[Bug 14726] AW broser crashes, starts fine with native wininet
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Aug 2 05:29:40 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=14726
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
--- Comment #2 from Anastasius Focht <focht at gmx.net> 2008-08-02 05:29:39 ---
Hello,
when the app queries proxy info using InternetQueryOptionA(
..INTERNET_OPTION_PROXY ..), wine initializes the out buffer incorrectly,
letting app believe there is proxy info which results in crash when accessing
the buffer.
Consider the following:
--- snip dlls/wininet/internet.c ---
DWORD INET_QueryOption(DWORD option, void *buffer, DWORD *size, BOOL unicode)
{
..
case INTERNET_OPTION_PROXY: {
WININETAPPINFOW ai;
TRACE("Getting global proxy info\n");
memset(&ai, 0, sizeof(WININETAPPINFOW));
INTERNET_ConfigureProxy(&ai);
return APPINFO_QueryOption(&ai.hdr, INTERNET_OPTION_PROXY, buffer,
size, unicode); /* FIXME */
}
..
}
--- snip dlls/wininet/internet.c ---
WININETAPPINFOW is zero initialized.
If INTERNET_ConfigureProxy() doesn't find any suitable info, the buffer is left
untouched.
Now the filling of return/out buffer data:
--- snip dlls/wininet/internet.c ---
static DWORD APPINFO_QueryOption(WININETHANDLEHEADER *hdr, DWORD option, void
*buffer, DWORD *size, BOOL unicode)
{
..
..
case INTERNET_OPTION_PROXY:
..
INTERNET_PROXY_INFOA *pi = (INTERNET_PROXY_INFOA *)buffer;
..
pi->dwAccessType = ai->dwAccessType;
pi->lpszProxy = NULL;
pi->lpszProxyBypass = NULL;
..
}
--- snip dlls/wininet/internet.c ---
Due to default initialization, pi->dwAccessType == 0 (which is actually
INTERNET_OPEN_TYPE_PRECONFIG = invalid anyway because it's only used for
setting info).
After InternetQueryOptionA() returns, the app checks pi->dwAccessType ==
INTERNET_OPEN_TYPE_DIRECT and if different, it tries to read the proxy info.
When accessing pi->lpszProxy it obviously crashes (sloppy app devs, not
checking for pi->lpszProxy == NULL).
Wine should initialize pi->dwAccessType with INTERNET_OPEN_TYPE_DIRECT if proxy
settings can't be determined, e.g. when ai->dwAccessType == 0 (one-liner
ternary)
Be sure to cover both, ansi and unicode path.
As side note ... the app is protected with PC Guard 5.x making analysis ~5
minutes longer ;-)
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list