https://bugs.winehq.org/show_bug.cgi?id=53172 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|wine-bugs(a)winehq.org |fgouget(a)codeweavers.com --- Comment #1 from François Gouget <fgouget(a)codeweavers.com> --- Windows's behavior RegEnumValueA() is broken in all cases where the name buffer is too small, but particularly so in double-byte and UTF-8 locales. The test is configured to enumerate a single value: Test: REG_SZ "foobar" With: data_count = 20 memset(data, 'x', sizeof(data)) RegEnumValueA(...too small name buffer..., data, &data_count) We randomly get one of the results below: * data_count=7 This is strlen("foobar")+1 which makes sense data[data_count] = 0 Modifying the buffer makes no sense in the first place. But should it be modified, then it should do data[data_count-1] = 0. Maybe this is a REG_SZ vs. REG_MULTI_SZ issue. * 7 < data_count < 20 and data[data_count] = 0 The required buffer size is 7, there is no reason to claim more is needed. The returned values don't even seem to be random; it's mostly 8-11 and 13. There is still the data[data_count] vs. data[data_count-1] issue. * data_count >= 20 and data is unmodified This seems to be specific to the UTF-8 cases (w10pro64_en_AE_u8 and w10pro64_hi_u8). Specifically the only value seen in this case is data_count = 21. Even if the initial data_count value is changed to 16. So why 21??? And fortunately RegEnumValueA() did not try to set data[data_count] = 0 (would be a buffer overflow). This is what's causing the failures for two reasons: - We memset(data, 'x', sizeof(data)) which means it's not \0-terminated. So strspn( data, "x" ) may return anything depending on what comes after the buffer. At least there's only a 1/256 chance of it being wrong. - data[data_count] is also outside the buffer and this time it has a 255/256 chance of being wrong (though in practice it's not random and may be more likely to be 0). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=53172 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |95f2cc0f15b1dde0318e75e2a7f | |21957fa76af55 Resolution|--- |FIXED --- Comment #3 from François Gouget <fgouget(a)codeweavers.com> --- This should be fixed: commit 95f2cc0f15b1dde0318e75e2a7f21957fa76af55 Author: François Gouget <fgouget(a)codeweavers.com> Date: Fri Mar 3 16:23:07 2023 +0100 advapi32/tests: Fix the RegEnumValueA() tests in UTF-8 locales. On Windows RegEnumValueA() is buggy such that when the value name buffer is too small, it may way overestimate the required data buffer size, sometimes returning more than the sufficiently large buffer it was provided, in which case that buffer is untouched and thus not NUL-terminated. So modify the tests to accept this broken result and avoid checking out-of-bounds data. Wine-Bug: https://bugs.winehq.org//show_bug.cgi?id=53172 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.