[Bug 30418] New: regedit crash on export some binary values
http://bugs.winehq.org/show_bug.cgi?id=30418 Bug #: 30418 Summary: regedit crash on export some binary values Product: Wine Version: 1.5.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: programs AssignedTo: wine-bugs(a)winehq.org ReportedBy: basinilya(a)gmail.com Classification: Unclassified I have a key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\HDA Intel\Master (see attached file) and when i try to export it, regedit crashes. The crash happens in REGPROC_write_line() when it tries to write the binary value and tells something about heap (see attached output.txt) I checked with winedbg where exactly the heap corrupts: REGPROC_export_binary(...) { ... lstrcpyW(*line_buf + data_pos, newline); <-- here HeapFree(GetProcessHeap(), 0, value_multibyte); } [il(a)il wine]$ ./wine winedbg --gdb regedit.exe ... Wine-gdb> b regproc.c:1054 Breakpoint 1 at 0x7ebc5a65: file regproc.c, line 1054. Wine-gdb> cont Continuing. Breakpoint 1, REGPROC_export_binary (line_buf=0x33e044, line_buf_size=0x33e034, line_len=0x33df78, type=3, value=0x17e3f0 "", value_size=1848, unicode=0) at regproc.c:1054 1054 lstrcpyW(*line_buf + data_pos, newline); Wine-gdb> list 1049 data_pos += concat_len; 1050 column = concat_prefix; 1051 } 1052 } 1053 } 1054 lstrcpyW(*line_buf + data_pos, newline); 1055 HeapFree(GetProcessHeap(), 0, value_multibyte); 1056 } 1057 1058 /****************************************************************************** Wine-gdb> call HeapAlloc(GetProcessHeap(), 0, 8192) $1 = (void *) 0x182258 Wine-gdb> call HeapFree(GetProcessHeap(), 0, $) $2 = 1 Wine-gdb> n 1055 HeapFree(GetProcessHeap(), 0, value_multibyte); Wine-gdb> call HeapAlloc(GetProcessHeap(), 0, 8192) Program received signal SIGSEGV, Segmentation fault. 0x7bc480d3 in HEAP_CreateFreeBlock (subheap=0x110014, ptr=0x184258, size=581640) at heap.c:590 590 (*(DWORD *)((char *)ptr + size) & ARENA_FLAG_FREE)) The program being debugged was signaled while in a function called from GDB. GDB remains in the frame where the signal was received. To change this behavior use "set unwindonsignal on". Evaluation of the expression containing the function (HeapAlloc) will be abandoned. When the function is done executing, GDB will silently stop. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #1 from Ilya Basin <basinilya(a)gmail.com> 2012-04-12 06:08:55 CDT --- Created attachment 39765 --> http://bugs.winehq.org/attachment.cgi?id=39765 the key failing to export -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #2 from Ilya Basin <basinilya(a)gmail.com> 2012-04-12 06:09:35 CDT --- Created attachment 39766 --> http://bugs.winehq.org/attachment.cgi?id=39766 wine output -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #3 from Ilya Basin <basinilya(a)gmail.com> 2012-04-12 08:14:54 CDT --- Look at this line of code: *line_len += *line_len / (REG_FILE_HEX_LINE_LEN - concat_prefix) * concat_len; before it, *line_len == 5561 , which is already wrong: the length of one-line "LineStates"=hex:00,00,00,... is 5560, not 5561. Broken into multiple lines, this string takes 5932 chars: "LineStates"=hex:00,00,00,00,4d,00,61,00,73,00,74,00,65,00,72,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,... 5932-5561=371, but the existing code only adds 370. Instead, *line_len before the formula should be 5560 and the formula should evaluate to 372, which is (nlines-1) * 5 + 2, where nlines - number of lines 5 - the length of "\\\r\n " 2 - the length "\r\n" -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #4 from Ilya Basin <basinilya(a)gmail.com> 2012-04-12 09:05:05 CDT --- Created attachment 39767 --> http://bugs.winehq.org/attachment.cgi?id=39767 patch -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 Bruno Jesus <00cpxxx(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |f900ed1474b0fd05dbf0a11907d | |0bf0682fff979 Status|UNCONFIRMED |RESOLVED CC| |00cpxxx(a)gmail.com Resolution| |FIXED --- Comment #5 from Bruno Jesus <00cpxxx(a)gmail.com> 2012-04-12 16:09:49 CDT --- Patch commited. http://source.winehq.org/git/wine.git/commit/f900ed1474b0fd05dbf0a11907d0bf0... -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #6 from Ilya Basin <basinilya(a)gmail.com> 2012-04-13 00:58:06 CDT --- Actually, I don't uderstand, why all this error-prone dancing around string buffers, because at the end, buffered fwrite(FILE *) is used. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 --- Comment #7 from Vitaliy Margolen <vitaliy-bugzilla(a)kievinfo.com> 2012-04-13 08:22:16 CDT --- (In reply to comment #6) Writing big chunks to a file always works faster compared to few bytes at a times. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #8 from Alexandre Julliard <julliard(a)winehq.org> 2012-04-13 13:28:09 CDT --- Closing bugs fixed in 1.5.2. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |1.4.x -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=30418 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.4.x |--- -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org