https://bugs.winehq.org/show_bug.cgi?id=55000

Bug ID: 55000 Summary: wineserver crashes below save_all_subkeys after RegUnLoadKey Product: Wine Version: 8.9 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wineserver Assignee: wine-bugs@winehq.org Reporter: bernhardu@mailbox.org Distribution: ---

While trying to reproduce a crash in procexp64 I noticed a crash in wineserver instead.

I think I found the reason in a call to `RegUnLoadKey(HKEY_USERS, ".Default")`, which succeeds in wine while it should maybe not.

Program terminated with signal SIGSEGV, Segmentation fault. 208 struct object *parent = key->obj.name->parent; (gdb) bt #0 get_parent () at server/registry.c:208 #1 dump_path () at server/registry.c:226 #2 save_all_subkeys () at server/registry.c:2008 #3 save_branch (path="userdef.reg") at server/registry.c:2107 #4 save_branch () at server/registry.c:2134 #5 periodic_save () at server/registry.c:2131 #6 periodic_save () at server/registry.c:2124 #7 get_next_timeout () at server/fd.c:959 #8 main_loop_epoll () at server/fd.c:617 #9 main_loop () at server/fd.c:992 #10 main () at server/main.c:237 (gdb) print key->obj.name $3 = (struct object_name *) 0x0

The "name" member got set to NULL here before in wineserver: 424 obj->name = NULL; (rr) bt #0 unlink_named_object () at server/object.c:424 #1 delete_key () at server/registry.c:1089 #2 req_unload_registry () at server/registry.c:2363 #3 call_req_handler () at server/request.c:305 #4 read_request () at server/request.c:360

With the request originating at process side here:

#14 wine_server_call () at dlls/ntdll/unix/server.c:307 #15 NtUnloadKey () at dlls/ntdll/unix/registry.c:767 #16 __wine_syscall_dispatcher ()