[Bug 30418] New: regedit crash on export some binary values

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Apr 12 06:08:02 CDT 2012 

http://bugs.winehq.org/show_bug.cgi?id=30418

             Bug #: 30418
           Summary: regedit crash on export some binary values
           Product: Wine
           Version: 1.5.1
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: programs
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: basinilya at gmail.com
    Classification: Unclassified


I have a key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume
Control\HDA Intel\Master
(see attached file)
and when i try to export it, regedit crashes.

The crash happens in REGPROC_write_line() when it tries to write the binary
value and tells something about heap (see attached output.txt)

I checked with winedbg where exactly the heap corrupts:
REGPROC_export_binary(...)
{
...
    lstrcpyW(*line_buf + data_pos, newline); <-- here
    HeapFree(GetProcessHeap(), 0, value_multibyte);
}

[il at il wine]$ ./wine winedbg --gdb regedit.exe
...
Wine-gdb> b regproc.c:1054
Breakpoint 1 at 0x7ebc5a65: file regproc.c, line 1054.
Wine-gdb> cont
Continuing.

Breakpoint 1, REGPROC_export_binary (line_buf=0x33e044, line_buf_size=0x33e034,
line_len=0x33df78, type=3, value=0x17e3f0 "", value_size=1848, unicode=0) at
regproc.c:1054
1054        lstrcpyW(*line_buf + data_pos, newline);
Wine-gdb> list
1049                    data_pos += concat_len;
1050                    column = concat_prefix;
1051                }
1052            }
1053        }
1054        lstrcpyW(*line_buf + data_pos, newline);
1055        HeapFree(GetProcessHeap(), 0, value_multibyte);
1056    }
1057    
1058   
/******************************************************************************
Wine-gdb> call HeapAlloc(GetProcessHeap(), 0, 8192)
$1 = (void *) 0x182258
Wine-gdb> call HeapFree(GetProcessHeap(), 0, $)
$2 = 1
Wine-gdb> n
1055        HeapFree(GetProcessHeap(), 0, value_multibyte);
Wine-gdb> call HeapAlloc(GetProcessHeap(), 0, 8192)

Program received signal SIGSEGV, Segmentation fault.
0x7bc480d3 in HEAP_CreateFreeBlock (subheap=0x110014, ptr=0x184258,
size=581640) at heap.c:590
590            (*(DWORD *)((char *)ptr + size) & ARENA_FLAG_FREE))
The program being debugged was signaled while in a function called from GDB.
GDB remains in the frame where the signal was received.
To change this behavior use "set unwindonsignal on".
Evaluation of the expression containing the function
(HeapAlloc) will be abandoned.
When the function is done executing, GDB will silently stop.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list