[Bug 10649] New: Regression in RegQueryValueExA when called in unorthodox manner

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Dec 2 15:16:05 CST 2007 

http://bugs.winehq.org/show_bug.cgi?id=10649

           Summary: Regression in RegQueryValueExA when called in unorthodox
                    manner
           Product: Wine
           Version: CVS/GIT
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: trivial
          Priority: P5
         Component: wine-advapi32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: samuel.howard.dennis at gmail.com


commit bc590e87a6f9c7421ec3386a7c09a63a3e55dead (16/08/2006, Robert Shearman,
affects advapi) caused a regression in one of my own programs in which I'd used
an unusual calling convention for RegQueryValueEx, being this:

char buf[16]; /* or 1 in the particular call that was failing */
DWORD count = sizeof buf;
LONG ret;
ret = RegQueryValueEx(hkey, "ValueName", NULL, &count, buf, &count); /* value
left in count is never checked */

This works under real windows (9x at least, I never ran the program on installs
of later Windows versions), but WINE does this before retrieving the value:

    if (type) *type = REG_NONE;

...which sets count to 0 since I pass the same address for both type and count
in the call; this value is later used to determine the buffer size and triggers
an overflow error.

I am having trouble understanding the precise intent of the troublesome line
(when is *type supposed to be set to REG_NONE? On any error? On any error other
than buffer overflow? (This is the current WINE behaviour, as *type is
unconditionally set again after copying the data)), but clearly assignments
happen only after all processing in genuine Windows or *count is read early and
that value is used throughout the function.

I don't know which fix is appropriate, and am not sure how this case behaves
across different versions of Windows so I'm submitting this bug instead of a
patch.  It is trivial to fix either way.

There is also the issue of which value (type or count) is left in the single
variable after the call, but calling this way and then checking that is even
more perverse and nobody has probably ever done it.


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list