[Bug 30567] Paltalk Messenger crashes on start (kernel32.OutputDebugStringA needs to cope with NULL pointer)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed May 2 14:50:12 CDT 2012
http://bugs.winehq.org/show_bug.cgi?id=30567
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Version|unspecified |1.5.3
URL| |www.paltalk.com/download/0.
| |x/pal_install_r110010.exe
Keywords| |download
Component|-unknown |kernel32
CC| |focht at gmx.net
Ever Confirmed|0 |1
Summary|Paltalk Messenger crashes |Paltalk Messenger crashes
|on start |on start
| |(kernel32.OutputDebugString
| |A needs to cope with NULL
| |pointer)
--- Comment #4 from Anastasius Focht <focht at gmx.net> 2012-05-02 14:50:12 CDT ---
Hello,
confirming.
There is a crash when trying to login (you can use any input for testing).
The app makes extensive use of OutputDebugString() API for logging purpose.
--- snip ---
...
0037:Call KERNEL32.OutputDebugStringA(00882c34 "palserver::NetworkingError\n
") ret=006fcd54
0037:warn:debugstr:OutputDebugStringA "palserver::NetworkingError\n "
0037:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=006fcd54
0037:Call KERNEL32.OutputDebugStringA(00000000) ret=006fcd5e
0037:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7b835877
ip=7b835877 tid=0037
0037:trace:seh:raise_exception info[0]=00000000
0037:trace:seh:raise_exception info[1]=00000000
0037:trace:seh:raise_exception eax=00000000 ebx=7b8b06b0 ecx=ffffffff
edx=00000000 esi=0d19e834 edi=00000000
0037:trace:seh:raise_exception ebp=0d19e908 esp=0d19e800 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010212
--- snip ---
The relevant app code:
--- snip ---
006FCD40 55 PUSH EBP
006FCD41 8BEC MOV EBP,ESP
006FCD43 83EC 08 SUB ESP,8
006FCD46 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
006FCD49 68 342C8800 PUSH OFFSET 00882C34 ; "palserver::NetworkingError "
006FCD4E FF15 B8B38600 CALL DWORD PTR DS:[<&KERNEL32.OutputDebugStringA>]
006FCD54 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0C]
006FCD57 50 PUSH EAX ; NULL ptr
006FCD58 FF15 B8B38600 CALL DWORD PTR DS:[<&KERNEL32.OutputDebugStringA>]
006FCD5E 68 60DE8600 PUSH OFFSET 0086DE60
006FCD63 FF15 B8B38600 CALL DWORD PTR DS:[<&KERNEL32.OutputDebugStringA>]
006FCD69 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
006FCD6C 8B91 AC000000 MOV EDX,DWORD PTR DS:[ECX+0AC]
006FCD72 52 PUSH EDX
006FCD73 6A 00 PUSH 0
006FCD75 FF15 18B88600 CALL DWORD PTR DS:[<&USER32.KillTimer>]
...
--- snip ---
The caller passes a hard-coded NULL pointer parameter to second
OutputDebugStringA:
--- snip ---
006FCFFA 6A 00 PUSH 0
006FCFFC 6A 00 PUSH 0
006FCFFE 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
006FD001 E8 3AFDFFFF CALL 006FCD40
006FD006 33C0 XOR EAX,EAX
--- snip ---
Wine needs to cope with NULL ptr passed to OutputDebugStringA.
Source:
http://source.winehq.org/git/wine.git/blob/b5a33dab886df6352011457932713ed321976bf6:/dlls/kernel32/debugger.c#l243
--- snip ---
243 void WINAPI OutputDebugStringA( LPCSTR str )
244 {
245 static HANDLE DBWinMutex = NULL;
246 static BOOL mutex_inited = FALSE;
247
248 /* send string to attached debugger */
249 SERVER_START_REQ( output_debug_string )
250 {
251 req->string = wine_server_client_ptr( str );
252 req->length = strlen(str) + 1;
253 wine_server_call( req );
254 }
255 SERVER_END_REQ;
256
257 WARN("%s\n", debugstr_a(str));
--- snip ---
Crash is at line 252 (strlen).
With OutputDebugStringA fixed the app doesn't crash and validates the login.
I don't have an account to play further.
$ du -sh pal_install_r110010.exe
24M pal_install_r110010.exe
$ sha1sum pal_install_r110010.exe
c83e74876b47a8b5e9f25fd3f4652704c0de1ee5 pal_install_r110010.exe
$ wine --version
wine-1.5.3-73-g93a0ca7
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list