[Bug 48473] New: kernelbase WaitNamedPipeW contains non-null terminated string, causing garbage output in trace logs
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Jan 16 18:33:13 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=48473
Bug ID: 48473
Summary: kernelbase WaitNamedPipeW contains non-null terminated
string, causing garbage output in trace logs
Product: Wine
Version: 5.0-rc5
Hardware: x86-64
OS: Linux
Status: NEW
Severity: trivial
Priority: P2
Component: kernelbase
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
--- snip ---
...
003b:Call KERNEL32.WaitNamedPipeW(0022d770
L"\\\\.\\pipe\\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",ffffffff) ret=00382fd4
003b:Call ntdll.RtlDosPathNameToNtPathName_U(0022d770
L"\\\\.\\pipe\\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",0022d318,00000000,00000000)
ret=7b04bacb
003b:Ret ntdll.RtlDosPathNameToNtPathName_U() retval=00000001 ret=7b04bacb
003b:Call ntdll._wcsnicmp(023bd510
L"\\??\\pipe\\{49BD2028-1523-11D1-AD79-00C04FD8FDFF}",7b0735a0
L"\\??\\PIPE\\\6157\7469\614e\656d\5064\7069\5765\2500\2073\7830\3025\7838\n",00000009)
ret=7b04baf7
003b:Ret ntdll._wcsnicmp() retval=00000000 ret=7b04baf7
...
--- snip ---
The trace log contains garbage characters because the string is not NULL
terminated. Technically there is nothing wrong here - but still it would make
the log output less suspicious (uninitialized/corrupted memory).
Wine source:
https://source.winehq.org/git/wine.git/blob/0cbadb716ddaeb016ffe14deae2aaced59951064:/dlls/kernelbase/sync.c#l1009
--- snip ---
1337 BOOL WINAPI DECLSPEC_HOTPATCH WaitNamedPipeW( LPCWSTR name, DWORD timeout
)
1338 {
1339 static const WCHAR leadin[] =
{'\\','?','?','\\','P','I','P','E','\\'};
1340 NTSTATUS status;
1341 UNICODE_STRING nt_name, pipe_dev_name;
1342 FILE_PIPE_WAIT_FOR_BUFFER *pipe_wait;
1343 IO_STATUS_BLOCK iosb;
1344 OBJECT_ATTRIBUTES attr;
1345 ULONG wait_size;
1346 HANDLE pipe_dev;
1347
1348 TRACE( "%s 0x%08x\n", debugstr_w(name), timeout );
1349
1350 if (!RtlDosPathNameToNtPathName_U( name, &nt_name, NULL, NULL ))
return FALSE;
1351
1352 if (nt_name.Length >= MAX_PATH * sizeof(WCHAR) ||
1353 nt_name.Length < sizeof(leadin) ||
1354 wcsnicmp( nt_name.Buffer, leadin, ARRAY_SIZE( leadin )) != 0)
1355 {
1356 RtlFreeUnicodeString( &nt_name );
1357 SetLastError( ERROR_PATH_NOT_FOUND );
1358 return FALSE;
1359 }
1360
...
1399 }
--- snip ---
Line 1354, 'leadin' is not NULL terminated.
$ wine --version
wine-5.0-rc5
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list