down | |loads&d_op=viewdownloaddeta | |ils&lid=41&ttitle=1.01_Upda | |te_for_Rebellion CC| |focht@gmx.net Summary|Star Wars rebellion update |Star Wars rebellion update |1.01 crashes on start |1.01 crashes on start | |(quoted process command | |line only created with | |special 'My Documents' | |folder) Ever confirmed|0 |1

--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

The installer expects a double quoted command line. It calls GetCommandLineA(), skips the first character and copies up to 0x104 characters to a stack-based buffer. It then continues to search the stack-based buffer for the closing double-quote. The search just overruns stack top (increment), landing in unmapped area, causing the fault.

--- snip --- $ WINEDEBUG=+tid,+seh,+relay wine rsupd101.exe >>log.txt 2>&1 ... 0023:Call KERNEL32.GetCommandLineA() ret=00401846 0023:Ret KERNEL32.GetCommandLineA() retval=0012b560 ret=00401846 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x401868 ip=00401868 tid=0023 0023:trace:seh:raise_exception info[0]=00000000 0023:trace:seh:raise_exception info[1]=00340000 0023:trace:seh:raise_exception eax=00000374 ebx=7b8bb000 ecx=00000000 edx=00000000 esi=0012b584 edi=00000000 0023:trace:seh:raise_exception ebp=0033fe20 esp=0033fc84 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010297 0023:trace:seh:call_stack_handlers calling handler at 0x40bf4b code=c0000005 flags=0 0023:trace:seh:call_stack_handlers handler at 0x40bf4b returned 1 0023:trace:seh:call_stack_handlers calling handler at 0x409ab8 code=c0000005 flags=0 0023:Call KERNEL32.UnhandledExceptionFilter(0033f760) ret=0040900a wine: Unhandled page fault on read access to 0x00340000 at address 0x401868 ... Unhandled exception: page fault on read access to 0x00340000 in 32-bit code (0x00401868). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:00401868 ESP:0033fc84 EBP:0033fe20 EFLAGS:00010297( R- -- I S -A-P-C) EAX:00000374 EBX:7b8bb000 ECX:00000000 EDX:00000000 ESI:0012b584 EDI:00000000 Stack dump: 0x0033fc84: 0012b584 0040c140 6f685c3a 665c656d 0x0033fc94: 7468636f 776f445c 616f6c6e 725c7364 0x0033fca4: 64707573 2e313031 00657865 00000000 0x0033fcb4: 00000000 00000000 00000000 00000000 0x0033fcc4: 00000000 00000000 00000000 00000000 0x0033fcd4: 00000000 00000000 00000000 00000000 000c: sel=0067 base=00000000 limit=00000000 16-bit --x Backtrace: =>0 0x00401868 in rsupd101 (+0x1868) (0x0033fe20) 1 0x7b864208 call_process_entry+0xb() in kernel32 (0x0033fe38) ... 0x00401868: movb 0x8(%esp,%eax,1),%cl Modules: Module Address Debug info Name (29 modules) PE 400000- 414000 Export rsupd101 ... Threads: process tid prio (all id:s are in hex) ... 00000022 (D) Z:\home\focht\Downloads\rsupd101.exe 00000023 0 <== --- snip ---

In Windows, applications always get a quoted command line when being started through shell/explorer (ShellExecuteEx). Wine's Shell/Explorer should do the same - unfortunately it depends on where you start the executable (double click).

This works: 'wine explorer' -> 'My Documents' -> navigate to folder where the executable is saved and double click.

This doesn't work: 'wine explorer' -> 'My Computer' -> 'Z:' ... -> navigate to folder where the executable is saved and double click (installer crashes).

A short debugging sessions shows the behaviour.

NOTE: 'My Documents' symlink doesn't exist on my machine hence $HOME is substituted.

--- snip --- $ winedbg "C:\users\focht\My Documents\Downloads\rsupd101.exe"

Wine-dbg>b GetCommandLineA ... Wine-dbg>p cmdlineA ""C:\users\focht\My Documents\Downloads\rsupd101.exe" "

<starts fine> --- snip ---

--- snip --- $ winedbg "z:\home\focht\Downloads\rsupd101.exe"

Wine-dbg>b GetCommandLineA ... Wine-dbg>p cmdlineA "z:\home\focht\Downloads\rsupd101.exe "

<crash> --- snip ---

As current workaround you need to use the special folder trick which creates the quoted command line.

$ sha1sum rsupd101.exe 7ae576e99c8b623032e5ab96f384ad354d0e4230 rsupd101.exe

$ du -sh rsupd101.exe 1.2M rsupd101.exe

$ wine --version wine-1.7.19-56-gee13e10

Regards

https://bugs.winehq.org/show_bug.cgi?id=36521

joaopa jeremielapuree@yahoo.fr changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr

--- Comment #3 from joaopa jeremielapuree@yahoo.fr --- Created attachment 66447 --> https://bugs.winehq.org/attachment.cgi?id=66447 All is fine

Tested with wine-5.1. Patch worked.

Can an administrator close this bug as FIXED?

https://bugs.winehq.org/show_bug.cgi?id=36521

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |ceb32f668360ef51b932fa63508 | |58a6b8d2d26ec URL|http://swrebellion.com/down |https://web.archive.org/web |loads/modules.php?name=Down |/20130528085133/http://www. |loads&d_op=viewdownloaddeta |swrebellion.com/files/rsupd |ils&lid=41&ttitle=1.01_Upda |101.exe |te_for_Rebellion | Component|-unknown |kernel32

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,

this was fixed by commit https://source.winehq.org/git/wine.git/commitdiff/ceb32f668360ef51b932fa6350... ("kernel32: Quote first command line arg in process paramenters."). Part of Wine 4.19 release.

Thanks Jeff

Also referenced in bug 47790

Technically a dupe but since that bug has been already closed with a non-generic summary appearing in release notes it's sensible to keep them separate.

Regards