[Bug 35135] New: Air Video Server HD 1.x crashes on startup (NULL SERVER_INFO_101.sv101_comment returned from NetServerGetInfo)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Dec 15 14:55:22 CST 2013
http://bugs.winehq.org/show_bug.cgi?id=35135
Bug ID: 35135
Summary: Air Video Server HD 1.x crashes on startup (NULL
SERVER_INFO_101.sv101_comment returned from
NetServerGetInfo)
Product: Wine
Version: 1.7.8
Hardware: x86
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: netapi32
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Classification: Unclassified
Hello folks,
as the summary says ...
Prerequisite: Bonjour Print Services for Windows v2.x
Download: http://support.apple.com/downloads/DL999/en_US/BonjourPSSetup.exe
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/AirVideoServer HD
$ WINEDEBUG=+tid,+seh,+relay,+netapi32 wine ./AirVideoServerUI.exe >>log.txt
2>&1
...
003e:Call netapi32.NetServerGetInfo(00000000,00000065,026fe6f8) ret=00438847
003e:trace:netapi32:NetServerGetInfo (null) 101 0x26fe6f8
003e:Call KERNEL32.GetComputerNameW(026fe520,026fe654) ret=7e028081
003e:Ret KERNEL32.GetComputerNameW() retval=00000001 ret=7e028081
003e:trace:netapi32:NetApiBufferAllocate (38, 0x26fe6f8)
003e:Call ntdll.RtlAllocateHeap(00110000,00000000,00000026) ret=7e02854b
003e:Ret ntdll.RtlAllocateHeap() retval=01c997d8 ret=7e02854b
003e:Call KERNEL32.GetVersionExW(026fe540) ret=7e028113
003e:Ret KERNEL32.GetVersionExW() retval=00000001 ret=7e028113
003e:Ret netapi32.NetServerGetInfo() retval=00000000 ret=00438847
003e:trace:seh:raise_exception code=c0000005 flags=0 addr=0x40f634 ip=0040f634
tid=003e
003e:trace:seh:raise_exception info[0]=00000000
003e:trace:seh:raise_exception info[1]=00000000
003e:trace:seh:raise_exception eax=00000000 ebx=01c89fb0 ecx=026fe714
edx=00000001 esi=026fe714 edi=00000000
003e:trace:seh:raise_exception ebp=026fe6e0 esp=026fe6d8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
...
--- snip ---
Application code showing access of SERVER_INFO_101.sv101_comment member:
--- snip ---
...
0043882C 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
0043882F 50 PUSH EAX ; bufptr
00438830 6A 65 PUSH 65 ; level: SERVER_INFO_101
00438832 6A 00 PUSH 0 ; servername
00438834 C745 B4 00000000 MOV DWORD PTR SS:[EBP-4C],0
0043883B C745 B8 00000000 MOV DWORD PTR SS:[EBP-48],0
00438842 E8 1F8B5D00 CALL <JMP.&NETAPI32.NetServerGetInfo>
00438847 85C0 TEST EAX,EAX
00438849 75 5C JNZ SHORT AirVideo.004388A7
0043884B 8B45 B8 MOV EAX,DWORD PTR SS:[EBP-48] ; SERVER_INFO_101
0043884E 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
00438851 FF70 14 PUSH DWORD PTR DS:[EAX+14] ; *boom*
...
--- snip ---
Dump of structure returned from NetServerGetInfo():
--- snip ---
$+0 01C7B700 000001F4
$+4 01C7B704 01C7B718 ; UNICODE ptr "nexus4"
$+8 01C7B708 00000005
$+C 01C7B70C 00000001
$+10 01C7B710 00001000
$+14 01C7B714 00000000 ; sv101_comment
--- snip ---
MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa370903%28v=vs.85%29.aspx
--- quote ---
typedef struct _SERVER_INFO_101 {
DWORD sv101_platform_id;
LPWSTR sv101_name;
DWORD sv101_version_major;
DWORD sv101_version_minor;
DWORD sv101_type;
LPWSTR sv101_comment;
} SERVER_INFO_101, *PSERVER_INFO_101, *LPSERVER_INFO_101;
...
sv101_comment
Type: LPWSTR
A pointer to a Unicode string specifying a comment describing the server.
The comment can be null.
--- quote ---
"can" ... sure ;-)
Maybe Wine could use an empty string by default to prevent applications from
crashing that directly access this member without checking for NULL.
Source:
http://source.winehq.org/git/wine.git/blob/8b5ec5bb4911842966534102a602b0f00c386f65:/dlls/netapi32/netapi32.c#l1050
--- snip ---
1018 NET_API_STATUS WINAPI NetServerGetInfo(LMSTR servername, DWORD level,
LPBYTE* bufptr)
1019 {
...
1047 if (ret == NERR_Success)
1048 {
1049 /* INFO_100 structure is a subset of INFO_101 */
1050 PSERVER_INFO_101 info = (PSERVER_INFO_101)*bufptr;
1051 OSVERSIONINFOW verInfo;
1052
1053 info->sv101_platform_id = PLATFORM_ID_NT;
1054 info->sv101_name = (LMSTR)(*bufptr + sizeof(SERVER_INFO_101));
1055 memcpy(info->sv101_name, computerName,
1056 computerNameLen * sizeof(WCHAR));
1057 verInfo.dwOSVersionInfoSize = sizeof(verInfo);
1058 GetVersionExW(&verInfo);
1059 info->sv101_version_major = verInfo.dwMajorVersion;
1060 info->sv101_version_minor = verInfo.dwMinorVersion;
1061 /* Use generic type as no wine equivalent of DC / Server */
1062 info->sv101_type = SV_TYPE_NT;
1063 info->sv101_comment = NULL;
1064 }
...
--- snip ---
$ sha1sum AirVideoServerHD-1.0.11.exe
d1b58dea685bcce3381e29b9cc2fefda90f97389 AirVideoServerHD-1.0.11.exe
$ du -sh AirVideoServerHD-1.0.11.exe
11M AirVideoServerHD-1.0.11.exe
$ wine --version
wine-1.7.8-220-g0bef543
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list