https://bugs.winehq.org/show_bug.cgi?id=46661
--- Comment #15 from ossecurity ossecurity@iscas.ac.cn --- (In reply to Zebediah Figura from comment #12)
(In reply to ossecurity from comment #11)
Yes, that can cause application crash and this crash is a behaviour of Win32 application. However, the missing check in ISF_Desktop_fnGetDisplayNameOf is the behaviour of wine.
It will be clearer to judge this bug if we focus on the behaviour mismatch. As hooking is supported function in windows, a prepared Win32 Application(DoInjection.exe) doesn't crash in Windows(I verify it on Win 7), but it crashes in wine. It seems Win7 has added sufficient checks(sanitizations or authority checks), however, wine doesn't.
You're also assuming that Windows has the same struct layout as Wine, which it almost certainly doesn't. Only behaviour differences that affect real applications are worth fixing.
There is no real reason to check for NULL here. It doesn't matter whose "behaviour" the code is. The contract internal to the Wine code is that the variable is valid from the moment the struct is allocated, not that it is valid if and only if it is non-NULL.
I have different thought now.
What do you mean by real applications? The DoInjection.exe inject code in explorer.exe(this is real applications).
And I think the internal contract is wrong if it's just as you say. The variable can be changed(by a hooker) between construction and use.
Ke Yang