http://bugs.winehq.org/show_bug.cgi?id=10345

Summary: ShellExecute with very long params crashes (affects Picasa) Product: Wine Version: 0.9.20. Platform: Other URL: http://dl.google.com/picasa/picasaweb-current-setup.exe OS/Version: other Status: NEW Keywords: download Severity: normal Priority: P2 Component: wine-shell32 AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com

With current Windows picasa, some users reported a crash caused by overflow of a fixed-size buffer in SHELL_execute(). That buffer size is still fixed and small in current git (I think).

To repeat: 1. Launch picasa, select a folder. 2. Login to Picasa 'Web Albums', click on 'Web Album' button in display tray. 3. 'Send n photos to a Picasa Web Album' dialog is opened. 4. Click on 'Upgrade storage...' button. It crashes on some machines.

On those machines, the following err is seen: err:exec:SHELL_execute Parameters exceeds buffer size (1126 > 1024) SHELL_execute is 350 lines long (yargh!), which makes a proper fix a bit of a challenge, but bumping up the size of one of the buffers in that function does make the problem go away.

On a machine that doesn't crash, the parameter being passed to winebrowser is 900 or so bytes long, which is still perilously close to the 1024 byte limit. For reference, here's what +relay shows for that call. 0009:Call shell32.ShellExecuteA(00000000,008c5f98 "open",00ca692c "c:\windows\system32\winebrowser.exe",01e247e4 ""https://www.google.com/accounts/TokenAuth?auth=xhF6GxYBAAA,.2VMY_71Prxa88heF...) ret=00703902