Bug in ICO_ExtractIconExW

Gerard Patel gerard.patel at nerim.net
Sun Feb 17 10:12:00 CST 2002 

At 03:01 PM 2/17/02 +0100, you wrote:
>Hi,
>
>I have a systematic crash when browsing a folder which has a *.gz file
>inside (for example using GetOpenFileName).
<snip>
>=>0 0x4082ba06 (ICO_ExtractIconExW+0x386(lpszExeFileName=0x403c4558,
>RetPtr=0x405c59a8, nIconIndex=0xffffff69, nIcons=0x1, cxDesired=0x20,
>cyDesired=0x20) [exticon.c:325] in libuser32.so) (ebp=405c5910)
>       1 0x4082c1c5 (PrivateExtractIconsW+0xf5(lpwstrFile=0x403c4558,
>nIndex=0xffffff69, sizeX=0x20, sizeY=0x20, phicon=0x405c59a8, w=0x0,
>nIcons=0x1, y=0x0) [exticon.c:555] in libuser32.so) (ebp=405c5948)
>       2 0x4082c251 (PrivateExtractIconsA+0x71(lpstrFile=0x405c5a20,
>nIndex=0xffffff69, sizeX=0x20, sizeY=0x20, phicon=0x405c59a8, w=0x0,
>nIcons=0x1, y=0x0) [exticon.c:578] in libuser32.so) (ebp=405c597c)
>       3 0x4065ed8d (SIC_LoadIcon+0x3d(sSourceFile=0x405c5a20,
>dwSourceIndex=0xffffff69) [iconcache.c:115] in libshell32.so) (ebp=405c59b8)
>       4 0x4065eeb9 (SIC_GetIconIndex+0xb9(sSourceFile=0x405c5a20,
>dwSourceIndex=0xffffff69) [iconcache.c:154] in libshell32.so) (ebp=405c5a00)
>       5 0x4065f32c (PidlToSicIndex+0xcc(sh=0x403c48f4, pidl=0x403b6cb0,
>bBigIcon=0x0, uFlags=0x0, pIndex=0x405c5b58) [iconcache.c:311] in
>libshell32.so) (ebp=405c5b3c)

Well, this value of 0xffffff69 is suspicious.

I think that this code may be too optimist :

BOOL HCR_GetDefaultIcon (LPCSTR szClass, LPSTR szDest, DWORD len, LPDWORD dwNr)
{
        HKEY    hkey;
        char    sTemp[MAX_PATH];
        char    sNum[5];
        DWORD   dwType;
        BOOL    ret = FALSE;
 
        TRACE("%s\n",szClass );
 
        sprintf(sTemp, "%s\\DefaultIcon",szClass);
 
        if (!RegOpenKeyExA(HKEY_CLASSES_ROOT,sTemp,0,0x02000000,&hkey))
        {
          if (!RegQueryValueExA(hkey, NULL, 0, &dwType, szDest, &len))
          {
            if (dwType == REG_EXPAND_SZ)
            {
              ExpandEnvironmentStringsA(szDest, sTemp, MAX_PATH);
              strcpy(szDest, sTemp);
            }
            if (ParseFieldA (szDest, 2, sNum, 5)) *dwNr=atoi(sNum);
            ParseFieldA (szDest, 1, szDest, len);
            ret = TRUE;
          }
          RegCloseKey(hkey);
        }
        TRACE("-- %s %li\n", szDest, *dwNr );
        return ret;
}


in this case, maybe you could try something like :
if (ParseFieldA(szDest, 2, sNum, 5))
  *dwNr = atoi(sNum);
else
  *dwNr = 0;

I'm not sure it's correct, since it would mean that Wine
would always search for the icon 0 in the file. As I don't
know what is the exact meaning of the icon number in
the registry, I can't say more. However, it *should* not
crash anymore (if I'm right) as at least dwNr would be
initialized.

Gerard

More information about the wine-devel mailing list