unaligned access bug in winspool on sparc

Eric Frias efrias at syncad.com
Fri Oct 22 15:51:24 CDT 2004


I just ran across an evil little bug in the WINSPOOL_GetPrinter_2 function.
It looks like this type of bug could be hiding in other API functions too.
It causes a segmentation fault because of an unaligned access on Solaris
(sparc).

This function packs a PRINTER_INFO_2 structure and all of its
variable-length fields into one contiguous block of memory.  The structure
is first, then several strings, and then a DEVMODE structure.  The problem
is that because the strings can be any length, the DEVMODE structure itself
could be placed at an unaligned (odd) address.  So on our system, wine runs
correctly if we only have printers with an even number of letters in their
name in the printcap file, but it crashes if any have an odd number of
letters in their name.

I put in a quick hack that aligns it to a 4-byte boundary.  I think a
two-byte boundary would suffice, but I decided to err on the safe side since
I wasn't sure.  I inserted the following block near line 1822 in info.c:
------
     {
      int bytesOfPadding = (4 - (*pcbNeeded % 4)) % 4;
      if (space && bytesOfPadding <= left) {
        ptr += bytesOfPadding;
        left -= bytesOfPadding;
      } else
        space = FALSE;
      *pcbNeeded += bytesOfPadding;
    }
------
right before the line:
------
    if(WINSPOOL_GetDevModeFromReg(hkeyPrinter, Default_DevModeW, ptr, left,
                                  &size, unicode)) {
-----

What is the correct way to align this structure?  Are there any macros that
specify the necessary alignment for each architecture?  I'm also wondering
if there are any other functions that are likely to contain the same bug.

Thanks,
Eric




More information about the wine-devel mailing list