[Bug 27172] New: Some msvcrt string functions incorrectly return status from 'safe' versions (Corel Draw 12 demo installer fails)

http://bugs.winehq.org/show_bug.cgi?id=27172

Summary: Some msvcrt string functions incorrectly return status from 'safe' versions (Corel Draw 12 demo installer fails) Product: Wine Version: 1.3.20 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: msvcrt AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net

Hello,

while revisiting bug 4971 I noticed a potential regression ...

--- snip --- 005c:Ret PE DLL (proc=0x110c8ac,module=0x1100000 L"MSICrlPCU.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 005c:Ret KERNEL32.LoadLibraryA() retval=01100000 ret=010c2f22 005c:Call KERNEL32.GetProcAddress(01100000,010dbb48 "AcquireKey") ret=010c2f34 005c:Ret KERNEL32.GetProcAddress() retval=01101d10 ret=010c2f34 ... 005c:Call KERNEL32.CreateFileW(01121ba0 L"C:\users\focht\Temp\Corel\84ACAA88-5FD7-411D-81F6-24407CE7C94A\Programs\DR12.dta",80000000,00000001,00000000,00000003,00000080,00000000) ret=01102ad7 005c:Ret KERNEL32.CreateFileW() retval=0000001c ret=01102ad7 005c:Call KERNEL32.GetFileSize(0000001c,00000000) ret=01102b32 005c:Ret KERNEL32.GetFileSize() retval=00000068 ret=01102b32 005c:Call KERNEL32.ReadFile(0000001c,009add08,00000068,009add04,00000000) ret=01102b55 005c:Ret KERNEL32.ReadFile() retval=00000001 ret=01102b55 005c:Call KERNEL32.CloseHandle(0000001c) ret=01102b5c 005c:Ret KERNEL32.CloseHandle() retval=00000001 ret=01102b5c 005c:Call msvcrt._strupr(009add0c "DR12WTX-1740841-KCM") ret=01102b8c 005c:Ret msvcrt._strupr() retval=00000000 ret=01102b8c 005c:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1102b95 ip=01102b95 tid=005c 005c:trace:seh:raise_exception info[0]=00000000 005c:trace:seh:raise_exception info[1]=00000000 005c:trace:seh:raise_exception eax=00000000 ebx=0000000a ecx=00000000 edx=01121eb8 esi=01121ba0 edi=0000001c 005c:trace:seh:raise_exception ebp=7b820890 esp=009adcdc cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010202 005c:trace:seh:call_vectored_handlers calling handler at 0x68e827aa code=c0000005 flags=0 005c:trace:seh:call_vectored_handlers handler at 0x68e827aa returned 0 --- snip ---

App code:

--- snip --- 00DC2B66 8D4424 54 LEA EAX,[ESP+54] 00DC2B6A 8D96 14020000 LEA EDX,[ESI+214] 00DC2B70 8BC8 MOV ECX,EAX 00DC2B72 83C4 04 ADD ESP,4 00DC2B75 2BD1 SUB EDX,ECX 00DC2B77 8A08 MOV CL,BYTE PTR DS:[EAX] 00DC2B79 880C02 MOV BYTE PTR DS:[EAX+EDX],CL 00DC2B7C 40 INC EAX 00DC2B7D 84C9 TEST CL,CL 00DC2B7F ^ 75 F6 JNE SHORT 00DC2B77 00DC2B81 8D5424 30 LEA EDX,[ESP+30] 00DC2B85 52 PUSH EDX 00DC2B86 FF15 7487DD00 CALL DWORD PTR DS:[<&MSVCR71._strupr>] 00DC2B8C 83C4 04 ADD ESP,4 00DC2B8F 8D96 18030000 LEA EDX,[ESI+318] 00DC2B95 8A08 MOV CL,BYTE PTR DS:[EAX] 00DC2B97 40 INC EAX 00DC2B98 880A MOV BYTE PTR DS:[EDX],CL 00DC2B9A 42 INC EDX 00DC2B9B 84C9 TEST CL,CL 00DC2B9D ^ 75 F6 JNE SHORT 00DC2B95 --- snip ---

_strupr() is cdecl, return ptr value in EAX

--- snip dlls/msvcrt/string.c --- int CDECL _strupr(char *str) { return _strupr_s_l(str, -1, NULL); } --- snip dlls/msvcrt/string.c ---

Because Wine returns/takes the status from 's' version instead of string ptr, the app crashes.

MSDN: http://msdn.microsoft.com/en-us/library/sch3dy08.aspx

--- snip --- Returns a pointer to the altered string. Because the modification is done in place, the pointer returned is the same as the pointer passed as the input argument. No return value is reserved to indicate an error. --- snip ---

You might want to check others too (_strlwr ...).

BTW .. the serial is from trial, no harm ;-)

Regards