[Bug 33961] New: RPC: server crashes during procedure call that return variable size array as out parameter
http://bugs.winehq.org/show_bug.cgi?id=33961
Bug #: 33961 Summary: RPC: server crashes during procedure call that return variable size array as out parameter Product: Wine Version: 1.6-rc2 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: rpc AssignedTo: wine-bugs@winehq.org ReportedBy: to_egor@hotmail.com Classification: Unclassified
RPC server implements an interface that has the following function prototype:
void GetPersons( [out] unsigned long *persons_size, [out, size_is(,*persons_size)] Person_info_t **persons);
When a function of mentioned prototype is called application crashes when Wine freeing its internal data used for marshalling. The core of the bug is because of Wine frees memory used for persons_size whereas persons_size must be alive and available at the moment of freeing persons.
http://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #1 from Egor to_egor@hotmail.com 2013-07-05 10:45:32 CDT --- Created attachment 45111 --> http://bugs.winehq.org/attachment.cgi?id=45111 Sources of simple project to bug reproduce. VS 2008
http://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #2 from Egor to_egor@hotmail.com 2013-07-05 10:48:26 CDT --- Created attachment 45112 --> http://bugs.winehq.org/attachment.cgi?id=45112 Piece of log with usefull information. May be interesting for developers
http://bugs.winehq.org/show_bug.cgi?id=33961
Egor to_egor@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|RPC: server crashes during |RPC: server crashes during |procedure call that return |procedure call that returns |variable size array as out |variable size array as out |parameter |parameter
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #3 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for over a year. Is this still an issue in current (1.7.37 or newer) wine? If so, please attach the terminal output in 1.7.37 (see http://wiki.winehq.org/FAQ#get_log).
https://bugs.winehq.org/show_bug.cgi?id=33961
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, testcase
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com --- Does a patch from bug 36743 help here?
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #5 from Egor to_egor@hotmail.com --- Hello, Austin and Nikolay. I will check your suggestions ASAP. Thank you.
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #6 from Egor to_egor@hotmail.com --- Created attachment 51370 --> https://bugs.winehq.org/attachment.cgi?id=51370 Some output of RPC server application in WINE 1.7.41
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #7 from Egor to_egor@hotmail.com --- (In reply to Austin English from comment #3) Hello, Austin. I have tested sample applications in WINE 1.7.41. Server doesn't crash, but currently I have another PC and VirtualBox version installed. The bug is still existing. Server works wrong and client catches exception with code 0x3e6 = 998. I attached fresh output log.
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #8 from Egor to_egor@hotmail.com --- Hello, Nikolay. I tested situation in latest version of WINE. See my comment above. Patch that you mentioned seems to solve problem. I have made similar patch for myself.
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #9 from Egor to_egor@hotmail.com --- Hello, Nikolay. The patch from bug 36743 also fixes memory leaks in the following case:
interface ITestRpc { void DoMemLeak( [out, string, size_is( 100 + 1 )] unsigned char* szAnsi, [out, string, size_is( 100 + 1 )] wchar_t* wszWide );
}
https://bugs.winehq.org/show_bug.cgi?id=33961
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #10 from super_man@post.com --- The other bug is now marked as fixed. Does it fix this too?
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #11 from Nikolay Sivov bunglehead@gmail.com --- Hello, Egor.
Please retest with current Wine, bug 36743 was fixed.
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #12 from Egor to_egor@hotmail.com --- Hello All! I will retest the bug ASAP
https://bugs.winehq.org/show_bug.cgi?id=33961
--- Comment #13 from Egor to_egor@hotmail.com --- (In reply to Nikolay Sivov from comment #11) Hello, Nikolay. In the current WINE 1.8.2 all works fine! Thank you for your care
https://bugs.winehq.org/show_bug.cgi?id=33961
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |614afcefa33c727f31d566c3d7e | |e05d74afc363f Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #14 from Nikolay Sivov bunglehead@gmail.com --- Glad to hear it, thanks for testing.
https://bugs.winehq.org/show_bug.cgi?id=33961
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #15 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.9.10.
-
wine-bugs@winehq.org