Bug in RegEnumValueA ?

Massimo max at veneto.com
Tue Jul 2 11:30:25 CDT 2002 

Again investigating AutoCAD r14 app under wine, I found a bug 
that make app hang when some registry values are present.
At first I've made a script that cleans up registry before 
launching AutoCAD,but this was only a way-around to the problem.
Looking at relay output, I found a loop in calling RegEnumValueA 
:

// @@@@ START OF LOOP BLOCK HERE.........
:Call advapi32.dll.RegEnumValueA
(000000cc,00000001,40486844,404868ec,00000000,404868f4,41e62020,
404868fc) ret=008a3850
:Call ntdll.dll.NtEnumerateValueKey 
(000000cc,00000001,00000001,40486544,00000100,40486540)
ret=406afb24
:Ret  ntdll.dll.NtEnumerateValueKey() retval=00000000 
ret=406afb24
:Call ntdll.dll.RtlUnicodeToMultiByteSize(4048653c,40486558 
L"REGPATH\\\\HKEY_LOCAL_MACHINE\\Software\\Autodesk\\AutoCAD\\R1
4.0\\ACAD-2452448:80143967\\AutodeskApps\\LsObj",0000000e) 
ret=406afc03
:Ret  ntdll.dll.RtlUnicodeToMultiByteSize() retval=00000000 
ret=406afc03
:Call ntdll.dll.RtlUnicodeToMultiByteN
(40486844,00000007,00000000,40486558,0000000e) ret=406afc24
:Ret  ntdll.dll.RtlUnicodeToMultiByteN() retval=00000000 
ret=406afc24
:Call ntdll.dll.RtlUnicodeToMultiByteSize(40486538,40486566 
L"\\\\HKEY_LOCAL_MACHINE\\Software\\Autodesk\\AutoCAD\\R14.0\\AC
AD-2452448:80143967\\AutodeskApps\\LsObj",000000bc) ret=406afc77
:Ret  ntdll.dll.RtlUnicodeToMultiByteSize() retval=00000000 
ret=406afc77
:Call ntdll.dll.RtlNtStatusToDosError(80000005) <--ERROR HERE !
ret=406afd5d
:Ret  ntdll.dll.RtlNtStatusToDosError() retval=000000ea 
ret=406afd5d
:Ret  advapi32.dll.RegEnumValueA()
retval=000000ea ret=008a3850 <-- MORE DATA AVAILABLE
RETURN (AUTOCAD KEEPS TRYING TO GET DATA)
// @@@@ END OF LOOP BLOCK HERE

Here RegEnumValueA returns an error of invalid buffer; Looking 
into code it seems to me that the NtEnumerateValueKey() used to 
find the largest name and value sizes of keys to be enumerated 
returns a wrong size; next use for reading the key gives an 
arror of buffer overflow, being it allocated with wrong (too 
small) size.
AutoCAD keeps trying to get the keys/values, in and endless 
loop.

Looking more with some debug print statements, it appears that Autocad allocates 4 
bytes of buffer for the value, but RegEnumValueA needs much more, 94 in this case,
giving an Out-Of-Buffer error back.
It seems to me that the 94 bytes are for the name of the key, not for the value....

Regards

Max

More information about the wine-devel mailing list