[Bug 19435] New: Some winsock calls will crash when passing NULL as protocol parameter

23 Jul 2009


      http://bugs.winehq.org/show_bug.cgi?id=19435
Summary: Some winsock calls will crash when passing NULL as
                    protocol parameter
           Product: Wine
           Version: 1.0.1
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: winsock
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: wine-bugs@thinktradellc.com
The problem occurs when attempting to queue the asynchronous call.  Here is a
patch to fix the problem.  NULL is a valid call parameter for system calls such
as WSAAsyncGetServByName, but __WSAsyncDBQuery attempts to get strlen() etc...
Andrew Athan
*** async.c~    2008-10-17 08:45:25.000000000 -0700
--- async.c    2009-07-23 09:47:50.000000000 -0700
*************** static HANDLE16    __WSAsyncDBQuery(
*** 539,551 ****
      switch (flags & AQ_MASKPTR1) {
      case 0:                            break;
      case AQ_COPYPTR1:    xbuflen += int1;        break;
!     case AQ_DUPLOWPTR1:    xbuflen += strlen(ptr1) + 1;    break;
      }
switch (flags & AQ_MASKPTR2) {
      case 0:                            break;
      case AQ_COPYPTR2:    xbuflen += int2;        break;
!     case AQ_DUPLOWPTR2:    xbuflen += strlen(ptr2) + 1;    break;
      }
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) {
--- 539,551 ----
      switch (flags & AQ_MASKPTR1) {
      case 0:                            break;
      case AQ_COPYPTR1:    xbuflen += int1;        break;
!     case AQ_DUPLOWPTR1:    xbuflen += (ptr1 ? strlen(ptr1)+1:0);    break;
      }
switch (flags & AQ_MASKPTR2) {
      case 0:                            break;
      case AQ_COPYPTR2:    xbuflen += int2;        break;
!     case AQ_DUPLOWPTR2:    xbuflen += (ptr2 ? strlen(ptr2)+1:0);    break;
      }
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) {
*************** static HANDLE16    __WSAsyncDBQuery(
*** 557,568 ****
      if (ptr1) switch (flags & AQ_MASKPTR1) {
      case 0:                                            break;
      case AQ_COPYPTR1:   memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1;    
        break;
!     case AQ_DUPLOWPTR1: pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm);
while (*pfm++);    break;
      }
      if (ptr2) switch (flags & AQ_MASKPTR2) {
      case 0:                                            break;
      case AQ_COPYPTR2:   memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2;    
       break;
!     case AQ_DUPLOWPTR2: pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm);
while (*pfm++);    break;
      }
aq->hWnd    = HWND_16(hWnd);
--- 557,568 ----
      if (ptr1) switch (flags & AQ_MASKPTR1) {
      case 0:                                            break;
      case AQ_COPYPTR1:   memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1;    
        break;
!       case AQ_DUPLOWPTR1: if(!ptr1)break;pfm = ptr1; ptr1 = pto; do *pto++ =
tolower(*pfm); while (*pfm++);    break;
      }
      if (ptr2) switch (flags & AQ_MASKPTR2) {
      case 0:                                            break;
      case AQ_COPYPTR2:   memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2;    
       break;
!     case AQ_DUPLOWPTR2: if(!ptr2)break;pfm = ptr2; ptr2 = pto; do *pto++ =
tolower(*pfm); while (*pfm++);    break;
      }
aq->hWnd    = HWND_16(hWnd);
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 19435] New: Some winsock calls will crash when passing NULL as protocol parameter