http://bugs.winehq.org/show_bug.cgi?id=19435
Summary: Some winsock calls will crash when passing NULL as protocol parameter Product: Wine Version: 1.0.1 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winsock AssignedTo: wine-bugs@winehq.org ReportedBy: wine-bugs@thinktradellc.com
The problem occurs when attempting to queue the asynchronous call. Here is a patch to fix the problem. NULL is a valid call parameter for system calls such as WSAAsyncGetServByName, but __WSAsyncDBQuery attempts to get strlen() etc...
Andrew Athan
*** async.c~ 2008-10-17 08:45:25.000000000 -0700 --- async.c 2009-07-23 09:47:50.000000000 -0700 *************** static HANDLE16 __WSAsyncDBQuery( *** 539,551 **** switch (flags & AQ_MASKPTR1) { case 0: break; case AQ_COPYPTR1: xbuflen += int1; break; ! case AQ_DUPLOWPTR1: xbuflen += strlen(ptr1) + 1; break; }
switch (flags & AQ_MASKPTR2) { case 0: break; case AQ_COPYPTR2: xbuflen += int2; break; ! case AQ_DUPLOWPTR2: xbuflen += strlen(ptr2) + 1; break; }
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) { --- 539,551 ---- switch (flags & AQ_MASKPTR1) { case 0: break; case AQ_COPYPTR1: xbuflen += int1; break; ! case AQ_DUPLOWPTR1: xbuflen += (ptr1 ? strlen(ptr1)+1:0); break; }
switch (flags & AQ_MASKPTR2) { case 0: break; case AQ_COPYPTR2: xbuflen += int2; break; ! case AQ_DUPLOWPTR2: xbuflen += (ptr2 ? strlen(ptr2)+1:0); break; }
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) { *************** static HANDLE16 __WSAsyncDBQuery( *** 557,568 **** if (ptr1) switch (flags & AQ_MASKPTR1) { case 0: break; case AQ_COPYPTR1: memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1; break; ! case AQ_DUPLOWPTR1: pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm); while (*pfm++); break; } if (ptr2) switch (flags & AQ_MASKPTR2) { case 0: break; case AQ_COPYPTR2: memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2; break; ! case AQ_DUPLOWPTR2: pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm); while (*pfm++); break; }
aq->hWnd = HWND_16(hWnd); --- 557,568 ---- if (ptr1) switch (flags & AQ_MASKPTR1) { case 0: break; case AQ_COPYPTR1: memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1; break; ! case AQ_DUPLOWPTR1: if(!ptr1)break;pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm); while (*pfm++); break; } if (ptr2) switch (flags & AQ_MASKPTR2) { case 0: break; case AQ_COPYPTR2: memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2; break; ! case AQ_DUPLOWPTR2: if(!ptr2)break;pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm); while (*pfm++); break; }
aq->hWnd = HWND_16(hWnd);
http://bugs.winehq.org/show_bug.cgi?id=19435
--- Comment #1 from Juan Lang juan_lang@yahoo.com 2009-07-23 14:38:45 --- Patches should be unified diff format, as git will do for you, and sent to wine-patches@winehq.org, or wine-devel@winehq.org if you're not sure about them. See http://www.winehq.org/sending_patches
http://bugs.winehq.org/show_bug.cgi?id=19435
--- Comment #2 from Austin English austinenglish@gmail.com 2010-09-07 16:33:50 CDT --- That code has changed massively...not sure if it's still a problem or not. Please retest in 1.3.2 or newer wine.
http://bugs.winehq.org/show_bug.cgi?id=19435
--- Comment #3 from Jeff Zaroyko jeffz@jeffz.name 2010-09-08 02:44:29 CDT --- User replied by email to wine-bugs:
To: wine-bugs@winehq.org Subject: Re: [Bug 19435] Some winsock calls will crash when passing NULL as protocol parameter
Please review the code, as the problem was easy to see by reading the code and I doubt I will have time to retest this.
http://bugs.winehq.org/show_bug.cgi?id=19435
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW CC| |00cpxxx@gmail.com Ever Confirmed|0 |1
--- Comment #4 from Bruno Jesus 00cpxxx@gmail.com 2012-03-23 07:18:51 CDT --- I can confirm the issue in wine 1.5. There seems to be only one remaining function unprotected so I sent a patch (http://source.winehq.org/patches/data/84690)
http://bugs.winehq.org/show_bug.cgi?id=19435
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |adys.wh@gmail.com Resolution| |FIXED
--- Comment #5 from Jerome Leclanche adys.wh@gmail.com 2012-04-18 22:04:01 CDT --- Patch was committed as 70be64b2ba9704f806ff4b4aab632aea827a2313.
http://bugs.winehq.org/show_bug.cgi?id=19435
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org 2012-04-27 12:59:24 CDT --- Closing bugs fixed in 1.5.3.
-
wine-bugs@winehq.org