[Bug 20758] New: Missing nul termination in string passed to callback of RtlQueryRegistryValues()?
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Nov 19 13:56:38 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20758
Summary: Missing nul termination in string passed to callback
of RtlQueryRegistryValues()?
Product: Wine
Version: 1.1.33
Platform: PC
OS/Version: Linux
Status: NEW
Keywords: source, testcase
Severity: normal
Priority: P2
Component: ntdll
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-ntdll_reg.txt
shows the error message
Invalid read of size 2
at strlenW (unicode.h:216)
by lstrlenW (string.c:214)
by QueryRoutine (reg.c:201)
by RTL_ReportRegistryValue (reg.c:992)
by RtlQueryRegistryValues (reg.c:1231)
by test_RtlQueryRegistryValues (reg.c:326)
Address 0x7f03c184 is 0 bytes after a block of size 52 alloc'd
at notify_alloc (heap.c:279)
by RtlAllocateHeap (heap.c:1521)
by RtlQueryRegistryValues (reg.c:1226)
by test_RtlQueryRegistryValues (reg.c:326)
It looks like an argument between len and null-terminated strings.
RtlQueryRegistryValues calls a user-supplied callback whose first
parameter is to a nul-terminated string... but it passes pInfo->Name,
which is not nul-terminated. (It comes from NtEnumerateValueKey,
and has a corresponding NameLength member.)
So... either we need to copy Name to a new buffer and terminate
it before calling the callback, or NtEnumerateValueKey needs
to silently nul-terminate Name. I guess it's time for another
conformance test.
(This error was seen before by Valgrind, but with a slightly
less informative description.)
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list