[Bug 25186] Tom Clancy's Splinter Cell installer locks up

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Nov 17 16:17:56 CST 2010


http://bugs.winehq.org/show_bug.cgi?id=25186

--- Comment #4 from Piotr Pawlow <pp at siedziba.pl> 2010-11-17 16:17:56 CST ---
It works, thank you. However, there is one more thing that worries me:

01.    while(!(pszUnixPath = wine_get_unix_file_name(dospath))){
02.        if(has_failed){
03.            *dospath_end = '/';
04.            --dospath_end;
05.        }else
06.            has_failed = 1;
07.        while(*dospath_end != '\\' && *dospath_end != '/'){
08.            --dospath_end;
09.            if(dospath_end < dospath)
10.                break;
11.        }
12.        *dospath_end = '\0';
13.    }
14.    if(dospath_end < dospath)
15.        return FALSE;

That "break" statement at line 10 will exit only the inner loop, right? With
dospath_end being some random memory before dospath, it seems line 12 will
clobber that random memory location with 0, then the test at line 1 will
succeed again (because dospath hasn't really changed), and it will loop until
it hits protected memory.

I wasn't able to test this scenario. The outer loop ends when it reaches the
drive letter, it is assured by an earlier code which tests if the drive path
exists. With the right timing I could probably remove the drive letter just at
the right moment to make earlier test succeed but later test fail...

Anyway, maybe just remove lines 14 and 15, and replace that "break" at line 10
with "return FALSE"?

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list