I have an application that calls GetCommandLineW() and then appends to the returned pointer its own custom command line. Currently this leads to the heap corruption under Wine, while under Windows this apparently just overwrites the tail of Peb->ProcessParameters block.
Under Wine the reason of heap corruption is that dlls/kernel32/process.c, build_command_line() replaces the Peb->ProcessParameters->CommandLine by a heap allocated buffer which points outside of the Peb->ProcessParameters block.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/ntdll/tests/env.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/tests/env.c b/dlls/ntdll/tests/env.c index 0c864fb2bc..d7144f6e8d 100644 --- a/dlls/ntdll/tests/env.c +++ b/dlls/ntdll/tests/env.c @@ -330,8 +330,18 @@ static void test_process_params(void) WCHAR *str; UINT_PTR pos; MEMORY_BASIC_INFORMATION info; - NTSTATUS status = pRtlCreateProcessParameters( ¶ms, &image, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL ); + NTSTATUS status; + +todo_wine + ok( (char *)cur_params->CommandLine.Buffer > (char *)cur_params && + (char *)cur_params->CommandLine.Buffer < (char *)cur_params + cur_params->Size, + "params %p-%p, params->CommandLine.Buffer %p\n", + cur_params, (char *)cur_params + cur_params->Size, cur_params->CommandLine.Buffer); + size = ((char *)cur_params + cur_params->Size) - (char *)cur_params->CommandLine.Buffer; + ok(size > 180, "CommandLine size is too small (%lu bytes)\n", size); + + status = pRtlCreateProcessParameters( ¶ms, &image, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL ); ok( !status, "failed %x\n", status ); if (VirtualQuery( params, &info, sizeof(info) ) && info.AllocationBase == params) { @@ -398,6 +408,15 @@ static void test_process_params(void) broken( ((pos + 3) & ~3) == size ), "wrong size %lx/%lx\n", pos, size ); } else ok( broken(TRUE), "environment not inside block\n" ); /* <= win2k3 */ + + str = get_params_string( params, ¶ms->CommandLine ); + ok( (char *)str > (char *)params && + (char *)str < (char *)params + params->Size, + "params %p-%p, params->CommandLine.Buffer %p\n", + cur_params, (char *)cur_params + params->Size, str); + size = ((char *)cur_params + params->Size) - (char *)str; + ok(size > 180, "CommandLine size is too small (%lu bytes)\n", size); + pRtlDestroyProcessParameters( params );
status = pRtlCreateProcessParameters( ¶ms, &image, &dummy, &dummy, &dummy, dummy_env,