http://bugs.winehq.org/show_bug.cgi?id=20485
Summary: Uninitialised memory reference in FTP_DoPassive Product: Wine Version: 1.1.31 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: wininet AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
(Found via http://kegel.com/wine/valgrind/logs/2009-10-26-08.26/diff-mshtml_htmllocatio... )
http://kegel.com/wine/valgrind/logs/2009-10-26-08.26/vg-mshtml_htmllocation.... shows
Conditional jump or move depends on uninitialised value(s) at FTP_DoPassive (ftp.c:3028) Uninitialised value was created by a client request at mark_block_uninitialized (heap.c:187) by RtlAllocateHeap (heap.c:1429) by INTERNET_AllocThreadError (internet.c:3050) by INTERNET_GetResponseBuffer (internet.c:3174) by FTP_DoPassive (ftp.c:3019)
I suspect it's the unconditional skip of four bytes... maybe that skips over the terminating null sometimes.
3027 p = lpszResponseBuffer+4; /* skip status code */ 3028 while (*p != '\0' && (*p < '0' || *p > '9')) p++;
The code is not new, but the error is, so maybe this only happens if there's a network error.
http://bugs.winehq.org/show_bug.cgi?id=20485
--- Comment #1 from Dan Kegel dank@kegel.com 2009-11-04 09:19:53 --- It happens about one in four runs here, always associated with the error err:wininet:FTP_DoPassive no address found in response, aborting
http://bugs.winehq.org/show_bug.cgi?id=20485
Hans Leidekker hans@meelstraat.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hans@meelstraat.net
--- Comment #2 from Hans Leidekker hans@meelstraat.net 2009-11-05 04:14:01 --- I ran the test 10 times in a row but I could not reproduce this. Dan, would you be able to instrument the code (say, dump the response buffer) and attach a +ftp trace here?
http://bugs.winehq.org/show_bug.cgi?id=20485
--- Comment #3 from Hans Leidekker hans@meelstraat.net 2009-11-05 04:14:26 --- Make that a +wininet trace.
http://bugs.winehq.org/show_bug.cgi?id=20485
--- Comment #4 from Dan Kegel dank@kegel.com 2009-11-05 21:20:44 --- The buffer is empty, it seems. search for buffer: in http://kegel.com/wine/valgrind/logs/2009-11-05-09.09/vg-mshtml_htmllocation.... (Sorry, I don't have the +wininet trace yet.)
http://bugs.winehq.org/show_bug.cgi?id=20485
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adys.wh@gmail.com
--- Comment #5 from Jerome Leclanche adys.wh@gmail.com 2012-02-17 14:00:03 CST --- Dan, could you retest in wine-1.4-rc3?
https://bugs.winehq.org/show_bug.cgi?id=20485
--- Comment #6 from Austin English austinenglish@gmail.com --- The only hit I see for FTP stuff is: ==4944== 312 bytes in 2 blocks are possibly lost in loss record 4,900 of 5,550 ==4944== at 0x7BC4C735: notify_alloc (heap.c:255) ==4944== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==4944== by 0x6400B4F: heap_alloc_zero (urlmon_main.h:241) ==4944== by 0x6402303: FtpProtocol_Construct (ftp.c:427) ==4944== by 0x642F2F0: CF_CreateInstance (urlmon_main.c:314) ==4944== by 0x63F9E4F: BindProtocol_StartEx (unknwn.h:226) ==4944== by 0x63F7A1B: start_binding (urlmon.h:7870) ==4944== by 0x63F7BCD: bind_to_storage (binding.c:1567) ==4944== by 0x6417CF1: URLMoniker_BindToStorage (umon.c:280) ==4944== by 0x6C81B54: start_binding (objidl.h:3488) ==4944== by 0x6CAE501: PersistMoniker_Load (persist.c:627) ==4944== by 0x4C816DF: perform_test (urlmon.h:2290) ==4944== by 0x4C81A41: func_htmllocation (htmllocation.c:379) ==4944== by 0x4CAB70C: run_test (test.h:584) ==4944== by 0x4CABAFB: main (test.h:654) ==4944==
in wine-1.7.17-92-ge2bf516 (which should be a different bug), please retest.
https://bugs.winehq.org/show_bug.cgi?id=20485
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #7 from Austin English austinenglish@gmail.com --- Assuming fixed.
https://bugs.winehq.org/show_bug.cgi?id=20485
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.20.
-
wine-bugs@winehq.org