Passing a null into create_descriptor crashes on .... init_object( &ret->hdr, SQL_HANDLE_DESC, &stmt->hdr );
From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
--- dlls/odbc32/proxyodbc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/dlls/odbc32/proxyodbc.c b/dlls/odbc32/proxyodbc.c index 299f1f8e08b..8ab64373288 100644 --- a/dlls/odbc32/proxyodbc.c +++ b/dlls/odbc32/proxyodbc.c @@ -395,7 +395,11 @@ static void init_object( struct object *obj, UINT32 type, struct object *parent obj->parent = parent; list_init( &obj->entry ); list_init( &obj->children ); - if (parent) list_add_tail( &parent->children, &obj->entry ); + if (parent) + { + list_add_tail( &parent->children, &obj->entry ); + obj->win32_funcs = parent->win32_funcs; + } InitializeCriticalSectionEx( &obj->cs, 0, RTL_CRITICAL_SECTION_FLAG_FORCE_DEBUG_INFO ); obj->cs.DebugInfo->Spare[0] = (DWORD_PTR)(__FILE__ ": object.cs"); }
From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
--- dlls/odbc32/proxyodbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/odbc32/proxyodbc.c b/dlls/odbc32/proxyodbc.c index 8ab64373288..f07a6510d7f 100644 --- a/dlls/odbc32/proxyodbc.c +++ b/dlls/odbc32/proxyodbc.c @@ -544,7 +544,7 @@ static SQLRETURN alloc_descriptors( struct statement *stmt ) unsigned int i; for (i = 0; i < ARRAY_SIZE(stmt->desc); i++) { - if (!(stmt->desc[i] = create_descriptor( NULL ))) + if (!(stmt->desc[i] = create_descriptor( stmt ))) { free_descriptors( stmt ); return SQL_ERROR;
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=147723
Your paranoid android.
=== debian11 (build log) ===
error: patch failed: dlls/odbc32/proxyodbc.c:544 Task: Patch failed to apply
=== debian11b (build log) ===
error: patch failed: dlls/odbc32/proxyodbc.c:544 Task: Patch failed to apply
Hans Leidekker (@hans) commented about dlls/odbc32/proxyodbc.c:
unsigned int i; for (i = 0; i < ARRAY_SIZE(stmt->desc); i++) {
if (!(stmt->desc[i] = create_descriptor( NULL )))
if (!(stmt->desc[i] = create_descriptor( stmt )))
This is on purpose, these descriptors are not regular child objects. Can you describe what fails?
On Wed Aug 14 07:01:39 2024 +0000, Hans Leidekker wrote:
This is on purpose, these descriptors are not regular child objects. Can you describe what fails?
First, it's using NULL as an offset to a pointer structure
``` descriptor *create_descriptor( struct statement *stmt ) ... init_object( &ret->hdr, SQL_HANDLE_DESC, &stmt->hdr );
Second a crash in set_desc_rec_win32, assumes that win32_funcs is valid. SQLSetDescRec ... struct descriptor *desc = (struct descriptor *)lock_object( DescriptorHandle, SQL_HANDLE_DESC ); -> set_desc_rec_win32(desc) -> -> desc->hdr.win32_funcs->SQLSetDescRec ```
On Wed Aug 14 07:16:37 2024 +0000, Alistair Leslie-Hughes wrote:
First, it's using NULL as an offset to a pointer structure
descriptor *create_descriptor( struct statement *stmt ) ... init_object( &ret->hdr, SQL_HANDLE_DESC, &stmt->hdr ); Second a crash in set_desc_rec_win32, assumes that win32_funcs is valid. SQLSetDescRec ... struct descriptor *desc = (struct descriptor *)lock_object( DescriptorHandle, SQL_HANDLE_DESC ); -> set_desc_rec_win32(desc) -> -> desc->hdr.win32_funcs->SQLSetDescRec
hdr is the first field so &stmt->hdr is NULL when stmt is NULL. win32_funcs should be set in alloc_handle(). If that's not the case then there must be a bug somewhere else. Can you show you are calling these funtions?
On Wed Aug 14 07:29:28 2024 +0000, Hans Leidekker wrote:
hdr is the first field so &stmt->hdr is NULL when stmt is NULL. win32_funcs should be set in alloc_handle(). If that's not the case then there must be a bug somewhere else. Can you show you are calling these funtions?
Backtrace of the crash =>0 0x7537ee50 set_desc_field_win32_w(desc=<internal error>, len=<internal error>, value=<internal error>, id=<internal error>, record=<internal error>) [/home/alesliehughes/wine-staging/wine32/../wine/dlls/odbc32/proxyodbc.c:7600] in odbc32 (0x077ee540) 1 0x7537ee50 SQLSetDescFieldW+0x80(DescriptorHandle=<couldn't compute location>, RecNumber=<couldn't compute location>, FieldIdentifier=<couldn't compute location>, Value=<couldn't compute location>, BufferLength=<couldn't compute location>) [/home/alesliehughes/wine-staging/wine32/../wine/dlls/odbc32/proxyodbc.c:7629] in odbc32 (0x077ee540) 2 0x1f6b50c7 in msdasql (+0x50c7) (0x077ee578)
On Wed Aug 14 07:38:57 2024 +0000, Alistair Leslie-Hughes wrote:
Backtrace of the crash =>0 0x7537ee50 set_desc_field_win32_w(desc=<internal error>, len=<internal error>, value=<internal error>, id=<internal error>, record=<internal error>) [/home/alesliehughes/wine-staging/wine32/../wine/dlls/odbc32/proxyodbc.c:7600] in odbc32 (0x077ee540) 1 0x7537ee50 SQLSetDescFieldW+0x80(DescriptorHandle=<couldn't compute location>, RecNumber=<couldn't compute location>, FieldIdentifier=<couldn't compute location>, Value=<couldn't compute location>, BufferLength=<couldn't compute location>) [/home/alesliehughes/wine-staging/wine32/../wine/dlls/odbc32/proxyodbc.c:7629] in odbc32 (0x077ee540) 2 0x1f6b50c7 in msdasql (+0x50c7) (0x077ee578)
Thanks. I have added a patch in MR !6274 that should fix this.
This merge request was closed by Alistair Leslie-Hughes.
-
Alistair Leslie-Hughes -
Alistair Leslie-Hughes (@alesliehughes)
-
Hans Leidekker (@hans)
-
Marvin