http://bugs.winehq.org/show_bug.cgi?id=35135
Bug ID: 35135 Summary: Air Video Server HD 1.x crashes on startup (NULL SERVER_INFO_101.sv101_comment returned from NetServerGetInfo) Product: Wine Version: 1.7.8 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: netapi32 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Classification: Unclassified
Hello folks,
as the summary says ...
Prerequisite: Bonjour Print Services for Windows v2.x
Download: http://support.apple.com/downloads/DL999/en_US/BonjourPSSetup.exe
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/AirVideoServer HD
$ WINEDEBUG=+tid,+seh,+relay,+netapi32 wine ./AirVideoServerUI.exe >>log.txt 2>&1 ... 003e:Call netapi32.NetServerGetInfo(00000000,00000065,026fe6f8) ret=00438847 003e:trace:netapi32:NetServerGetInfo (null) 101 0x26fe6f8 003e:Call KERNEL32.GetComputerNameW(026fe520,026fe654) ret=7e028081 003e:Ret KERNEL32.GetComputerNameW() retval=00000001 ret=7e028081 003e:trace:netapi32:NetApiBufferAllocate (38, 0x26fe6f8) 003e:Call ntdll.RtlAllocateHeap(00110000,00000000,00000026) ret=7e02854b 003e:Ret ntdll.RtlAllocateHeap() retval=01c997d8 ret=7e02854b 003e:Call KERNEL32.GetVersionExW(026fe540) ret=7e028113 003e:Ret KERNEL32.GetVersionExW() retval=00000001 ret=7e028113 003e:Ret netapi32.NetServerGetInfo() retval=00000000 ret=00438847 003e:trace:seh:raise_exception code=c0000005 flags=0 addr=0x40f634 ip=0040f634 tid=003e 003e:trace:seh:raise_exception info[0]=00000000 003e:trace:seh:raise_exception info[1]=00000000 003e:trace:seh:raise_exception eax=00000000 ebx=01c89fb0 ecx=026fe714 edx=00000001 esi=026fe714 edi=00000000 003e:trace:seh:raise_exception ebp=026fe6e0 esp=026fe6d8 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 ... --- snip ---
Application code showing access of SERVER_INFO_101.sv101_comment member:
--- snip --- ... 0043882C 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48] 0043882F 50 PUSH EAX ; bufptr 00438830 6A 65 PUSH 65 ; level: SERVER_INFO_101 00438832 6A 00 PUSH 0 ; servername 00438834 C745 B4 00000000 MOV DWORD PTR SS:[EBP-4C],0 0043883B C745 B8 00000000 MOV DWORD PTR SS:[EBP-48],0 00438842 E8 1F8B5D00 CALL <JMP.&NETAPI32.NetServerGetInfo> 00438847 85C0 TEST EAX,EAX 00438849 75 5C JNZ SHORT AirVideo.004388A7 0043884B 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48] ; SERVER_INFO_101 0043884E 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C] 00438851 FF70 14 PUSH DWORD PTR DS:[EAX+14] ; *boom* ... --- snip ---
Dump of structure returned from NetServerGetInfo():
--- snip --- $+0 01C7B700 000001F4 $+4 01C7B704 01C7B718 ; UNICODE ptr "nexus4" $+8 01C7B708 00000005 $+C 01C7B70C 00000001 $+10 01C7B710 00001000 $+14 01C7B714 00000000 ; sv101_comment --- snip ---
MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/aa370903%28v=vs.85%2...
--- quote --- typedef struct _SERVER_INFO_101 { DWORD sv101_platform_id; LPWSTR sv101_name; DWORD sv101_version_major; DWORD sv101_version_minor; DWORD sv101_type; LPWSTR sv101_comment; } SERVER_INFO_101, *PSERVER_INFO_101, *LPSERVER_INFO_101;
... sv101_comment
Type: LPWSTR
A pointer to a Unicode string specifying a comment describing the server. The comment can be null.
--- quote ---
"can" ... sure ;-)
Maybe Wine could use an empty string by default to prevent applications from crashing that directly access this member without checking for NULL.
Source: http://source.winehq.org/git/wine.git/blob/8b5ec5bb4911842966534102a602b0f00...
--- snip --- 1018 NET_API_STATUS WINAPI NetServerGetInfo(LMSTR servername, DWORD level, LPBYTE* bufptr) 1019 { ... 1047 if (ret == NERR_Success) 1048 { 1049 /* INFO_100 structure is a subset of INFO_101 */ 1050 PSERVER_INFO_101 info = (PSERVER_INFO_101)*bufptr; 1051 OSVERSIONINFOW verInfo; 1052 1053 info->sv101_platform_id = PLATFORM_ID_NT; 1054 info->sv101_name = (LMSTR)(*bufptr + sizeof(SERVER_INFO_101)); 1055 memcpy(info->sv101_name, computerName, 1056 computerNameLen * sizeof(WCHAR)); 1057 verInfo.dwOSVersionInfoSize = sizeof(verInfo); 1058 GetVersionExW(&verInfo); 1059 info->sv101_version_major = verInfo.dwMajorVersion; 1060 info->sv101_version_minor = verInfo.dwMinorVersion; 1061 /* Use generic type as no wine equivalent of DC / Server */ 1062 info->sv101_type = SV_TYPE_NT; 1063 info->sv101_comment = NULL; 1064 } ...
--- snip ---
$ sha1sum AirVideoServerHD-1.0.11.exe d1b58dea685bcce3381e29b9cc2fefda90f97389 AirVideoServerHD-1.0.11.exe
$ du -sh AirVideoServerHD-1.0.11.exe 11M AirVideoServerHD-1.0.11.exe
$ wine --version wine-1.7.8-220-g0bef543
Regards