[Bug 37882] New: user32.GetKeyboardLayoutNameA/W can't handle NULL out parameter, causing crash in custom application

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jan 11 12:46:19 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=37882

            Bug ID: 37882
           Summary: user32.GetKeyboardLayoutNameA/W can't handle NULL out
                    parameter, causing crash in custom application
           Product: Wine
           Version: 1.7.34
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: user32
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

as the summary says.

A user in #winehq asked about this and I looked into it.

Kind of non-standard use case but since Wine strives to be compatible with as
many Windows apps as possible this should work too.

Relevant part of trace log:

--- snip ---
...
003d:Starting process
L"Z:\\home\\focht\\Downloads\\44217C15F30538A1FBDF614C9785C9B7.exe"
(entryproc=0x437927)
003d:Call user32.GetKeyboardLayoutNameW(00000000) ret=00437377
003d:Call PE DLL (proc=0x7dd53e78,module=0x7dcf0000
L"winex11.drv",reason=PROCESS_ATTACH,res=(nil))
003d:Ret  PE DLL (proc=0x7dd53e78,module=0x7dcf0000
L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1
003d:Call winex11.drv.wine_get_gdi_driver(0000002e) ret=7eb3c4d4
003d:Ret  winex11.drv.wine_get_gdi_driver() retval=7dd7ace0 ret=7eb3c4d4
003d:Call winex11.drv.CreateDesktopWindow(00010020) ret=7ec6200a
003d:Ret  winex11.drv.CreateDesktopWindow() retval=00000001 ret=7ec6200a
003d:Call winex11.drv.wine_get_gdi_driver(0000002e) ret=7eb3c4d4
003d:Ret  winex11.drv.wine_get_gdi_driver() retval=7dd7ace0 ret=7eb3c4d4
003d:Call winex11.drv.GetKeyboardLayoutName(00000000) ret=7ec61cc6
003d:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf75bdf80
ip=f75bdf80 tid=003d
003d:trace:seh:raise_exception  info[0]=00000001
003d:trace:seh:raise_exception  info[1]=00000000
003d:trace:seh:raise_exception  eax=00000000 ebx=f7755000 ecx=00000000
edx=00000030 esi=0033f9b4 edi=0033f984
003d:trace:seh:raise_exception  ebp=0033f908 esp=0033f660 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210293
003d:trace:seh:call_stack_handlers calling handler at 0x7bc9ed1b code=c0000005 
...
Backtrace:
=>0 0xf75bdf80 vsnprintfW+0x546(str=*** invalid address 0x2 ***,
len=0x7fffffff, format="%08x", valist="Ó¸×}HÜÎ{")
[/home/focht/projects/wine/wine.repo/src/libs/wine/string.c:485] in
libwine.so.1 (0x0033f908)
  1 0xf75be096 sprintfW+0x38(str=0x0(nil), format="%08x")
[/home/focht/projects/wine/wine.repo/src/libs/wine/string.c:525] in
libwine.so.1 (0x0033f938)
  2 0x7dd1b261 X11DRV_GetKeyboardLayoutName+0x57(name=0x0(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/keyboard.c:1590] in
winex11 (0x0033f978)
  3 0x7bc6e63e relay_call+0x39() in ntdll (0x0033f998)
  4 0x7dcfa6ad frame_dummy+0xcc() in winex11 (0x0033f9c8)
  5 0x7ec61cc6 loaderdrv_GetKeyboardLayoutName+0x18(name=0x0(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/user32/driver.c:618] in user32
(0x0033f9c8)
  6 0x7ec77b70 GetKeyboardLayoutNameW+0x25(pwszKLID=0x0(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/user32/input.c:969] in user32
(0x0033f9e8)
  7 0x7bc6e63e relay_call+0x39() in ntdll (0x0033fa00)
  8 0x7ec33b05 in user32 (+0x3b04) (0x0033fa64)
  9 0x00437377 in
44217c15f30538a1fbdf614c9785c9b7Z:\home\focht\Downloads\44217C15F30538A1FBDF614C9785C9B7.exe
(+0x37376) (0x0033fa64)
...
--- snip ---

MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms646298%28v=vs.85%29.aspx

With 'FALSE' being returned, the application checks the last error code for
0x3e6 ('ERROR_NOACCESS') and bails if not matching.

With that part fixed, the app runs much farther (doesn't fully work yet, but
that could be subject to additional bugs).

$ sha1sum 44217C15F30538A1FBDF614C9785C9B7.exe 
64f4d39d57b33e58a3937a23e37889583dce47dc  44217C15F30538A1FBDF614C9785C9B7.exe

$ du -sh 44217C15F30538A1FBDF614C9785C9B7.exe 
388K    44217C15F30538A1FBDF614C9785C9B7.exe

$ wine --version
wine-1.7.34

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list