https://bugs.winehq.org/show_bug.cgi?id=52694
Bug ID: 52694 Summary: EnumPrintersW crashes on Linux but not on Windows Product: Wine Version: 7.4 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: mikrutrafal@protonmail.com Distribution: ---
``` let argument_0 = 10000; let argument_1 = PCWSTR::default(); let argument_2 = 10000; let mut argument_3 = 100; let argument_3 = &mut argument3; let argument_4 = 10000; let mut argument_5 = 10000; let argument_5 = &mut argument5; let mut argument_6 = 10000; let argument_6 = &mut argument6; EnumPrintersW(argument_0,argument_1,argument_2,argument_3,argument_4,argument_5,argument_6); ``` seems to crash app
Steps to reproduce - Download Fuzzer - https://github.com/qarmin/Win32Fuzzer/releases/download/1.1.0/win_project_64... - Create `settings.txt` in same folder - Fill it with this content ``` allowed_functions: EnumPrintersW
repeating_number: 50
random: false ``` - Run `win_project_64.exe`
``` 01e0:fixme:winspool:WINSPOOL_EnumPrintersW dwType = 00002710 wine: Unhandled page fault on execute access to 0000000000000000 at address 0000000000000000 (thread 01e0), starting debugger... Unhandled exception: page fault on execute access to 0x0000000000000000 in 64-bit code (0x0000000000000000). .... .... System information: Wine build: wine-7.4 Platform: x86_64 Version: Windows 10 Host system: Linux Host version: 5.13.0-35-generic
```
https://bugs.winehq.org/show_bug.cgi?id=52694
Rafał Mikrut mikrutrafal@protonmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/qarmin/W | |in32Fuzzer/releases/downloa | |d/1.1.0/win_project_64.exe
https://bugs.winehq.org/show_bug.cgi?id=52694
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=52694
Eric Pouech eric.pouech@orange.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |eric.pouech@orange.fr
--- Comment #1 from Eric Pouech eric.pouech@orange.fr --- (In reply to Rafał Mikrut from comment #0)
let argument_0 = 10000; let argument_1 = PCWSTR::default(); let argument_2 = 10000; let mut argument_3 = 100; let argument_3 = &mut argument3; let argument_4 = 10000;
in EnumPrinterW, argument_3 is supposed to be an array of bytes of size argument_4, which is clearly not the case in your scenario... hence the crash
do you a real app depending on this? A+
https://bugs.winehq.org/show_bug.cgi?id=52694
--- Comment #2 from Rafał Mikrut mikrutrafal@protonmail.com ---
do you a real app depending on this?
Nope, I just found it when creating fuzzer and this is one of ~100 functions that crashes with such (invalid) output on Linux but not Windows.
https://bugs.winehq.org/show_bug.cgi?id=52694
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Unless there's an app that depends on it, the exact behavior upon invalid input is in general not something we care about.
https://bugs.winehq.org/show_bug.cgi?id=52694
--- Comment #4 from Rafał Mikrut mikrutrafal@protonmail.com --- In my opinion it's still worth to fix this bug if it occurs only in Wine, because some applications can use this feature on Windows in an incorrect way (even if I didn't find any), because the application on Windows doesn't crash.
https://bugs.winehq.org/show_bug.cgi?id=52694
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- The same would be true for just about any function. In many cases Windows has an exception handler to hide crashes, but we don't want to do that because it's expensive to do without compiler support. So we only do it where it's required by an actual app.
https://bugs.winehq.org/show_bug.cgi?id=52694
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
--- Comment #6 from Fabian Maurer dark.shadow4@web.de --- So, what do we do with this bugreport?
https://bugs.winehq.org/show_bug.cgi?id=52694
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #7 from Alexandre Julliard julliard@winehq.org --- I'd say that's a WONTFIX, until we find an app that depends on this.
https://bugs.winehq.org/show_bug.cgi?id=52694
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |WONTFIX
https://bugs.winehq.org/show_bug.cgi?id=52694
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Gijs Vermeulen gijsvrm@gmail.com --- Closing WONTFIX.
-
WineHQ Bugzilla