[Bug 42731] New: stack overflow when .bat script variable has more than 256 characters
https://bugs.winehq.org/show_bug.cgi?id=42731 Bug ID: 42731 Summary: stack overflow when .bat script variable has more than 256 characters Product: Wine Version: 2.3 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: lucianposton(a)gmail.com Distribution: --- Created attachment 57723 --> https://bugs.winehq.org/attachment.cgi?id=57723 bug demo When a variable with more than (roughly) 256 characters in a .bat script is passed as a parameter, the script fails with the following error: err:seh:setup_exception_record stack overflow 1408 bytes in thread 0009 eip 7bc4887d esp 00240db0 stack 0x240000-0x241000-0x340000 attached .bat file that demonstrates the bug -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Lucian Poston <lucianposton(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucianposton(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Damjan Jovanovic <damjan.jov(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW CC| |damjan.jov(a)gmail.com --- Comment #1 from Damjan Jovanovic <damjan.jov(a)gmail.com> --- A +cmd trace shows this just before the overflow: 00fc:trace:cmd:handleExpansion Translate command:L"REM -- 2 %~1" 0 (at: L"%~1") 00fc:trace:cmd:WCMD_HandleTildeModifiers Looking backwards for parameter id: L"1" Deleting this line also stops it from crashing: REM -- 2 %~1 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Damjan Jovanovic <damjan.jov(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |testcase Component|-unknown |cmd --- Comment #2 from Damjan Jovanovic <damjan.jov(a)gmail.com> --- Some buffers in WCMD_HandleTildeModifiers() are only of size MAX_PATH, even though they handle strings that aren't necessarily files. When I change them to have size MAXSTRING, the crash doesn't happen. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Vijay Kamuju <infyquest(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |abe848f05f5d91d4c8eb875ebbf | |143ca9ca9a210 CC| |infyquest(a)gmail.com Status|NEW |RESOLVED --- Comment #3 from Vijay Kamuju <infyquest(a)gmail.com> --- fix now committed https://source.winehq.org/git/wine.git/commitdiff/abe848f05f5d91d4c8eb875ebb... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 5.22. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |5.0.x -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=42731 Michael Stefaniuc <mstefani(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|5.0.x |--- --- Comment #5 from Michael Stefaniuc <mstefani(a)winehq.org> --- Removing the 5.0.x milestone from bug fixes included in 5.0.4. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla