http://bugs.winehq.org/show_bug.cgi?id=12405
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #18 from Anastasius Focht focht@gmx.net 2009-04-12 18:16:18 --- Hello,
Wintrust problem. I used the trial version of WISO Sparbuch 2009 which exhibits the same problem (after overcoming bug 16998) Looks like the app partially passes garbage data into actiondata's file info. Most likely because some struct members are optional.
--- snip --- 0031:Call wintrust.WinVerifyTrust(ffffffff,010d50c8,0033e39c) ret=010d40a5 0031:trace:wintrust:WinVerifyTrust (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c) 0031:trace:wintrust:dump_wintrust_data 0x33e39c 0031:trace:wintrust:dump_wintrust_data cbStruct: 44 0031:trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil) 0031:trace:wintrust:dump_wintrust_data pSIPClientData: (nil) 0031:trace:wintrust:dump_wintrust_data dwUIChoice: 2 0031:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000000 0031:trace:wintrust:dump_wintrust_data dwUnionChoice: 1 0031:trace:wintrust:dump_file_info 0x33e390 0031:trace:wintrust:dump_file_info cbStruct: 12 0031:trace:wintrust:dump_file_info pcwszFilePath: L"C:\Program Files\WISO\Sparbuch 2009\on4u3\bdrm.dll" 0031:trace:wintrust:dump_file_info hFile: 0xffffffff 0031:trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c> 0031:trace:wintrust:dump_wintrust_data dwStateAction: 0 0031:trace:wintrust:dump_wintrust_data hWVTStateData: (nil) 0031:trace:wintrust:dump_wintrust_data pwszURLReference: (null) 0031:trace:wintrust:dump_wintrust_data dwProvFlags: 00000010 0031:trace:wintrust:dump_wintrust_data dwUIContext: 54460492 0031:trace:wintrust:WINTRUST_DefaultVerifyAndClose (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c) 0031:trace:wintrust:WINTRUST_DefaultVerify (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c) ... 031:Call wintrust.SoftpubInitialize(001619e8) ret=61296daa 0031:trace:wintrust:SoftpubInitialize (0x1619e8) 0031:trace:wintrust:SoftpubInitialize returning 00000000 0031:Ret wintrust.SoftpubInitialize() retval=00000000 ret=61296daa 0031:Call wintrust.SoftpubLoadMessage(001619e8) ret=61296daa 0031:trace:wintrust:SoftpubLoadMessage (0x1619e8) 0031:Call KERNEL32.CreateFileW(033f0084 L"C:\Program Files\WISO\Sparbuch 2009\on4u3\bdrm.dll",80000000,00000001,00000000,00000003,00000080,00000000) ret=612940ec 0031:Ret KERNEL32.CreateFileW() retval=000001a0 ret=612940ec 0031:Call KERNEL32.GetFileTime(000001a0,00161a48,00000000,00000000) ret=6129414a 0031:Ret KERNEL32.GetFileTime() retval=00000001 ret=6129414a 0031:trace:wintrust:SOFTPUB_OpenFile returning 1 0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6129426d ip=0x6129426d tid=0031 0031:trace:seh:raise_exception info[0]=00000000 0031:trace:seh:raise_exception info[1]=0000002c 0031:trace:seh:raise_exception eax=0033e390 ebx=6129e7c0 ecx=00165df8 edx=0000002c esi=0033e194 edi=0033e114 0031:trace:seh:raise_exception ebp=0033e088 esp=0033e050 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210202 --- snip ---
This is the culprit:
--- snip --- 0031:trace:wintrust:dump_file_info hFile: 0xffffffff 0031:trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c> --- snip ---
SOFTPUB_GetFileSubject() will happily dereference data->pWintrustData->u.pFile->pgKnownSubject if non-NULL. This must be avoided. As quickfix I added a bad pointer check on this member and if bad it treats the param as if passed as NULL which helps. Maybe this member is to be ignored at all at this stage?
Regards