http://bugs.winehq.org/show_bug.cgi?id=8356

Summary: DVDFab Platinum crashes due to bug in Activation contexts (CreateActCtxA) Product: Wine Version: CVS Platform: All OS/Version: All Status: UNCONFIRMED Severity: major Priority: P4 Component: wine-kernel AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net

Hello,

as it says ... crashes due to bug in CreateActCtxA() due to wrong evaluation of pointer vs. resource index in ACTCTX_FLAG_RESOURCE_NAME_VALID flag case.

--- snip --- 002c:Call KERNEL32.CreateActCtxA(0034f608) ret=006d535a trace:actctx:CreateActCtxA 0x34f608 00000088 trace:seh:raise_exception code=c0000005 flags=0 addr=0x60194473 trace:seh:raise_exception info[0]=00000000 trace:seh:raise_exception info[1]=000003e8 trace:seh:raise_exception eax=000003e8 ebx=7b8ab884 ecx=00000000 edx=000003e8 esi=00000000 edi=ffffffff trace:seh:raise_exception ebp=0034f508 esp=0034f4cc cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00210246 trace:seh:call_stack_handlers calling handler at 0x73358a code=c0000005 flags=0 ... --- snip ---

Offending code:

--- snip dlls/kernel32/actctx.c --- HANDLE WINAPI CreateActCtxA(PCACTCTXA pActCtx) { ... if (actw.dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) { if (!((ULONG_PTR)pActCtx->lpResourceName >> 16)) { len = MultiByteToWideChar(CP_ACP, 0, pActCtx->lpResourceName, -1, NULL, 0); /* boom */ ... }

--- snip dlls/kernel32/actctx.c ---

Fix: remove the negation. It evaluates already != 0 if pointer value (highword set).

--- snip dlls/kernel32/actctx.c --- HANDLE WINAPI CreateActCtxA(PCACTCTXA pActCtx) { ... if (actw.dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) { if (((ULONG_PTR)pActCtx->lpResourceName >> 16)) { ... }

--- snip dlls/kernel32/actctx.c ---

Regards