[Bug 29099] LabView 2011 demo crashes on start (PathRemoveExtensionA/W unconditionally tries to null terminate string)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Dec 30 10:22:28 CST 2011
http://bugs.winehq.org/show_bug.cgi?id=29099
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
Summary|LabView demo: crashes on |LabView 2011 demo crashes
|start |on start
| |(PathRemoveExtensionA/W
| |unconditionally tries to
| |null terminate string)
--- Comment #2 from Anastasius Focht <focht at gmx.net> 2011-12-30 10:22:28 CST ---
Hello,
confirming, still present.
--- snip ---
...
00c2:Call shlwapi.PathRemoveExtensionA(01e7a740 "LabVIEW") ret=006a6cad
00c2:Call user32.CharNextA(01e7a740 "LabVIEW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a741 ret=686ad97a
00c2:Call user32.CharNextA(01e7a741 "abVIEW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a742 ret=686ad97a
00c2:Call user32.CharNextA(01e7a742 "bVIEW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a743 ret=686ad97a
00c2:Call user32.CharNextA(01e7a743 "VIEW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a744 ret=686ad97a
00c2:Call user32.CharNextA(01e7a744 "IEW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a745 ret=686ad97a
00c2:Call user32.CharNextA(01e7a745 "EW") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a746 ret=686ad97a
00c2:Call user32.CharNextA(01e7a746 "W") ret=686ad97a
00c2:Ret user32.CharNextA() retval=01e7a747 ret=686ad97a
00c2:trace:seh:raise_exception code=c0000005 flags=0 addr=0x686ae4b8
ip=686ae4b8 tid=00c2
00c2:trace:seh:raise_exception info[0]=00000001
00c2:trace:seh:raise_exception info[1]=01e7a747
00c2:trace:seh:raise_exception eax=01e7a747 ebx=686e962c ecx=00000000
edx=00000057 esi=0032f8c0 edi=0032f844
00c2:trace:seh:raise_exception ebp=0032f838 esp=0032f800 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
00c2:trace:seh:call_vectored_handlers calling handler at 0x68f86e0e
code=c0000005 flags=0
00c2:trace:seh:call_vectored_handlers handler at 0x68f86e0e returned 0
--- snip ---
shlwapi.dll PathRemoveExtensionA() tries to modify a string that is located in
read-only executable section.
Dump of section info/executable mappings at runtime:
--- snip ---
Address Size Contains Access
....
00400000 0000100 PE header R
00401000 01A7400 .text Code R E
01E75000 0053B00 .rdata Imports,exports R
023B0000 0016B00 .data Data RWE CopyOnWr
0251B000 003C700 .rsrc Resources R
--- snip ---
0x01e7a740 "LabVIEW"-> constant string literal in .rdata
--- snip ---
Address Value ASCII
01E7A740 5662614C LabV
01E7A744 00574549 IEW
01E7A748 67655210 �Reg
01E7A74C 72747369 istr
--- snip ---
Code:
http://source.winehq.org/git/wine.git/blob/ce3dd89b5411edfdf448bd80ac8dd2b71a972e53:/dlls/shlwapi/path.c#l777
--- snip ---
766 void WINAPI PathRemoveExtensionA(LPSTR lpszPath)
767 {
768 TRACE("(%s)\n", debugstr_a(lpszPath));
769
770 if (lpszPath)
771 {
772 lpszPath = PathFindExtensionA(lpszPath);
773 *lpszPath = '\0';
774 }
775 }
--- snip ---
Obviously PathRemoveExtensionA() isn't supposed to modify the string in this
case (writing null terminator).
I added a null terminator check and it allows the application to start.
You might also want to fix PathRemoveExtensionW().
$ sha1sum 2011LV-WinEng.exe
2827f32f1ce737226f34a0961938ed84b8f0e164 2011LV-WinEng.exe
$ wine --version
wine-1.3.35-273-geaa8801
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list