[Bug 48473] New: kernelbase WaitNamedPipeW contains non-null terminated string, causing garbage output in trace logs
https://bugs.winehq.org/show_bug.cgi?id=48473
Bug ID: 48473 Summary: kernelbase WaitNamedPipeW contains non-null terminated string, causing garbage output in trace logs Product: Wine Version: 5.0-rc5 Hardware: x86-64 OS: Linux Status: NEW Severity: trivial Priority: P2 Component: kernelbase Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
--- snip --- ... 003b:Call KERNEL32.WaitNamedPipeW(0022d770 L"\\.\pipe\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",ffffffff) ret=00382fd4 003b:Call ntdll.RtlDosPathNameToNtPathName_U(0022d770 L"\\.\pipe\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",0022d318,00000000,00000000) ret=7b04bacb 003b:Ret ntdll.RtlDosPathNameToNtPathName_U() retval=00000001 ret=7b04bacb 003b:Call ntdll._wcsnicmp(023bd510 L"\??\pipe\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",7b0735a0 L"\??\PIPE\\6157\7469\614e\656d\5064\7069\5765\2500\2073\7830\3025\7838\n",00000009) ret=7b04baf7 003b:Ret ntdll._wcsnicmp() retval=00000000 ret=7b04baf7 ... --- snip ---
The trace log contains garbage characters because the string is not NULL terminated. Technically there is nothing wrong here - but still it would make the log output less suspicious (uninitialized/corrupted memory).
Wine source:
https://source.winehq.org/git/wine.git/blob/0cbadb716ddaeb016ffe14deae2aaced...
--- snip --- 1337 BOOL WINAPI DECLSPEC_HOTPATCH WaitNamedPipeW( LPCWSTR name, DWORD timeout ) 1338 { 1339 static const WCHAR leadin[] = {'\','?','?','\','P','I','P','E','\'}; 1340 NTSTATUS status; 1341 UNICODE_STRING nt_name, pipe_dev_name; 1342 FILE_PIPE_WAIT_FOR_BUFFER *pipe_wait; 1343 IO_STATUS_BLOCK iosb; 1344 OBJECT_ATTRIBUTES attr; 1345 ULONG wait_size; 1346 HANDLE pipe_dev; 1347 1348 TRACE( "%s 0x%08x\n", debugstr_w(name), timeout ); 1349 1350 if (!RtlDosPathNameToNtPathName_U( name, &nt_name, NULL, NULL )) return FALSE; 1351 1352 if (nt_name.Length >= MAX_PATH * sizeof(WCHAR) || 1353 nt_name.Length < sizeof(leadin) || 1354 wcsnicmp( nt_name.Buffer, leadin, ARRAY_SIZE( leadin )) != 0) 1355 { 1356 RtlFreeUnicodeString( &nt_name ); 1357 SetLastError( ERROR_PATH_NOT_FOUND ); 1358 return FALSE; 1359 } 1360 ... 1399 } --- snip ---
Line 1354, 'leadin' is not NULL terminated.
$ wine --version wine-5.0-rc5
Regards
https://bugs.winehq.org/show_bug.cgi?id=48473
--- Comment #1 from Gijs Vermeulen gijsvrm@gmail.com --- This was probably fixed by https://source.winehq.org/git/wine.git/commit/762f51cf93b6efca0defb2929f3278abb034dae7
https://bugs.winehq.org/show_bug.cgi?id=48473
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |762f51cf93b6efca0defb2929f3 | |278abb034dae7 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Gijs,
thanks for the reminder. Indeed fixed by https://source.winehq.org/git/wine.git/commitdiff/762f51cf93b6efca0defb2929f... ("kernelbase: Use wide character string literals in the remaining files.").
Part of Wine 5.4 release.
Thanks Alexandre
$ wine --version wine-5.4-255-g00e55c8fc0
Regards
https://bugs.winehq.org/show_bug.cgi?id=48473
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.5.
https://bugs.winehq.org/show_bug.cgi?id=48473
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|kernelbase |kernel32
-
WineHQ Bugzilla