http://bugs.winehq.org/show_bug.cgi?id=20758 Summary: Missing nul termination in string passed to callback of RtlQueryRegistryValues()? Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: source, testcase Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-ntdll_reg.txt shows the error message Invalid read of size 2 at strlenW (unicode.h:216) by lstrlenW (string.c:214) by QueryRoutine (reg.c:201) by RTL_ReportRegistryValue (reg.c:992) by RtlQueryRegistryValues (reg.c:1231) by test_RtlQueryRegistryValues (reg.c:326) Address 0x7f03c184 is 0 bytes after a block of size 52 alloc'd at notify_alloc (heap.c:279) by RtlAllocateHeap (heap.c:1521) by RtlQueryRegistryValues (reg.c:1226) by test_RtlQueryRegistryValues (reg.c:326) It looks like an argument between len and null-terminated strings. RtlQueryRegistryValues calls a user-supplied callback whose first parameter is to a nul-terminated string... but it passes pInfo->Name, which is not nul-terminated. (It comes from NtEnumerateValueKey, and has a corresponding NameLength member.) So... either we need to copy Name to a new buffer and terminate it before calling the callback, or NtEnumerateValueKey needs to silently nul-terminate Name. I guess it's time for another conformance test. (This error was seen before by Valgrind, but with a slightly less informative description.) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.