[Bug 22514] lstrlen is implemented incorrectly (dlls/kernel32/string.c)

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Apr 29 04:47:44 CDT 2010 

http://bugs.winehq.org/show_bug.cgi?id=22514





--- Comment #15 from Timur Iskhodzhanov <timurrrr at google.com>  2010-04-29 04:47:43 ---
Created an attachment (id=27610)
 --> (http://bugs.winehq.org/attachment.cgi?id=27610)
A simple test that shows lstrlen(0) is handled differently to lstrlen(1)

Lei, the test you've proposed is perfectly fine for me.

However, I still disagree about the lstrlen implementation :-)

What I'm trying to say is NULL argument is documented as "OK" in MSDN
http://msdn.microsoft.com/en-us/library/ms647492(VS.85).aspx ->
"lstrlen assumes that lpString is a null-terminated string, or NULL. If it is
not, this could lead to a buffer overrun or a denial of service attack against
your application."

Looks like it doesn't really read from *NULL when run natively:

I've added a call to lstrlenW(1) and ran the program under DrMemory (it's a win
tool similar to Valgrind)
>>>>>>>>>>>>>>>>>>>>>>
$ cl wine.c && wine.exe
5: GetLastError() = 0
7: lstrlenW(NULL) = 0
8: GetLastError() = 0
10: lstrlenW(1) = 0
11: GetLastError() = 0
13: lstrlenA(NULL) = 0
14: GetLastError() = 0

$ drmemory.exe wine.exe
5: GetLastError() = 0
7: lstrlenW(NULL) = 0
8: GetLastError() = 0
10: lstrlenW(1) = 0
11: GetLastError() = 0
13: lstrlenA(NULL) = 0
14: GetLastError() = 0
(from logdir/global.XXX.log)
Error #1: UNADDRESSABLE ACCESS: reading 0x00000001-0x00000003 2 byte(s) within
0x00000001-0x00000003
@0:00:00.609 in thread 472
    0x7c90fe60 <ntdll.dll+0xfe60>
    0x7c809acc <KERNEL32.dll+0x9acc>
    0x0040106f <wine.exe+0x106f>
    0x0040175c <wine.exe+0x175c>
    0x7c817077 <KERNEL32.dll+0x17077>
<<<<<<<<<<<<<<<<<<<<
Also, DrMemory barks if I do strlen(NULL) inside
__try/__except(GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION) section.
It doesn't bark on lstrlenW(0).

That's why I want to add
"if (str == NULL) return 0;"
BEFORE the __try statement.

===================
> And yes, some applications expect an exception when they call lstrlen(NULL),
> and do handle that on their own.
Dmitry, can you please give an example?

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list