No subject

Tue Aug 30 17:20:58 CDT 2005

'system.1st' (yeah, I know, I should run in a no-Windows install, but well,
my Wine installation is 6 years old and still working, so I won't change now
:-) ).

Anyway, the faulty function is '_strdupnA'.

I added some traces and I have this :

0009:trace:reg:_strdupnA System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick (0x3c003f40) 79
0009:trace:reg:_strdupnA 0x3c003f90

This means that the string given as a parameter has the pointer
'0x3c003f40', the length parameter is '79' and it returns '0x3c003f90'.

It crashes later on at :

0009:trace:reg:_strdupnA System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM (0x3c003f90) 114
0009:trace:reg:_strdupnA 0x3c003418

So we give the '0x3c003f90' pointer (which is of length 79 as seen in the
previous debug output) but (if you look at the code), will read 114 bytes
from it (as the function uses 'memcpy' and not 'strncpy').

The attached patch fixes all crashes on my box, but well, as I am not very
familiar with this code, sent it to wine-devel and not wine-patches for
review by Registry gurus :-)


		 Lionel Ulmer -

Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=PATCH_NTDLL_20030802_01

? misc/registry_hack.c
Index: misc/registry.c
RCS file: /home/wine/wine/misc/registry.c,v
retrieving revision 1.127
diff -u -r1.127 registry.c
--- misc/registry.c	24 Jun 2003 02:32:01 -0000	1.127
+++ misc/registry.c	2 Aug 2003 19:59:44 -0000
@@ -99,7 +99,7 @@
     if (!str) return NULL;
     ret = _xmalloc( len + 1 );
-    memcpy( ret, str, len );
+    strncpy( ret, str, len );
     ret[len] = 0x00;
     return ret;


More information about the wine-devel mailing list