[Bug 17076] Embedded .NET installer hangs in installation of SnelStart

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Jan 22 16:34:56 CST 2009


http://bugs.winehq.org/show_bug.cgi?id=17076


Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net




--- Comment #1 from Anastasius Focht <focht at gmx.net>  2009-01-22 16:34:55 ---
Hello,

stack vs. heap based buffer bug while handling inter-process window message.
The spawned child process (tid=0x1d) tries to fetch dialog control text from
father process (tid=0x9) using GetDlgItemTextA().

--- snip ---
0009:Call
user32.CreateDialogParamA(00400000,000003e9,00000000,0040fe08,005622a8)
ret=0040fb10
...
0009:Ret  user32.CreateDialogParamA() retval=0001002a ret=0040fb10
...
0009:trace:win:WIN_CreateWindowEx "" L"Static" ex=00000004 style=50020000
180,137 299x13 parent=0x1002a menu=0x3eb inst=0x400000 params=(nil)
0009:trace:win:dump_window_styles style: WS_CHILD WS_VISIBLE WS_GROUP
0009:trace:win:dump_window_styles exstyle: WS_EX_NOPARENTNOTIFY
0009:trace:win:WIN_SetWindowLong 0x10032 -12 3eb W 
...
0009:trace:win:WIN_CreateWindowEx created window 0x10032
...
001d:Call user32.GetDlgItemTextA(0001002a,000003eb,00582a88,00000200)
ret=004070c0
001d:trace:msg:WINPROC_CallProcAtoW
(hwnd=0x10032,msg=WM_GETTEXT,wp=00000200,lp=00582a88)
001d:trace:msg:send_inter_thread_message hwnd 0x10032 msg d (WM_GETTEXT) wp 200
lp 33f53c
0009:Ret  user32.MsgWaitForMultipleObjects() retval=00000001 ret=0042038a
0009:Call user32.PeekMessageA(0032cca8,00000000,00000000,00000000,00000001)
ret=0042039f
0009:trace:msg:peek_message got type 5 msg d (WM_GETTEXT) hwnd 0x10032 wp 200
lp 33f53c
0009:Ret  user32.PeekMessageA() retval=00000000 ret=0042039f
0009:Call
user32.MsgWaitForMultipleObjects(00000001,0032cd24,00000000,ffffffff,000000ff)
ret=0042038a
0009:Ret  user32.MsgWaitForMultipleObjects() retval=00000001 ret=0042038a
0009:Call user32.PeekMessageA(0032cca8,00000000,00000000,00000000,00000001)
ret=0042039f
0009:trace:msg:peek_message got type 7 msg 200 (WM_MOUSEMOVE) hwnd 0x1002a wp 0
lp 0
...
--- snip ---

When the inter-process message is handled in peek_message(), a local buffer is
used first.
Message type MSG_OTHER_PROCESS -> unpack_message() -> WM_GETTEXT ->
get_buffer_space().
get_buffer_space() assumes the buffer is from heap which isn't in this case.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list