[Bug 23283] Cannot print my annual income tax return in ElsterFormular (crash) (shell32.SHELL_FindExecutable corrupts stack)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jan 13 14:03:21 CST 2012 

http://bugs.winehq.org/show_bug.cgi?id=23283

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |ABANDONED

--- Comment #9 from Anastasius Focht <focht at gmx.net> 2012-01-13 14:03:21 CST ---
Hello,

--- quote ---
Is this still an issue?

My Elster is flying around without crashes. I use this version:
http://appdb.winehq.org/objectManager.php?sClass=version&iId=22570

wine v1.3.36
--- quote ---

Well, obviously not - the app code was partially rewritten.
It seems the stack based buffer is now MAX_PATH length, no security cookie.

The app uses the "A" version of FindExecutable() now which supplies a MAX_PATH
sized buffer on its own for A<->W conversion hence FindExecutableW() doesn't
pass the app buffer down directly to SHELL_FindExecutable() and SHELL_ArgifyW()
to operate on.

Because an internal buffer with MAX_PATH is used, '"<executable_path>" "%1"'
replacing "%1" with real path works because truncation happens on closing
double quote (executable name), first space or MAX_PATH.

Though if an app still supplies buffer<MAX_PATH (ignoring what MSDN says) and
calls FindExecutableW() directly it will overflow with overly long paths.

"ElsterFormular 2008/2009" Download:

https://download.elster.de/download/2008/ElsterFormular-10.4.0.0.exe

The binaries are compiled in 2011.

$ sha1sum ElsterFormular-10.4.0.0.exe 
b85f6341860396a334eea48a171c5a3aa921bf3a  ElsterFormular-10.4.0.0.exe

$ wine --version
wine-1.3.36-310-gaba9ddc

("wine ./Elfo2008.exe peterx3" to skip loader)

Because this can't be reproduced anymore (broken app unavailable) I'll mark
this one abandoned until another app shows up.

Nothing was fixed on Wine side.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list