Archive: NSIS 2.40 LongStr Crashes!


NSIS 2.40 "large strings" crashes!
When I try to compile my installer with the "large strings" edition of NSIS v2.40, then makensis.exe will crash reproducible! The very same script compiles just fine with the "normal" version of NSIS v2.40 as well as with the "large strings" edition of NSIS v2.38. Any ideas?

http://img402.imageshack.us/img402/3...ash2yj6.th.pnghttp://img402.imageshack.us/images/thpix.gif


Script available from SVN:
http://opensvn.csie.org/viewcvs.cgi/...oot=mulder1984


could you narrow it down to a minimal script?


I could try to do so, but I got no idea where to start :(

Any ideas?


remove half of the file instructions, check
remove the other half, check
remove the pages one by one while checking for crash


Well, obviously it crashes near the beginning and while processing the MUI/UMUI header/defines, long before any file command is being processed...


Here is the output from a debugger, if that helps:


Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: D:\NSIS\makensis.exe /DBuild_Number=35 /DCompile_Date="2008-10-13" /DVersion_MPlayer="SVN-r27743 (2008-10-11)" /DVersion_MPUI="v1.2-pre3 (Build 38)" /DVersion_SMPlayer="v0.6.3 (SVN-r1997)" /DVersion_Codecs="(2007-10-07)" /DVersion_NSIS="v2.40" /DPath_Out="D:\MPUI\upload\MPUI.2008-10-13.Build-35" /DPath_Builds="D:\MPUI\builds" Installer.nsi
Starting directory: D:\MPUI
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 00400000 00480000 image00400000
ModLoad: 7d4c0000 7d5f0000 NOT_AN_IMAGE
ModLoad: 7d600000 7d6f0000 C:\WINDOWS\SysWOW64\ntdll32.dll
ModLoad: 7d4c0000 7d5f0000 C:\WINDOWS\syswow64\kernel32.dll
ModLoad: 7d800000 7d890000 C:\WINDOWS\syswow64\GDI32.dll
ModLoad: 7d930000 7da00000 C:\WINDOWS\syswow64\USER32.dll
ModLoad: 00480000 0051b000 C:\WINDOWS\syswow64\ADVAPI32.dll
ModLoad: 7da20000 7db00000 C:\WINDOWS\syswow64\RPCRT4.dll
ModLoad: 7d8d0000 7d920000 C:\WINDOWS\syswow64\Secur32.dll
ModLoad: 77b90000 77b98000 C:\WINDOWS\syswow64\VERSION.dll
ModLoad: 77ba0000 77bfa000 C:\WINDOWS\syswow64\msvcrt.dll
(121c.126c): Break instruction exception - code 80000003 (first chance)
eax=77c00000 ebx=7efde000 ecx=00000003 edx=00000008 esi=7d6a01f4 edi=00211f38
eip=7d61002d esp=0012fb4c ebp=0012fcac iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SysWOW64\ntdll32.dll -
ntdll32!DbgBreakPoint:
7d61002d cc int 3
0:000> g
ModLoad: 7dee0000 7df40000 C:\WINDOWS\SysWOW64\IMM32.DLL
ModLoad: 7dbc0000 7dbc9000 C:\WINDOWS\SysWOW64\LPK.DLL
ModLoad: 75490000 754f5000 C:\WINDOWS\SysWOW64\USP10.dll
(121c.126c): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00003000 ebx=0012da18 ecx=00032f1c edx=00000000 esi=0000009f edi=00050134
eip=0044ef17 esp=00037f14 ebp=000500f0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image00400000
image00400000+0x4ef17:
0044ef17 8501 test [ecx],eax ds:002b:00032f1c=00000000
0:000> g
(121c.126c): Stack overflow - code c00000fd (!!! second chance !!!)
eax=00003000 ebx=0012da18 ecx=00032f1c edx=00000000 esi=0000009f edi=00050134
eip=0044ef17 esp=00037f14 ebp=000500f0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
image00400000+0x4ef17:
0044ef17 8501 test [ecx],eax ds:002b:00032f1c=00000000
0:000> g
(121c.126c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0012da18 ecx=0012da18 edx=00000000 esi=0000009f edi=00050134
eip=00000000 esp=0003af2c ebp=000500f0 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
00000000 ?? ???

Looks like this is the problem:

(121c.126c): Stack overflow - code c00000fd (!!! second chance !!!)

kichik is away and will not be back until november, if you want me to take a look, you will have to narrow it down to a single line with the problem if possible (without UMUI and other 3rd party plugins)


I'm afraid I can't, because various "simple" installers I tried do work just fine.
It seems the problem is only triggers with a "complex" installer...

But even "NSIS\examples\UltraModenUI\bigtest.nsi" crashes! :cry:
It crashed on "!insertmacro: UMUI_PAGE_INFORMATION", while my installer crashed on "!insertmacro: UMUI_PAGE_SETUPTYPE"

So there is not the "one line that crashes" :(

The "NSIS\examples\bigtest.nsi" compiles just fine though :confused:

Any more ideas?


UMUI bug maybe


Well, there are only two possibilities:
* UMUI generates a valid script and makensis.exe compiles that script
* UMUI generates an invalid script and makensis.exe rejects that script

But makensis.exe simply crashing without error messages definitely shouldn't happen, no matter how buggy the script is (which I'm pretty sure it is not). Also the very same script compiles fine with NSIS v2.38, with NSIS v2.38 "Long Strings" build and also with NSIS v2.40. This all sounds like an NSIS bug to me. And it might or might not be related to this one, which still remains unresolved...


I don't feel link looking at UMUI and all of its junk, give me a stand alone .nsi that crashes and I might have a go at figuring out the problem


Uff, here you go:
http://www.mediafire.com/file/zzjtleyl5gt/CrashTest.nsi

This .nsi crashed reproducible with NSIS v2.40 "Long Stings" and compiles fine with NSIS v2.38 "Long Stings" ;)

(Note: The actual installer starts at line #10012)


you are not making this easy are you, thats just a big file that does not even compile, I want something without UMUI

edit: If I add !include "installoptions.nsh" to the top of CrashTest.nsi, it does not crash


The script "as-is" does compile just fine with NSIS v2.38 "Long Stings", but it gives the same crash (reproducible!) as shown on my screenshot with NSIS v2.40 "Long Stings". If I knew how to trigger the crash without UMUI, I'd post a shorter script. But I don't. Since it's a stack overflow, I guess it happens only with a lot of defines and macros. So it's perfectly possible that it cannot be reproduced with a "minimalistic" script...


as far as i can tell, the crash is @

!macro UMUI_STR2INT VALUE
Push $0 ; The source <<< here
....

in alloca_probe (stack allocation stuff IIRC)

edit:
the call stack in debug build looks like:



MAKENSIS! _alloca_probe + 23 bytes
CEXEBuild::doParse(const char * 0x00c0c91a) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00ac0a34, char * 0x0005dc24, int 1) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00bf48d2) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00ac14ee, char * 0x00076b00, int 10) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00b9ff3c) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00ac1aed, char * 0x0008f9dc, int 6) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00bdc86a) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00af3281, char * 0x000a88b8, int 10) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00bcc83c) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00af26c5, char * 0x000c1794, int 17) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00b77ec2) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00aec112, char * 0x000da670, int 5) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00bb000a) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00af24e8, char * 0x000f354c, int 2) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00a7100c) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00ad31f8, char * 0x0010c428, int 83) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00b213ba) line 543 + 19 bytes
CEXEBuild::process_oneline(char * 0x00ad26f0, char * 0x00125304, int 19) line 854 + 17 bytes
CEXEBuild::doCommand(int 80, LineParser & {...}) line 1086 + 32 bytes
CEXEBuild::doParse(const char * 0x00a3a050) line 543 + 19 bytes
CEXEBuild::parseScript() line 729 + 23 bytes
CEXEBuild::process_script(_iobuf * 0x004c13d0, char * 0x0012da08) line 221 + 8 bytes
main(int 2, char * * 0x00900cc0) line 509 + 25 bytes
MAKENSIS! mainCRTStartup + 180 bytes
KERNEL32! 7c816d4f


for CrashTest.nsi. The recursion is not that deep, but it might still use a lot of local variables. Maybe putting more on the heap instead would help, anyways, kichik would have to take a look at it when he comes back. You should file a bug report on the project tracker so this does not get lost when it scrolls off the forum front page

Did you extract the stubs?

Stu


Thanks you for looking into this, Anders.

I'll file a bugreport...


Originally posted by Afrow UK
Did you extract the stubs?

Stu
I may be stupid, but not THAT stupid :D

-> Yes, I did extract/replace the stubs accordingly.

Did you submit a bug report?


Originally posted by kichik
Did you submit a bug report?
No, but I did, its @ http://sourceforge.net/tracker/index...49&atid=373085

Originally posted by Anders
No, but I did, its @ http://sourceforge.net/tracker/index...49&atid=373085

MakeNSIS v2.41 still crashes with UMUI installer :(

("Large strings" build only, normal one seems to work okay)

the bug is still marked as open so no surprise there


Just to let you know: The "Large strings" build of NSIS v2.42 still crashes while compiling my UMUI installer :(

The good news is: The new plugin system apparently didn't break my installer :)


Quote:


In my case, it helped to replace "MUI_INSTALLOPTIONS_*" (e.g. "MUI_INSTALLTOPTIONS_READ") with "INSTALLOPTIONS_*" (e.g. INSTALLOPTIONS_READ).

So simply drop the MUI_ prefix and don't forget to add InstallOptions.nsh to your includes.

Hope that helps

Martin



Originally posted by Anders
the bug is still marked as open so no surprise there