http://bugs.winehq.org/show_bug.cgi?id=14726
Summary: AW broser crashes, starts fine with native wininet Product: Wine Version: CVS/GIT Platform: Other URL: http://objects.activeworlds.com/downloads/awb42.exe OS/Version: other Status: NEW Keywords: download Severity: enhancement Priority: P2 Component: wininet AssignedTo: wine-bugs@winehq.org ReportedBy: xerox_xerox2000@yahoo.co.uk
Hi, a user reported a crash with this app on the users-list. I starts fine for me with native wininet. The trouble seem to start here:
0009:Ret wininet.InternetQueryOptionA() retval=00000001 ret=004b211c 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4b21cf 0009:trace:seh:raise_exception info[0]=00000000 . . . wine: Unhandled page fault on read access to 0x00000000 at address 0x4b21cf (thread 0009), starting debugger...
http://bugs.winehq.org/show_bug.cgi?id=14726
--- Comment #1 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2008-08-02 03:44:33 --- Created an attachment (id=15217) --> (http://bugs.winehq.org/attachment.cgi?id=15217) +wininet,+relay log
http://bugs.winehq.org/show_bug.cgi?id=14726
Louis Lenders xerox_xerox2000@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |normal
http://bugs.winehq.org/show_bug.cgi?id=14726
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net 2008-08-02 05:29:39 --- Hello,
when the app queries proxy info using InternetQueryOptionA( ..INTERNET_OPTION_PROXY ..), wine initializes the out buffer incorrectly, letting app believe there is proxy info which results in crash when accessing the buffer.
Consider the following:
--- snip dlls/wininet/internet.c --- DWORD INET_QueryOption(DWORD option, void *buffer, DWORD *size, BOOL unicode) { .. case INTERNET_OPTION_PROXY: { WININETAPPINFOW ai;
TRACE("Getting global proxy info\n"); memset(&ai, 0, sizeof(WININETAPPINFOW)); INTERNET_ConfigureProxy(&ai);
return APPINFO_QueryOption(&ai.hdr, INTERNET_OPTION_PROXY, buffer, size, unicode); /* FIXME */ } .. } --- snip dlls/wininet/internet.c ---
WININETAPPINFOW is zero initialized. If INTERNET_ConfigureProxy() doesn't find any suitable info, the buffer is left untouched.
Now the filling of return/out buffer data:
--- snip dlls/wininet/internet.c --- static DWORD APPINFO_QueryOption(WININETHANDLEHEADER *hdr, DWORD option, void *buffer, DWORD *size, BOOL unicode) { .. .. case INTERNET_OPTION_PROXY: .. INTERNET_PROXY_INFOA *pi = (INTERNET_PROXY_INFOA *)buffer; .. pi->dwAccessType = ai->dwAccessType; pi->lpszProxy = NULL; pi->lpszProxyBypass = NULL; .. } --- snip dlls/wininet/internet.c ---
Due to default initialization, pi->dwAccessType == 0 (which is actually INTERNET_OPEN_TYPE_PRECONFIG = invalid anyway because it's only used for setting info).
After InternetQueryOptionA() returns, the app checks pi->dwAccessType == INTERNET_OPEN_TYPE_DIRECT and if different, it tries to read the proxy info. When accessing pi->lpszProxy it obviously crashes (sloppy app devs, not checking for pi->lpszProxy == NULL).
Wine should initialize pi->dwAccessType with INTERNET_OPEN_TYPE_DIRECT if proxy settings can't be determined, e.g. when ai->dwAccessType == 0 (one-liner ternary) Be sure to cover both, ansi and unicode path.
As side note ... the app is protected with PC Guard 5.x making analysis ~5 minutes longer ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=14726
Hans Leidekker hans@it.vu.nl changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hans@it.vu.nl
--- Comment #3 from Hans Leidekker hans@it.vu.nl 2008-08-02 16:22:53 --- I've sent a patch that fixes this bug: http://www.winehq.org/pipermail/wine-patches/2008-August/059023.html
http://bugs.winehq.org/show_bug.cgi?id=14726
Vijay Kamuju infyquest@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #4 from Vijay Kamuju infyquest@gmail.com 2008-08-04 09:55:43 --- the patch has been committed http://source.winehq.org/git/wine.git/?a=commit;h=3c43a6568fc3d25d9bbebe2350... This fix will be in 1.1.3
http://bugs.winehq.org/show_bug.cgi?id=14726
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org 2008-08-22 10:48:55 --- Closing bugs fixed in 1.1.3.
http://bugs.winehq.org/show_bug.cgi?id=14726
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
http://bugs.winehq.org/show_bug.cgi?id=14726
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |3c43a6568fc3d25d9bbebe2350e | |b747fe3c1dfeb Hardware|Other |x86 Version|unspecified |1.1.2 OS|other |Linux
-
wine-bugs@winehq.org