WineHQ
Bug Tracking Database – Bug 35269

 Bugzilla

 

Last modified: 2021-12-05 08:03:15 UTC  

Mobile Master crashes on startup (array-index out of bounds for IFile_tid in scrrun get_typeinfo)

First Last Prev Next    This bug is not in your last search results.
Bug 35269 - Mobile Master crashes on startup (array-index out of bounds for IFile_tid in scrrun get_typeinfo)
Mobile Master crashes on startup (array-index out of bounds for IFile_tid in ...
Status: CLOSED FIXED
AppDB: Show Apps affected by this bug
Product: Wine
Classification: Unclassified
Component: scrrun
1.7.9
x86 Linux
: P2 normal
: ---
Assigned To: Mr. Bugs
https://web.archive.org/web/201309271...
: download, regression
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-12-29 16:46 UTC by Anastasius Focht
Modified: 2021-12-05 08:03 UTC (History)
0 users

See Also:
Regression SHA1: 49a8d4ecb0cb868451c7ba3ded34d4e69248d8c4
Fixed by SHA1: e03bfb482f87a6a0ee24dfb7d4a5eb2d9037ae80
Distribution: ---
Staged patchset:

Attachments
Add an attachment (back traces, logs, proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anastasius Focht 2013-12-29 16:46:44 UTC 
Hello folks,

while verifying bug 27180 I stumbled into another problem :|

Relevant part of backtrace:

--- snip ---
Unhandled exception: page fault on read access to 0x00000001 in 32-bit code (0xf7550803).
...
Backtrace:
=>0 0xf7550803 __memcmp_sse4_2+0x163() in libc.so.6 (0x0033e488)
  1 0x7e713a8e ITypeLib2_fnGetTypeInfoOfGuid+0xcd(iface=<couldn't compute location>, guid=<couldn't compute location>, ppTInfo=<couldn't compute location>) [/home/focht/projects/wine/wine-git/dlls/oleaut32/typelib.c:4960] in oleaut32 (0x0033e488)
  2 0x7ded5435 get_typeinfo+0x81(tid=IFile_tid, typeinfo=0x33e548) [/home/focht/projects/wine/wine-build32/dlls/scrrun/../../include/oaidl.h:2669] in scrrun (0x0033e508)
  3 0x7ded0ad7 file_GetIDsOfNames+0xba(iface=<couldn't compute location>, riid=<couldn't compute location>, rgszNames=<couldn't compute location>, cNames=<couldn't compute location>, lcid=<couldn't compute location>, rgDispId=<couldn't compute location>) [/home/focht/projects/wine/wine-git/dlls/scrrun/filesystem.c:704] in scrrun (0x0033e588)
  4 0x72a478d1 in msvbvm60 (+0x1078d0) (0x0033e5b8)
  5 0x72a48336 in msvbvm60 (+0x108335) (0x0033e5e4)
  6 0x72a410e0 in msvbvm60 (+0x1010df) (0x0033f848)
  7 0x72991d33 in msvbvm60 (+0x51d32) (0x0033f854)
  8 0x004454e4 in mobilemaster (+0x454e3) (0x0033f864)
...
0xf7550803 __memcmp_sse4_2+0x163 in libc.so.6: movl	0xfffffff0(%edx),%ebx
Modules:
Module	Address			Debug info	Name (72 modules)
PE	  400000-  bc6000	Export          mobilemaster
PE	113d0000-114c0000	Deferred        tssofficemenu1d
PE	72940000-72a93000	Export          msvbvm60
ELF	7b800000-7ba61000	Dwarf           kernel32<elf>
...
Threads:
process  tid      prio (all id:s are in hex)
...
00000024 MMStarter.exe
	00000025    0
00000026 (D) C:\Program Files\Mobile Master\MobileMaster.exe
	00000029    0
	00000028    0
	00000027    0 <== 
--- snip ---

Trace log with +ole gives a bit of hint ...

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Mobile Master

$ WINEDEBUG=+tid,+seh,+relay,+scrrun,+typelib wine ./MMStarter.exe >>log.txt 2>&1
...

0026:trace:scrrun:file_GetIDsOfNames (0x152b538)->({00000000-0000-0000-0000-000000000000} 0x33e5c0 1 1033 0x33e5c4)
0026:trace:ole:ITypeLib2_fnGetTypeInfoOfGuid 0x173af8 <guid-0x0001> 0x33e4c4
0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf748d803 ip=f748d803 tid=0026
0026:trace:seh:raise_exception  info[0]=00000000
0026:trace:seh:raise_exception  info[1]=00000001
0026:trace:seh:raise_exception  eax=001773d8 ebx=f748d800 ecx=42c642c1 edx=00000011 esi=0033e4a0 edi=7deecda0
0026:trace:seh:raise_exception  ebp=0033e488 esp=0033e428 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010287
--- snip ---

Strange GUID in second parameter of ITypeLib2_fnGetTypeInfoOfGuid() ;-)

Source: http://source.winehq.org/git/wine.git/blob/a29d77088ac2b07fb68d84646be2884f49e9df7a:/dlls/scrrun/scrrun_private.h#l24

--- snip ---
24 typedef enum tid_t
25 {
26     NULL_tid,
27     IDictionary_tid,
28     IFileSystem3_tid,
29     IFolder_tid,
30     ITextStream_tid,
31     IFile_tid,
32     LAST_tid
33 } tid_t;
--- snip ---

The corresponding array and referencing code:

Source: http://source.winehq.org/git/wine.git/blob/a29d77088ac2b07fb68d84646be2884f49e9df7a:/dlls/scrrun/scrrun.c#l103

--- snip ---
103 static REFIID tid_ids[] = {
104     &IID_NULL,
105     &IID_IDictionary,
106     &IID_IFileSystem3,
107     &IID_IFolder,
108     &IID_IFile
109 };

...

127 HRESULT get_typeinfo(tid_t tid, ITypeInfo **typeinfo)
128 {
...
136     if(!typeinfos[tid]) {
137         ITypeInfo *ti;
138
139         hres = ITypeLib_GetTypeInfoOfGuid(typelib, tid_ids[tid], &ti);
140         if(FAILED(hres)) {
141             ERR("GetTypeInfoOfGuid(%s) failed: %08x\n", debugstr_guid(tid_ids[tid]), hres);
142         }
144
...
151 }
--- snip ---

'ITextStream_tid' was added with commit http://source.winehq.org/git/wine.git/commitdiff/49a8d4ecb0cb868451c7ba3ded34d4e69248d8c4 but the array was not synchronized leading to out-of-bound indexing for 'IFile_tid'.

$ sha1sum MobileMasterInst.exe 
0bedc83c67f4a0181aac916150457f395f095526  MobileMasterInst.exe

$ du -sh MobileMasterInst.exe 
21M	MobileMasterInst.exe

$ wine --version
wine-1.7.9-209-gb231b4b

Regards
Comment 1 Anastasius Focht 2013-12-30 14:36:32 UTC 
Hello folks,

this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/e03bfb482f87a6a0ee24dfb7d4a5eb2d9037ae80

Thanks Alexandre

Regards
Comment 2 Alexandre Julliard 2014-01-03 13:10:22 UTC 
Closing bugs fixed in 1.7.10.
Comment 3 Anastasius Focht 2021-12-05 08:03:15 UTC 
Hello folks,

adding stable download link via Internet Archive for documentation.

https://web.archive.org/web/20130927121657/http://www.jumpingbytes.com/down/MobileMasterInst.exe

https://www.virustotal.com/gui/file/97cb15e144210a7b511e04a76d5789205a35cf043eec0990534b7ccc9c83f06d

$ sha1sum MobileMasterInst.exe 
0bedc83c67f4a0181aac916150457f395f095526  MobileMasterInst.exe

$ du -sh MobileMasterInst.exe 
21M	MobileMasterInst.exe

Regards
First Last Prev Next    This bug is not in your last search results.

Privacy Policy
If you have a privacy inquiry regarding this site, please write to [email protected]

Hosted By CodeWeavers