[Bug 40470] Wine builtin wordpad.exe crashes with Wine 1.6.2 ( out-of-bounds array access in registry_set_filelist)
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Oct 25 16:18:52 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=40470
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |FIXED
CC| |focht at gmx.net
Component|-unknown |programs
Summary|wordpad.exe crashes in |Wine builtin wordpad.exe
|1.6.2 |crashes with Wine 1.6.2
| |(out-of-bounds array access
| |in registry_set_filelist)
Fixed by SHA1| |c7482ad1c1baa8c7cf9d1a4a303
| |4e76592386d1e
--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
I could reproduce/debug the issue with the old Wine version 1.6.2.
The crash occurs if you open more than 3 unique file(name)s for the first time,
when the MRU list is written to registry.
--- snip ---
...
Wine-dbg>c
Unhandled exception: page fault on read access to 0x00000030 in 32-bit code
(0x7e6aa5fe).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:7e6aa5fe ESP:0033f670 EBP:0033f6f8 EFLAGS:00210202( R- -- I - - - )
EAX:00000005 EBX:00000030 ECX:00000000 EDX:00000400
ESI:00000005 EDI:0033f694
Stack dump:
0x0033f670: 00000002 7e6b0dfc 0033f6a0 7e6ba000
0x0033f680: 00110014 00000000 00000001 00000060
0x0033f690: 00000002 00690046 0065006c 00000035
0x0033f6a0: 0033f8d8 7e705d20 7e705b00 7e7058e0
0x0033f6b0: 00000030 00000020 0033f6f8 7e2320a4
0x0033f6c0: 00000000 00000000 00000025 00010098
Backtrace:
=>0 0x7e6aa5fe registry_set_filelist+0x17e(newFile=<is not available>,
hMainWnd=0x20026)
[/home/focht/projects/wine/mainline-src-1.6.2/include/winbase.h:2378] in
wordpad (0x0033f6f8)
1 0x7e6ad866
DoOpenFile+0x155(szOpenFileName="Z:\home\focht\Downloads\2y.rtf")
[/home/focht/projects/wine/mainline-src-1.6.2/programs/wordpad/wordpad.c:820]
in wordpad (0x0033f758)
2 0x7e6af07e WndProc+0x15cd(hWnd=0x20026, msg=0x111, wParam=0x3e9, lParam=0)
[/home/focht/projects/wine/mainline-src-1.6.2/programs/wordpad/wordpad.c:1000]
in wordpad (0x0033faf8)
3 0x7e26351a WINPROC_wrapper+0x19() in user32 (0x0033fb28)
4 0x7e263b2a call_window_proc+0x49(hwnd=0x20026, msg=0x111, wp=0x3e9, lp=0,
result=0x33fbfc, arg=0x7e6adab0)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/user32/winproc.c:244] in
user32 (0x0033fb78)
5 0x7e265db9 WINPROC_call_window+0xb8(hwnd=0x20026, msg=0x111, wParam=0x3e9,
lParam=0, result=0x33fbfc, unicode=0x1, mapping=WMCHAR_MAP_DISPATCHMESSAGE)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/user32/winproc.c:909] in
user32 (0x0033fbb8)
6 0x7e22d5a0 DispatchMessageW+0x8a(msg=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/user32/message.c:3975] in
user32 (0x0033fcc8)
7 0x7e6b05ee WinMain+0x3bd(hInstance=0x7e6a0000, hOldInstance=(nil),
szCmdParagraph="", nCmdShow=0x1)
[/home/focht/projects/wine/mainline-src-1.6.2/programs/wordpad/wordpad.c:2729]
in wordpad (0x0033fd88)
8 0x7e6a5b77 main+0xc6(argc=<couldn't compute location>, argv=<couldn't
compute location>)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/winecrt0/exe_main.c:48] in
wordpad (0x0033fe18)
9 0x7e6b0764 __wine_spec_exe_entry+0x63(peb=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/winecrt0/exe_entry.c:36] in
wordpad (0x0033fe58)
10 0x7ebed86c call_process_entry+0xb() in kernel32 (0x0033fe78)
11 0x7ebee7aa start_process+0x59(peb=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/kernel32/process.c:1084] in
kernel32 (0x0033fea8)
12 0x7ef9b2ac call_thread_func_wrapper+0xb() in ntdll (0x0033fec8)
13 0x7ef9de49 call_thread_func+0xa8(entry=0x7ebee750, arg=0x7ffdf000,
frame=0x33ffc8)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/ntdll/signal_i386.c:2567] in
ntdll (0x0033ffa8)
14 0x7ef9b28a call_thread_entry_point+0x11() in ntdll (0x0033ffc8)
15 0x7ef72e47 start_process+0x16(kernel_start=0x7ebee750)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/ntdll/loader.c:2694] in
ntdll (0x0033ffe8)
16 0xf7d94d9d wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000)
17 0xf7d94f00 wine_switch_to_stack+0x1f(func=0x7ef72e30, arg=0x7ebee750,
stack=0x340000)
[/home/focht/projects/wine/mainline-src-1.6.2/libs/wine/port.c:59] in
libwine.so.1 (0xffd3a4e8)
18 0x7ef77ff7 LdrInitializeThunk+0x2e6(kernel_start=<couldn't compute
location>, unknown2=<couldn't compute location>, unknown3=<couldn't compute
location>, unknown4=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/ntdll/loader.c:2750] in
ntdll (0xffd3a548)
19 0x7ebf4521 __wine_kernel_init+0xb40()
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/kernel32/process.c:1256] in
kernel32 (0xffd3b438)
20 0x7ef7863c __wine_process_init+0x1fb()
[/home/focht/projects/wine/mainline-src-1.6.2/dlls/ntdll/loader.c:2959] in
ntdll (0xffd3b4a8)
21 0xf7d93cb8 wine_init+0x2a7(argc=0x2, argv=0xffd3b9e4, error="",
error_size=0x400)
[/home/focht/projects/wine/mainline-src-1.6.2/libs/wine/loader.c:847] in
libwine.so.1 (0xffd3b4f8)
22 0x7bf00cba main+0x79(argc=<is not available>, argv=<is not available>)
[/home/focht/projects/wine/mainline-src-1.6.2/loader/main.c:237] in
<wine-loader> (0xffd3b938)
23 0xf7ba80d1 __libc_start_main+0xf0() in libc.so.6 (0x00000000)
0x7e6aa5fe registry_set_filelist+0x17e
[/home/focht/projects/wine/mainline-src-1.6.2/include/winbase.h:2378] in
wordpad: cmpw $0,0x0(%ebx)
2378 while (*s) s++;
--- snip ---
It was fixed by commit
https://source.winehq.org/git/wine.git/commitdiff/c7482ad1c1baa8c7cf9d1a4a3034e76592386d1e
("wordpad: Avoid an out-of-bounds array access in registry_set_filelist.")
--- snip ---
$ git remote -v
origin git://source.winehq.org/git/wine.git (fetch)
origin git://source.winehq.org/git/wine.git (push)
$ git tag --contains c7482ad1c1baa8c7cf9d1a4a3034e76592386d1e
wine-1.7.34
wine-1.7.35
wine-1.7.36
wine-1.7.37
wine-1.7.38
...
--- snip ---
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list