http://bugs.winehq.org/show_bug.cgi?id=20757
Summary: Buffer overrun in NetQueryDisplayInformation Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: source, testcase Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-netapi32_access.txt shows the error message
Invalid write of size 2 at strcpyW (unicode.h:224) by lstrcpyW (string.c:104) by ACCESS_CopyDisplayUser (access.c:575) by NetQueryDisplayInformation (access.c:688) by run_querydisplayinformation1_tests (access.c:184) by func_access (access.c:344) Address 0x7f000bea is 0 bytes after a block of size 130 alloc'd at notify_alloc (heap.c:279) by RtlAllocateHeap (heap.c:1521) by NetApiBufferAllocate (apibuf.c:41) by NetQueryDisplayInformation (access.c:657) by run_querydisplayinformation1_tests (access.c:184) by func_access (access.c:344)
This can be reproduced locally by setting up valgrind as described in http://wiki.winehq.org/Valgrind and applying the heap tail check patch to wine, then running
WINETEST_PLATFORM=wine WINE_HEAP_REDZONE=16 valgrind --trace-children=yes --track-origins=yes wine netapi32_test.exe.so access
http://bugs.winehq.org/show_bug.cgi?id=20757
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #1 from Bruno Jesus 00cpxxx@gmail.com 2012-05-10 19:05:50 CDT --- Dan, I have tried this command inside the dlls/netapi32/tests:
WINETEST_PLATFORM=wine WINE_HEAP_REDZONE=16 valgrind --trace-children=yes --track-origins=yes --leak-check=full wine netapi32_test.exe.so access
Here are my results:
==31279== LEAK SUMMARY: ==31279== definitely lost: 0 bytes in 0 blocks ==31279== indirectly lost: 120 bytes in 10 blocks ==31279== possibly lost: 20 bytes in 1 blocks ==31279== still reachable: 22,495 bytes in 53 blocks ==31279== suppressed: 6,522 bytes in 43 blocks
Is this the right way to do it? Is it fixed since your original message didn't appear? If that is not the right way to test please tell how to do it properly.
https://bugs.winehq.org/show_bug.cgi?id=20757
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WORKSFORME
--- Comment #2 from Austin English austinenglish@gmail.com --- I only get:
==5513== 22 bytes in 1 blocks are possibly lost in loss record 26 of 92 ==5513== at 0x7BC4C735: notify_alloc (heap.c:255) ==5513== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==5513== by 0x4EA7675: ??? ==5513== by 0x4EAC762: ??? ==5513== by 0x4965F8A: run_localgroupgetinfo_tests (access.c:345) ==5513== by 0x49661F8: func_access (access.c:381) ==5513== by 0x49688C0: run_test (test.h:584) ==5513== by 0x4968CAF: main (test.h:654) ==5513==
in wine-1.7.17-92-ge2bf516. Marking WORKSFORME.
https://bugs.winehq.org/show_bug.cgi?id=20757
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org