http://bugs.winehq.org/show_bug.cgi?id=3260 ------- Additional Comments From focht(a)gmx.net 2007-23-05 05:35 ------- Hello, while working on StarForce 3, the service/driver installer bumps on incomplete QueryServiceConfigA/W(). The service display name is queried to get required buffer size but later forgotten to query the actual value. The SF service installer doesnt check the QUERY_SERVICE_CONFIGW string values for NULL ptrs before access (which is the case for missing display name). --- snip dlls/advapi32/service.c --- BOOL WINAPI QueryServiceConfigW( SC_HANDLE hService, LPQUERY_SERVICE_CONFIGW lpServiceConfig, DWORD cbBufSize, LPDWORD pcbBytesNeeded) { ... /* now do the strings */ p = (LPBYTE) &lpServiceConfig[1]; n = total - sizeof (QUERY_SERVICE_CONFIGW); .... sz = n; r = RegQueryValueExW( hKey, szGroup, 0, &type, p, &sz ); if( ( r == ERROR_SUCCESS ) || ( type == REG_SZ ) ) { lpServiceConfig->lpLoadOrderGroup = (LPWSTR) p; p += sz; n -= sz; } /* +++ */ sz = n; r = RegQueryValueExW( hKey, szDisplayName, 0, &type, p, &sz ); if( ( r == ERROR_SUCCESS ) || ( type == REG_SZ ) ) { lpServiceConfig->lpDisplayName = (LPWSTR) p; p += sz; n -= sz; } /* +++ */ ... /* +++ */ TRACE("Display name = %s\n", debugstr_w(lpServiceConfig->lpDisplayName) ); /* +++ */ } --- snip dlls/advapi32/service.c --- With service display name correctly filled in, the installer is happy at this stage. Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.