[Bug 8844] Searching for Related Applications Crashes MSI
Wine Bugs
wine-bugs at winehq.org
Fri Jul 6 03:07:31 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=8844
truiken at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|wine-msi |wine-misc
------- Additional Comments From truiken at gmail.com 2007-06-07 03:07 -------
The custom action directly calls RtlAllocateHeap with size 0x10. It uses this
buffer to convert the product/package/upgrade code guids into an encoded form.
The encoded value is 32 characters long (plus one for null terminator), which is
much longer than the 16 bytes allocated. The custom action corrupts the heap by
overrunning the allocated buffer. This is not a bug in MSI, though I don't know
how it could work in Windows (but it does).
0012:Call ntdll.RtlAllocateHeap(006c0000,00000000,00000010) ret=100091f0
0012:Ret ntdll.RtlAllocateHeap() retval=006c03c8 ret=100091f0
0012:Call msi.MsiSetPropertyA(00000001,1001ea10 "ENCODEDPRODUCTCODE",006c03c8
"84A88FD7F6998CE40A22FB59F6B9C2BB") ret=100038c2
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list