http://bugs.winehq.org/show_bug.cgi?id=3260
------- Additional Comments From focht@gmx.net 2007-23-05 05:35 ------- Hello,
while working on StarForce 3, the service/driver installer bumps on incomplete QueryServiceConfigA/W().
The service display name is queried to get required buffer size but later forgotten to query the actual value. The SF service installer doesnt check the QUERY_SERVICE_CONFIGW string values for NULL ptrs before access (which is the case for missing display name).
--- snip dlls/advapi32/service.c --- BOOL WINAPI QueryServiceConfigW( SC_HANDLE hService, LPQUERY_SERVICE_CONFIGW lpServiceConfig, DWORD cbBufSize, LPDWORD pcbBytesNeeded) {
... /* now do the strings */ p = (LPBYTE) &lpServiceConfig[1]; n = total - sizeof (QUERY_SERVICE_CONFIGW); ....
sz = n; r = RegQueryValueExW( hKey, szGroup, 0, &type, p, &sz ); if( ( r == ERROR_SUCCESS ) || ( type == REG_SZ ) ) { lpServiceConfig->lpLoadOrderGroup = (LPWSTR) p; p += sz; n -= sz; }
/* +++ */ sz = n; r = RegQueryValueExW( hKey, szDisplayName, 0, &type, p, &sz ); if( ( r == ERROR_SUCCESS ) || ( type == REG_SZ ) ) { lpServiceConfig->lpDisplayName = (LPWSTR) p; p += sz; n -= sz; } /* +++ */ ...
/* +++ */ TRACE("Display name = %s\n", debugstr_w(lpServiceConfig->lpDisplayName) ); /* +++ */ }
--- snip dlls/advapi32/service.c ---
With service display name correctly filled in, the installer is happy at this stage.
Regards