[PATCH] buffer overflow checking for string functions

Dan Kegel dank at kegel.com
Thu Sep 4 13:34:43 CDT 2008 

Hi Marcus,
http://kegel.com/wine/patchwatcher/results/ shows your patch seems
to have caused a test to fail.  The full log is at
http://kegel.com/wine/patchwatcher/results/1045.log
Can you check it and see if it's spurious, or if this is something
you need to fix up, or if it was a lurking bug?
Thanks,
Dan

p.s. the interesting bit is:


../../../tools/runtest -q -P wine -M msxml3.dll -T ../../.. -p
msxml3_test.exe.so saxreader.c && touch saxreader.ok
wine: Unhandled exception 0xc0000409 at address 0x60415fa0 (thread
0062), starting debugger...
Unhandled exception: 0xc0000409 in 32-bit code (0x60416016).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:60416016 ESP:0032f174 EBP:0032f1d8 EFLAGS:00000246(   - 00      - IZP1)
 EAX:603ffc99 EBX:60485d88 ECX:001230a8 EDX:00000000
 ESI:6053eda0 EDI:00000000
Stack dump:
0x0032f174:  610602b0 0032f3d8 6053d1c4 00000001
0x0032f184:  c0000409 00000001 00000000 60415fa0
0x0032f194:  00000000 6051f145 6053766a 6053d1c4
0x0032f1a4:  00000000 0032f1d8 605378ce 00000001
0x0032f1b4:  6053ae6f 0032f1e8 6053753c 6053add6
0x0032f1c4:  0000005c 0032f83c 6053d1c4 0032f1e8
Backtrace:
=>1 0x60416016 RaiseException+0x76(code=3221226505, flags=1, nbargs=0,
args=(nil)) [/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/kernel32/except.c:85]
in kernel32 (0x0032f1d8)
  2 0x60531cca test_saxstr+0xca(line=281, szStr=(nil), nStr=<register
EDI not in topmost frame>, szTest="")
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/tests/../../../include/winnls.h:813]
in msxml3_test (0x0032fa28)
  3 0x605320e1 contentHandler_startElement+0x41(iface=0x6053da20,
pNamespaceUri=(nil), nNamespaceUri=0, pLocalName=0x1296f4,
nLocalName=11, pQName=0x12971c, nQName=11, pAttr=0x129744)
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/tests/saxreader.c:282]
in msxml3_test (0x0032fa38)
  4 0x60d46d31 libxmlStartElementNS+0x781(ctx=0x124820,
localname="BankAccount", prefix=0x0, URI=0x0, nb_namespaces=0,
namespaces=(nil), nb_attributes=0, nb_defaulted=0, attributes=(nil))
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/saxreader.c:1065]
in msxml3 (0x0032fad8)
  5 0x60da11b1 in libxml2.so.2 (+0x321b1) (0x0032fba8)
  6 0x60dab6e0 xmlParseElement+0xa0() in libxml2.so.2 (0x0032fc08)
  7 0x60dabd1b xmlParseDocument+0x2ab() in libxml2.so.2 (0x0032fc48)
  8 0x60d42181 internal_parseBuffer+0x131(This=<register EDI not in
topmost frame>, buffer="<", size=212, vbInterface=0)
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/saxreader.c:1672]
in msxml3 (0x0032fc88)
  9 0x60d4261d internal_parse+0x2fd(This=0x124778,
varInput={n1={n2={vt=8, wReserved1=50, wReserved2=39728,
wReserved3=24626, n3={cVal=-20, uiVal=38380, ulVal=1218028,
intVal=1218028, uintVal=1218028, bVal=-20, iVal=-27156, lVal=1218028,
fltVal=0.000000,
dblVal=653372038842717154926174532926646266288408872873133910620420354698643182695076070838141136872900174886019390565640505833484670903847518474844878350132969472.000000,
boolVal=-27156, scode=1218028,
date=653372038842717154926174532926646266288408872873133910620420354698643182695076070838141136872900174886019390565640505833484670903847518474844878350132969472.000000,
bstrVal=0x1295ec, cyVal={={Lo=1218028, Hi=1615355272},
int64=6937898064662402540}, punkVal=0x1295ec, pdispVal=0x1295ec,
parray=0x1295ec, llVal=6937898064662402540,
ullVal=6937898064662402540, pcVal="<", puiVal=0x1295ec,
pulVal=0x1295ec, pintVal=0x1295ec, puintVal=0x1295ec, pbVal="<",
piVal=0x1295ec, plVal=0x1295ec, pfltVal=0x1295ec, pdblVal=0x1295ec,
pboolVal=0x1295ec, pscode=0x1295ec, pdate=0x1295ec, pbstrVal=0x1295ec,
pvarVal=0x1295ec, byref=0x1295ec, pcyVal=0x1295ec, pdecVal=0x1295ec,
ppunkVal=0x1295ec, ppdispVal=0x1295ec, pparray=0x1295ec,
pllVal=0x1295ec, pullVal=0x1295ec, brecVal={pvRecord=0x1295ec,
pRecInfo=0x60485d88}}}, decVal={wReserved=8, ={={scale='2', sign=0},
signscale=50}, Hi32=1613929264, ={={Lo32=1218028, Mid32=1615355272},
Lo64=6937898064662402540}}}}, vbInterface=0)
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/saxreader.c:1835]
in msxml3 (0x0032fd48)
  10 0x605316f3 func_saxreader+0x3d3()
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/tests/saxreader.c:523]
in msxml3_test (0x0032fdd8)
  11 0x605371ca run_test+0x14a(name="saxreader.c")
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/tests/../../../include/wine/test.h:454]
in msxml3_test (0x0032fe18)
  12 0x60537a29 main+0x149(argc=<register ECX not in topmost frame>,
argv=0x1103d8) [/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/msxml3/tests/../../../include/wine/test.h:503]
in msxml3_test (0x0032fed8)
  13 0x60537b9b __wine_spec_exe_entry+0x5b(peb=0x7ffdf000)
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/winecrt0/exe_entry.c:36]
in msxml3_test (0x0032ff08)
  14 0x60447577 start_process+0xc7(arg=(nil))
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/kernel32/process.c:904]
in kernel32 (0x0032ffe8)
0x60416016 RaiseException+0x76
[/home/patchwatcher/winezeug/patchwatcher/wine-continuous-workdir/active/dlls/kernel32/except.c:85]
in kernel32: movl	0xfffffffc(%ebp),%ebx
85	}

More information about the wine-devel mailing list