[Bug 49314] New: Wine segfaults with too many command-line arguments

List overview All Threads

newer

older

[Bug 32613] New: Tom Clancy's...

[Bug 49821] New: Seismobuild...

WineHQ Bugzilla

3 Jun 2020 3 Jun '20

1:40 p.m.

https://bugs.winehq.org/show_bug.cgi?id=49314

Bug ID: 49314 Summary: Wine segfaults with too many command-line arguments Product: Wine Version: 5.7 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: esteve.varela@gmail.com Distribution: ---

Running the `wine` command on any program, with too many arguments (or too long of a command-line) causes a segfault.

An example of a command that can reproduce this bug on most systems: wine start '/?' /usr/bin/*

Expected output: A list of option flags for wine start Gotten result: Segmentation fault

This bug is problematic because it can happen with command-lines shorter than 32767 bytes (which I believe to be the upper limit supported by wine), though the exact circumstances aren't exactly clear.

The reported behavior has been observed with wine 5.7, but is still present in 5.9. On wine-staging, the error is instead: 0024:err:seh:segv_handler_early Got unexpected trap 14 during process initialization

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

WineHQ Bugzilla

3 Jun 3 Jun

1:45 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

--- Comment #1 from esteve.varela@gmail.com --- Maybe these commands better illustrate the problem: seq 3174 | wc -c # Reports 14763 bytes wine start '/?' $(seq 3174) # Segfault

seq 3173 | wc -c # Reports 14758 bytes wine start '/?' $(seq 3173) # Works

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

4:48 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

Austin English austinenglish@gmail.com changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

8 Jun 8 Jun

2:31 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

--- Comment #2 from esteve.varela@gmail.com --- Small update: I came across wine 4.0 and tried it. This bug isn't present there.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

9 Jun 9 Jun

8:52 a.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

esteve.varela@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Version|5.7 |5.0

--- Comment #3 from esteve.varela@gmail.com --- Another small thing: It's also broken on wine-5.0, and 5.10.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

11:41 a.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

esteve.varela@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Version|5.0 |4.19

--- Comment #4 from esteve.varela@gmail.com --- According to a `git bisect` I've ran of the issue, the first commit breaking this seems to be: 2607bfa28fcbaf1ca4ab0f65c3b6ad905ae70f63 This commit was first included in 4.19.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

1:02 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

--- Comment #5 from esteve.varela@gmail.com --- Tracking down that commit, and messing around with the differences in the code before and after, this change seems to fix it:

diff --git a/dlls/ntdll/env.c b/dlls/ntdll/env.c index f8b243154b..8d5d86e48c 100644 --- a/dlls/ntdll/env.c +++ b/dlls/ntdll/env.c @@ -810,9 +810,9 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline ) LPWSTR p;

len = 1; - for (arg = argv; *arg; arg++) len += 3 + 2 * wcslen( *arg ); + for (arg = argv; *arg; arg++) len += 3 + wcslen( *arg ); cmdline->MaximumLength = len * sizeof(WCHAR); - if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return; + if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return;

p = cmdline->Buffer; for (arg = argv; *arg; arg++)

This probably isn't a "proper" fix but it works well enough to not segfault. I suppose the "MaximumLength" value overflows for some reason, and should be bounds-checked. I wonder if this is a security issue?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

10 Jun 10 Jun

1:49 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

Alexandre Julliard julliard@winehq.org changed:

--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Fixed by a240abf12b615a50105e4567951df7c1e01d5a03.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

19 Jun 19 Jun

7:50 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #7 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.11.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

26 Jan 26 Jan

11:13 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

Michael Stefaniuc mstefani@winehq.org changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

23 Mar 23 Mar

8:22 p.m.

New subject: [Bug 49314] Wine segfaults with too many command-line arguments

https://bugs.winehq.org/show_bug.cgi?id=49314

Michael Stefaniuc mstefani@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|5.0.x |---

--- Comment #8 from Michael Stefaniuc mstefani@winehq.org --- Removing the 5.0.x milestone from bug fixes included in 5.0.4.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1397

Age (days ago)

1690

Last active (days ago)

wine-bugs@winehq.org

10 comments

1 participants

tags (0)

participants (1)

WineHQ Bugzilla