[Bug 19435] New: Some winsock calls will crash when passing NULL as protocol parameter
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Jul 23 13:41:55 CDT 2009
http://bugs.winehq.org/show_bug.cgi?id=19435
Summary: Some winsock calls will crash when passing NULL as
protocol parameter
Product: Wine
Version: 1.0.1
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: winsock
AssignedTo: wine-bugs at winehq.org
ReportedBy: wine-bugs at thinktradellc.com
The problem occurs when attempting to queue the asynchronous call. Here is a
patch to fix the problem. NULL is a valid call parameter for system calls such
as WSAAsyncGetServByName, but __WSAsyncDBQuery attempts to get strlen() etc...
Andrew Athan
*** async.c~ 2008-10-17 08:45:25.000000000 -0700
--- async.c 2009-07-23 09:47:50.000000000 -0700
*************** static HANDLE16 __WSAsyncDBQuery(
*** 539,551 ****
switch (flags & AQ_MASKPTR1) {
case 0: break;
case AQ_COPYPTR1: xbuflen += int1; break;
! case AQ_DUPLOWPTR1: xbuflen += strlen(ptr1) + 1; break;
}
switch (flags & AQ_MASKPTR2) {
case 0: break;
case AQ_COPYPTR2: xbuflen += int2; break;
! case AQ_DUPLOWPTR2: xbuflen += strlen(ptr2) + 1; break;
}
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) {
--- 539,551 ----
switch (flags & AQ_MASKPTR1) {
case 0: break;
case AQ_COPYPTR1: xbuflen += int1; break;
! case AQ_DUPLOWPTR1: xbuflen += (ptr1 ? strlen(ptr1)+1:0); break;
}
switch (flags & AQ_MASKPTR2) {
case 0: break;
case AQ_COPYPTR2: xbuflen += int2; break;
! case AQ_DUPLOWPTR2: xbuflen += (ptr2 ? strlen(ptr2)+1:0); break;
}
if(!(aq = HeapAlloc(GetProcessHeap(),0,sizeof(async_query) + xbuflen))) {
*************** static HANDLE16 __WSAsyncDBQuery(
*** 557,568 ****
if (ptr1) switch (flags & AQ_MASKPTR1) {
case 0: break;
case AQ_COPYPTR1: memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1;
break;
! case AQ_DUPLOWPTR1: pfm = ptr1; ptr1 = pto; do *pto++ = tolower(*pfm);
while (*pfm++); break;
}
if (ptr2) switch (flags & AQ_MASKPTR2) {
case 0: break;
case AQ_COPYPTR2: memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2;
break;
! case AQ_DUPLOWPTR2: pfm = ptr2; ptr2 = pto; do *pto++ = tolower(*pfm);
while (*pfm++); break;
}
aq->hWnd = HWND_16(hWnd);
--- 557,568 ----
if (ptr1) switch (flags & AQ_MASKPTR1) {
case 0: break;
case AQ_COPYPTR1: memcpy(pto, ptr1, int1); ptr1 = pto; pto += int1;
break;
! case AQ_DUPLOWPTR1: if(!ptr1)break;pfm = ptr1; ptr1 = pto; do *pto++ =
tolower(*pfm); while (*pfm++); break;
}
if (ptr2) switch (flags & AQ_MASKPTR2) {
case 0: break;
case AQ_COPYPTR2: memcpy(pto, ptr2, int2); ptr2 = pto; pto += int2;
break;
! case AQ_DUPLOWPTR2: if(!ptr2)break;pfm = ptr2; ptr2 = pto; do *pto++ =
tolower(*pfm); while (*pfm++); break;
}
aq->hWnd = HWND_16(hWnd);
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list