[Bug 27172] New: Some msvcrt string functions incorrectly return status from 'safe' versions (Corel Draw 12 demo installer fails)
http://bugs.winehq.org/show_bug.cgi?id=27172
Summary: Some msvcrt string functions incorrectly return status from 'safe' versions (Corel Draw 12 demo installer fails) Product: Wine Version: 1.3.20 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: msvcrt AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net
Hello,
while revisiting bug 4971 I noticed a potential regression ...
--- snip --- 005c:Ret PE DLL (proc=0x110c8ac,module=0x1100000 L"MSICrlPCU.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 005c:Ret KERNEL32.LoadLibraryA() retval=01100000 ret=010c2f22 005c:Call KERNEL32.GetProcAddress(01100000,010dbb48 "AcquireKey") ret=010c2f34 005c:Ret KERNEL32.GetProcAddress() retval=01101d10 ret=010c2f34 ... 005c:Call KERNEL32.CreateFileW(01121ba0 L"C:\users\focht\Temp\Corel\84ACAA88-5FD7-411D-81F6-24407CE7C94A\Programs\DR12.dta",80000000,00000001,00000000,00000003,00000080,00000000) ret=01102ad7 005c:Ret KERNEL32.CreateFileW() retval=0000001c ret=01102ad7 005c:Call KERNEL32.GetFileSize(0000001c,00000000) ret=01102b32 005c:Ret KERNEL32.GetFileSize() retval=00000068 ret=01102b32 005c:Call KERNEL32.ReadFile(0000001c,009add08,00000068,009add04,00000000) ret=01102b55 005c:Ret KERNEL32.ReadFile() retval=00000001 ret=01102b55 005c:Call KERNEL32.CloseHandle(0000001c) ret=01102b5c 005c:Ret KERNEL32.CloseHandle() retval=00000001 ret=01102b5c 005c:Call msvcrt._strupr(009add0c "DR12WTX-1740841-KCM") ret=01102b8c 005c:Ret msvcrt._strupr() retval=00000000 ret=01102b8c 005c:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1102b95 ip=01102b95 tid=005c 005c:trace:seh:raise_exception info[0]=00000000 005c:trace:seh:raise_exception info[1]=00000000 005c:trace:seh:raise_exception eax=00000000 ebx=0000000a ecx=00000000 edx=01121eb8 esi=01121ba0 edi=0000001c 005c:trace:seh:raise_exception ebp=7b820890 esp=009adcdc cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010202 005c:trace:seh:call_vectored_handlers calling handler at 0x68e827aa code=c0000005 flags=0 005c:trace:seh:call_vectored_handlers handler at 0x68e827aa returned 0 --- snip ---
App code:
--- snip --- 00DC2B66 8D4424 54 LEA EAX,[ESP+54] 00DC2B6A 8D96 14020000 LEA EDX,[ESI+214] 00DC2B70 8BC8 MOV ECX,EAX 00DC2B72 83C4 04 ADD ESP,4 00DC2B75 2BD1 SUB EDX,ECX 00DC2B77 8A08 MOV CL,BYTE PTR DS:[EAX] 00DC2B79 880C02 MOV BYTE PTR DS:[EAX+EDX],CL 00DC2B7C 40 INC EAX 00DC2B7D 84C9 TEST CL,CL 00DC2B7F ^ 75 F6 JNE SHORT 00DC2B77 00DC2B81 8D5424 30 LEA EDX,[ESP+30] 00DC2B85 52 PUSH EDX 00DC2B86 FF15 7487DD00 CALL DWORD PTR DS:[<&MSVCR71._strupr>] 00DC2B8C 83C4 04 ADD ESP,4 00DC2B8F 8D96 18030000 LEA EDX,[ESI+318] 00DC2B95 8A08 MOV CL,BYTE PTR DS:[EAX] 00DC2B97 40 INC EAX 00DC2B98 880A MOV BYTE PTR DS:[EDX],CL 00DC2B9A 42 INC EDX 00DC2B9B 84C9 TEST CL,CL 00DC2B9D ^ 75 F6 JNE SHORT 00DC2B95 --- snip ---
_strupr() is cdecl, return ptr value in EAX
--- snip dlls/msvcrt/string.c --- int CDECL _strupr(char *str) { return _strupr_s_l(str, -1, NULL); } --- snip dlls/msvcrt/string.c ---
Because Wine returns/takes the status from 's' version instead of string ptr, the app crashes.
MSDN: http://msdn.microsoft.com/en-us/library/sch3dy08.aspx
--- snip --- Returns a pointer to the altered string. Because the modification is done in place, the pointer returned is the same as the pointer passed as the input argument. No return value is reserved to indicate an error. --- snip ---
You might want to check others too (_strlwr ...).
BTW .. the serial is from trial, no harm ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |4971
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, Installer, | |obfuscation URL| |http://files.brothersoft.co | |m/graphics_design/image_edi | |tors/CGS12_TBYB_EN.exe
--- Comment #1 from Anastasius Focht focht@gmx.net 2011-05-15 05:18:49 CDT --- Hello,
filling some fields...
Regards
http://bugs.winehq.org/show_bug.cgi?id=27172
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |5227
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Some msvcrt string |Some msvcrt string |functions incorrectly |functions incorrectly |return status from 'safe' |return status from 'safe' |versions (Corel Draw 12 |versions causing multiple |demo installer fails) |apps to fail (corel draw 12 | |...) Severity|normal |major
--- Comment #2 from Anastasius Focht focht@gmx.net 2011-05-15 13:22:51 CDT --- Hello,
revising severity as there are probably lots of apps broken that use C runtime.
Regards
http://bugs.winehq.org/show_bug.cgi?id=27172
Piotr Caban piotr.caban@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |piotr.caban@gmail.com AssignedTo|wine-bugs@winehq.org |piotr.caban@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #3 from Anastasius Focht focht@gmx.net 2011-05-16 13:53:03 CDT --- Hello,
thanks, fixed by commit:
http://source.winehq.org/git/wine.git/commitdiff/c43176b0943c67728245d5e28ef...
Regards
http://bugs.winehq.org/show_bug.cgi?id=27172
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org 2011-05-27 13:36:04 CDT --- Closing bugs fixed in 1.3.21.
http://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |c43176b0943c67728245d5e28ef | |e45cc73cdc266 Regression SHA1| |3db957e39e73b3b7f98c4087a75 | |4461096a41a2a
--- Comment #5 from Anastasius Focht focht@gmx.net 2011-10-12 04:39:42 CDT --- Hello,
filling/correcting fields ...
Regards
https://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|piotr.caban@gmail.com |wine-bugs@winehq.org
https://bugs.winehq.org/show_bug.cgi?id=27172
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello folks,
adding stable link via Internet Archive for documentation.
https://web.archive.org/web/20100710045254/http://www.corel.com/akdlm/6763/d...
When looking for app/game installer snapshots that have considerable size always validate they are actually working. Several times I've encountered snapshots for large payloads on archive.org that got truncated / corrupted for whatever reasons.
One example here:
--- snip --- $ wget http://web.archive.org/cdx/search/cdx?url=%22corel.com/akdlm/6763/downloads/..." \ -q -O - | grep application/
com,corel)/akdlm/6763/downloads/trials/graphicssuite12/coreldrawgraphicssuite12.exe 20051021095046 http://www.corel.com/akdlm/6763/downloads/trials/GraphicsSuite12/CorelDRAWGr... application/octet-stream 200 HAADM3DYJD5J7INHQHN4YEDYZHFIPDLN 104811553
com,corel)/akdlm/6763/downloads/trials/graphicssuite12/coreldrawgraphicssuite12.exe 20061205075014 http://www.corel.com/akdlm/6763/downloads/trials/GraphicsSuite12/CorelDRAWGr... application/octet-stream 200 HAADM3DYJD5J7INHQHN4YEDYZHFIPDLN 104811565
com,corel)/akdlm/6763/downloads/trials/graphicssuite12/coreldrawgraphicssuite12.exe 20091223111010 http://www.corel.com/akdlm/6763/downloads/trials/GraphicsSuite12/CorelDRAWGr... application/octet-stream 200 QNRZLFBYQ3PALGGFT4IMMSTKYSEQS2TJ 195745612
com,corel)/akdlm/6763/downloads/trials/graphicssuite12/coreldrawgraphicssuite12.exe 20091223111010 http://www.corel.com/akdlm/6763/downloads/trials/GraphicsSuite12/CorelDRAWGr... application/octet-stream 200 QNRZLFBYQ3PALGGFT4IMMSTKYSEQS2TJ 195745612
com,corel)/akdlm/6763/downloads/trials/graphicssuite12/coreldrawgraphicssuite12.exe 20100710045254 http://www.corel.com/akdlm/6763/downloads/trials/GraphicsSuite12/CorelDRAWGr... application/octet-stream 200 QNRZLFBYQ3PALGGFT4IMMSTKYSEQS2TJ 195745616 --- snip ---
The first snapshots with 100 MB size are truncated and cause the installer to exit immediately (loader). Always look for the largest ones first.
$ sha1sum CorelDRAWGraphicsSuite12.exe 836395943886de0598c59f10c64a6ac489096a69 CorelDRAWGraphicsSuite12.exe
$ du -sh CorelDRAWGraphicsSuite12.exe 187M CorelDRAWGraphicsSuite12.exe
Regards
https://bugs.winehq.org/show_bug.cgi?id=27172
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://files.brothersoft.co |https://web.archive.org/web |m/graphics_design/image_edi |/20100710045254/http://www. |tors/CGS12_TBYB_EN.exe |corel.com/akdlm/6763/downlo | |ads/trials/GraphicsSuite12/ | |CorelDRAWGraphicsSuite12.ex | |e
-
wine-bugs@winehq.org -
WineHQ Bugzilla