[wix-users] Workaround GDI+ security vulnerability

Stewart Lynch stewartlynch8 at gmail.com
Thu May 26 10:18:29 PDT 2016


I can confirm that it's the old installer that is throwing this error. When
it tries to uninstall the old version the burn exe crashes on startup, just
as it did in the original problem. It seems that this problem wasn't fixed
in all cases (https://github.com/wixtoolset/wix3/pull/351)

If anyone would find a repro useful I can share my two installer exes. I
only seems to happen on Win7 (I have a clean Win7 install on a VM).

Stewart.


-----Original Message-----
From: Stewart Lynch [mailto:stewartlynch8 at gmail.com] 
Sent: 26 May 2016 17:25
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: RE: [wix-users] Workaround GDI+ security vulnerability

Yes, that's the full log. After my custom burn app threw the exception I
cancelled it, which closed everything down. I've attached the two log files
that I see in my temp folder. I don't see any errors in my Application event
log.

I guess it could be something that I'm doing in my custom app that is
causing this, I'll see if I can debug into it and see exactly where its
failing. I have a suspicion that it may be because I have a custom action
where I run another exe. It's just a bit suspicious that its exactly the
same exception as a known bug that was fixed recently.

I just had another thought, could it be that its failing uninstalling the
old version, it works if I uninstall manually. I see that my two log files
have different burn version numbers. I updated to the very latest version
when I built the new installer.


-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Sean Hall
Sent: 26 May 2016 15:38
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability

Is that the complete Burn log?  That looks like the bundle crashed, is there
an error in the Application event log?

There were a couple of bugs in 3.10.3.2917, can you try 3.10.3.2924?
http://wixtoolset.org/releases/v3-10-3-2924/

On Thu, May 26, 2016 at 7:28 AM, Stewart Lynch <stewartlynch8 at gmail.com>
wrote:

> Hi,
>
>
>
> I've been having a problem with my custom burn exe throwing an 
> exception when it tried to access .NET assemblies. This is the exception:
>
> Font '?' cannot be found
>
> I think it failed to load the .NET system.drawing.dll while trying to 
> create a font.
>
>
>
> The exe was throwing the exception as soon as it started. I eventually 
> found that this was fixed in this change:
>
> https://github.com/wixtoolset/wix3/pull/351
>
> After updating to v3.10.3.2917 the exe would run and the installation 
> completed.
>
>
>
> However, when I next changed the version number and try and to install 
> an update I get the same exception after the msi has finished 
> installing. The Burn log file is below. Looking at the msi log file it 
> shows that it completed successfully, it was the burn exe that threw 
> the exception after the mdi completed. I'm installing on Win7.
>
>
>
> Is this a known problem?
>
>
>
> Many thanks,
>
>
>
> Stewart.
>
>
>
> ------------------------------
>
> Burn log file:
>
>
>
> [0FA0:0FA4][2016-05-26T13:02:25]i001: Burn v3.10.3.2917, Windows v6.1 
> (Build
> 7601: Service Pack 1), path:
>
> C:\Users\STEWAR~1\AppData\Local\Temp\{18067DD0-80C1-4DF9-A27C-935986BF
> 5FB3}\
> .cr\FramePro_x64_setup (1).exe
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable 
> 'InstallFolder' to value '[ProgramFiles64Folder]PureDevSoftware\FramePro'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable 
> 'CodeInstallFolder' to value 
> '[ProgramFiles64Folder]PureDevSoftware\FramePro'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i009: Command Line:
> '"-burn.clean.room=C:\Users\Stewart Win7 
> Clean\Downloads\FramePro_x64_setup
> (1).exe"'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> 'WixBundleOriginalSource' to value 'C:\Users\Stewart Win7 
> Clean\Downloads\FramePro_x64_setup (1).exe'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> 'WixBundleOriginalSourceFolder' to value 'C:\Users\Stewart Win7 
> Clean\Downloads\'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> 'WixBundleLog'
> to value
'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225.log'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> 'WixBundleName' to value 'FramePro'
>
> [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> 'WixBundleManufacturer' to value 'PureDev Software'
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Loading managed bootstrapper 
> application.
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Creating BA thread to run 
> asynchronously.
>
> [0FA0:0CA4][2016-05-26T13:02:26]i000: Launching SCLInstaller
>
> [0FA0:0FA4][2016-05-26T13:02:26]i100: Detect begin, 3 packages
>
> [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'InstallFolderTestSearch'
> evaluates to false.
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> 'Netfx4x64FullVersion' to value '4.6.01055'
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable 
> 'InstallFolderTestSearch' to value 1
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> 'VCRedistInstalled' to value '1'
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> 'Netfx4FullVersion' to value '4.6.01055'
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable 
> 'CodeInstallFolderTestSearch' to value 1
>
> [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 
> 'CodeInstallFolderTestSearch' evaluates to true.
>
> [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> 'CodeInstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro\'
>
> [0FA0:0FA4][2016-05-26T13:02:26]i102: Detected related bundle:
> {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, scope: 
> PerMachine,
> version: 1.2.2.0, operation: MajorUpgrade
>
> [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'VCRedistInstalled'
> evaluates to true.
>
> [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'Netfx4FullVersion AND 
> (NOT
> VersionNT64 OR Netfx4x64FullVersion)' evaluates to true.
>
> [0FA0:0FA4][2016-05-26T13:02:26]i103: Detected related package:
> {E0101584-EB2E-467D-8F8F-85B72DEE77CE}, scope: PerMachine, version:
> 1.2.2.0,
> language: 0 operation: MajorUpgrade
>
> [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: VS2015Runtime,
> state: Present, cached: None
>
> [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: Netfx4Full, state:
> Present, cached: None
>
> [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: FramePro, state:
> Absent, cached: None
>
> [0FA0:0FA4][2016-05-26T13:02:26]i199: Detect complete, result: 0x0
>
> [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable 
> 'InstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro'
>
> [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable 
> 'CodeInstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro\'
>
> [0FA0:0FA4][2016-05-26T13:02:29]i200: Plan begin, 3 packages, action:
> Install
>
> [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency registration 
> on package with no dependency providers: VS2015Runtime
>
> [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency registration 
> on package with no dependency providers: Netfx4Full
>
> [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable 
> 'WixBundleRollbackLog_FramePro' to value
>
> 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fram
> ePro_r
> ollback.log'
>
> [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable 
> 'WixBundleLog_FramePro' to value
>
> 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fram
> ePro.l
> og'
>
> [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: VS2015Runtime,
> state:
> Present, default requested: Present, ba requested: Present, execute: 
> None,
> rollback: None, cache: No, uncache: No, dependency: None
>
> [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: Netfx4Full, state:
> Present, default requested: Present, ba requested: Present, execute: 
> None,
> rollback: None, cache: No, uncache: No, dependency: None
>
> [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: FramePro, state:
> Absent, default requested: Present, ba requested: Present, execute:
> Install,
> rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
>
> [0FA0:0FA4][2016-05-26T13:02:29]i207: Planned related bundle:
> {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, default requested:
> Absent, ba requested: Absent, execute: Uninstall, rollback: Install,
> dependency: None
>
> [0FA0:0FA4][2016-05-26T13:02:29]i299: Plan complete, result: 0x0
>
> [0FA0:0FA4][2016-05-26T13:02:29]i300: Apply begin
>
> [0FA0:0FA4][2016-05-26T13:02:29]i010: Launching elevated engine process.
>
> [0FA0:0FA4][2016-05-26T13:02:32]i011: Launched elevated engine process.
>
> [0FA0:0FA4][2016-05-26T13:02:32]i012: Connected to elevated engine.
>
> [0C0C:0C10][2016-05-26T13:02:32]i358: Pausing automatic updates.
>
> [0C0C:0C10][2016-05-26T13:02:34]i359: Paused automatic updates.
>
> [0C0C:0C10][2016-05-26T13:02:34]i360: Creating a system restore point.
>
> [0C0C:0C10][2016-05-26T13:02:40]i361: Created a system restore point.
>
> [0C0C:0C10][2016-05-26T13:02:40]i370: Session begin, registration key:
>
> SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-465
> 1-b5bb -2539855b0e5c}, options: 0x7, disable resume: No
>
> [0C0C:0C10][2016-05-26T13:02:40]i000: Caching bundle from:
>
> 'C:\Users\STEWAR~1\AppData\Local\Temp\{74E73143-1A17-445B-8A5C-8C89F74
> AD707} \.be\FramePro_x64_setup.exe' to: 'C:\ProgramData\Package 
> Cache\{02a49190-b153-4651-b5bb-2539855b0e5c}\FramePro_x64_setup.exe'
>
> [0C0C:0C10][2016-05-26T13:02:40]i320: Registering bundle dependency
> provider: {02a49190-b153-4651-b5bb-2539855b0e5c}, version: 1.2.3.0
>
> [0C0C:0C10][2016-05-26T13:02:40]i371: Updating session, registration key:
>
> SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-465
> 1-b5bb -2539855b0e5c}, resume: Active, restart initiated: No, disable
> resume: No
>
> [0FA0:0EE0][2016-05-26T13:02:40]i336: Acquiring container:
> WixAttachedContainer, copy from: C:\Users\Stewart Win7 
> Clean\Downloads\FramePro_x64_setup (1).exe
>
> [0FA0:0EE0][2016-05-26T13:02:40]i000: Setting string variable 
> 'WixBundleLastUsedSource' to value 'C:\Users\Stewart Win7
Clean\Downloads\'
>
> [0C0C:040C][2016-05-26T13:02:40]i305: Verified acquired payload: 
> FramePro at
> path: C:\ProgramData\Package Cache\.unverified\FramePro, moving to:
> C:\ProgramData\Package
>
> Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstaller
> 64.msi
> .
>
> [0C0C:0C10][2016-05-26T13:02:40]i323: Registering package dependency
> provider: {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, version: 1.2.3.0,
> package:
> FramePro
>
> [0C0C:0C10][2016-05-26T13:02:40]i301: Applying execute package: 
> FramePro,
> action: Install, path: C:\ProgramData\Package
>
> Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstaller
> 64.msi , arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7"
> INSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro"
> CODEINSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro\"'
>
> [0FA0:0FA4][2016-05-26T13:02:51]i319: Applied execute package: 
> FramePro,
> result: 0x0, restart: None
>
> [0C0C:0C10][2016-05-26T13:02:51]i325: Registering dependency:
> {02a49190-b153-4651-b5bb-2539855b0e5c} on package provider:
> {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, package: FramePro
>
> [0C0C:0C10][2016-05-26T13:02:51]i301: Applying execute package:
> {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, action: Uninstall, path:
> C:\ProgramData\Package
> Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe,
> arguments: '-burn.filehandle.self=536 "C:\ProgramData\Package 
> Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe"
> -uninstall -quiet -burn.related.upgrade 
> -burn.ancestors={02a49190-b153-4651-b5bb-2539855b0e5c}'
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/



More information about the wix-users mailing list