[Bug 12405] Crash at starting WISO Sparbuch 2008

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=12405


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #18 from Anastasius Focht <focht at gmx.net>  2009-04-12 18:16:18 ---
Hello,

Wintrust problem.
I used the trial version of WISO Sparbuch 2009 which exhibits the same problem 
(after overcoming bug 16998)
Looks like the app partially passes garbage data into actiondata's file info.
Most likely because some struct members are optional.

--- snip ---
0031:Call wintrust.WinVerifyTrust(ffffffff,010d50c8,0033e39c) ret=010d40a5
0031:trace:wintrust:WinVerifyTrust (0xffffffff,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c)
0031:trace:wintrust:dump_wintrust_data 0x33e39c
0031:trace:wintrust:dump_wintrust_data cbStruct: 44
0031:trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil)
0031:trace:wintrust:dump_wintrust_data pSIPClientData: (nil)
0031:trace:wintrust:dump_wintrust_data dwUIChoice: 2
0031:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000000
0031:trace:wintrust:dump_wintrust_data dwUnionChoice: 1
0031:trace:wintrust:dump_file_info 0x33e390
0031:trace:wintrust:dump_file_info cbStruct: 12
0031:trace:wintrust:dump_file_info pcwszFilePath: L"C:\\Program
Files\\WISO\\Sparbuch 2009\\on4u3\\bdrm.dll"
0031:trace:wintrust:dump_file_info hFile: 0xffffffff
0031:trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c>
0031:trace:wintrust:dump_wintrust_data dwStateAction: 0
0031:trace:wintrust:dump_wintrust_data hWVTStateData: (nil)
0031:trace:wintrust:dump_wintrust_data pwszURLReference: (null)
0031:trace:wintrust:dump_wintrust_data dwProvFlags: 00000010
0031:trace:wintrust:dump_wintrust_data dwUIContext: 54460492
0031:trace:wintrust:WINTRUST_DefaultVerifyAndClose (0xffffffff,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c)
0031:trace:wintrust:WINTRUST_DefaultVerify (0xffffffff,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33e39c) 
...
031:Call wintrust.SoftpubInitialize(001619e8) ret=61296daa
0031:trace:wintrust:SoftpubInitialize (0x1619e8)
0031:trace:wintrust:SoftpubInitialize returning 00000000
0031:Ret  wintrust.SoftpubInitialize() retval=00000000 ret=61296daa
0031:Call wintrust.SoftpubLoadMessage(001619e8) ret=61296daa
0031:trace:wintrust:SoftpubLoadMessage (0x1619e8)
0031:Call KERNEL32.CreateFileW(033f0084 L"C:\\Program Files\\WISO\\Sparbuch
2009\\on4u3\\bdrm.dll",80000000,00000001,00000000,00000003,00000080,00000000)
ret=612940ec
0031:Ret  KERNEL32.CreateFileW() retval=000001a0 ret=612940ec
0031:Call KERNEL32.GetFileTime(000001a0,00161a48,00000000,00000000)
ret=6129414a
0031:Ret  KERNEL32.GetFileTime() retval=00000001 ret=6129414a
0031:trace:wintrust:SOFTPUB_OpenFile returning 1
0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6129426d
ip=0x6129426d tid=0031
0031:trace:seh:raise_exception  info[0]=00000000
0031:trace:seh:raise_exception  info[1]=0000002c
0031:trace:seh:raise_exception  eax=0033e390 ebx=6129e7c0 ecx=00165df8
edx=0000002c esi=0033e194 edi=0033e114
0031:trace:seh:raise_exception  ebp=0033e088 esp=0033e050 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210202
--- snip ---

This is the culprit:

--- snip ---
0031:trace:wintrust:dump_file_info hFile: 0xffffffff
0031:trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c>
--- snip ---

SOFTPUB_GetFileSubject() will happily dereference
data->pWintrustData->u.pFile->pgKnownSubject if non-NULL.
This must be avoided.
As quickfix I added a bad pointer check on this member and if bad it treats the
param as if passed as NULL which helps. Maybe this member is to be ignored at
all at this stage?

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.