diff --git a/README.md b/README.md index 34b7b8a9..eb9a14f8 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Wine. All those differences are also documented on the Included bug fixes and improvements ----------------------------------- -**Bug fixes and features included in the next upcoming release [16]:** +**Bug fixes and features included in the next upcoming release [17]:** * Add stub fltmgr.sys (filter manager driver) ([Wine Bug #23583](https://bugs.winehq.org/show_bug.cgi?id=23583)) * Add stub for ntoskrnl.PsRemoveLoadImageNotifyRoutine @@ -50,6 +50,7 @@ Included bug fixes and improvements * Fix compatibility of Uplay with gnutls28 ([Wine Bug #38134](https://bugs.winehq.org/show_bug.cgi?id=38134)) * Fix device paths in HKLM\SYSTEM\MountedDevices ([Wine Bug #38235](https://bugs.winehq.org/show_bug.cgi?id=38235)) * Fix handling of ANSI NTLM credentials ([Wine Bug #37063](https://bugs.winehq.org/show_bug.cgi?id=37063)) +* Fix invalid memory access in get_registry_locale_info ([Wine Bug #38344](https://bugs.winehq.org/show_bug.cgi?id=38344)) * Implement empty enumerator for IWiaDevMgr::EnumDeviceInfo ([Wine Bug #27775](https://bugs.winehq.org/show_bug.cgi?id=27775)) * Implement mscoree._CorValidateImage for mono runtime * Implement proper handling of CLI .NET images in Wine library loader diff --git a/debian/changelog b/debian/changelog index 5f497ae8..eced361c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,6 +18,7 @@ wine-staging (1.7.40) UNRELEASED; urgency=low * Added patch to implement mscoree._CorValidateImage for mono runtime. * Added patch to implement proper handling of CLI .NET images in Wine library loader. * Added patch to stub ntoskrnl.PsRemoveLoadImageNotifyRoutine + * Added patch to fix invalid memory access in get_registry_locale_info. * Removed patch to fix regression causing black screen on startup (accepted upstream). * Removed patch to fix edge cases in TOOLTIPS_GetTipText (fixed upstream). * Removed patch for IConnectionPoint/INetworkListManagerEvents stub interface (accepted upstream). diff --git a/patches/kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch b/patches/kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch new file mode 100644 index 00000000..c40530c7 --- /dev/null +++ b/patches/kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch @@ -0,0 +1,46 @@ +From 702df8220cc4393c65e280d3706311dd0a41ded1 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Fri, 3 Apr 2015 14:44:27 +0200 +Subject: kernel32: Fix calculation of returned buffer in + get_registry_locale_info. + +Fixes a regression introduced by 8826ba1bc86fefa22c543608585ae8f3b4310a5f. +We cannot decide if we have to append a terminating null char unless we have queried again with a bigger buffer. +--- + dlls/kernel32/locale.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/dlls/kernel32/locale.c b/dlls/kernel32/locale.c +index afc5b9d..7798b91 100644 +--- a/dlls/kernel32/locale.c ++++ b/dlls/kernel32/locale.c +@@ -1177,6 +1177,17 @@ static INT get_registry_locale_info( struct registry_value *registry_value, LPWS + + status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size ); + ++ /* try again with a bigger buffer when we have to return the correct size */ ++ if (status == STATUS_BUFFER_OVERFLOW && !buffer && size > info_size) ++ { ++ KEY_VALUE_PARTIAL_INFORMATION *new_info; ++ if ((new_info = HeapReAlloc( GetProcessHeap(), 0, info, size ))) ++ { ++ info = new_info; ++ status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size ); ++ } ++ } ++ + NtClose( hkey ); + + if (!status) +@@ -1207,8 +1218,6 @@ static INT get_registry_locale_info( struct registry_value *registry_value, LPWS + if (status == STATUS_BUFFER_OVERFLOW && !buffer) + { + ret = (size - info_size) / sizeof(WCHAR); +- if (!ret || ((WCHAR *)&info->Data)[ret-1]) +- ret++; + } + else if (status == STATUS_OBJECT_NAME_NOT_FOUND) + { +-- +2.3.3 + diff --git a/patches/kernel32-get_registry_locale_info/definition b/patches/kernel32-get_registry_locale_info/definition new file mode 100644 index 00000000..5236b884 --- /dev/null +++ b/patches/kernel32-get_registry_locale_info/definition @@ -0,0 +1 @@ +Fixes: [38344] Fix invalid memory access in get_registry_locale_info diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index e3fa3cca..a07482bf 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -123,6 +123,7 @@ patch_enable_all () enable_kernel32_Profile="$1" enable_kernel32_SetFileInformationByHandle="$1" enable_kernel32_VerifyVersionInfo="$1" + enable_kernel32_get_registry_locale_info="$1" enable_libs_Unicode_Collation="$1" enable_makedep_PARENTSPEC="$1" enable_mmdevapi_AEV_Stubs="$1" @@ -435,6 +436,9 @@ patch_enable () kernel32-VerifyVersionInfo) enable_kernel32_VerifyVersionInfo="$2" ;; + kernel32-get_registry_locale_info) + enable_kernel32_get_registry_locale_info="$2" + ;; libs-Unicode_Collation) enable_libs_Unicode_Collation="$2" ;; @@ -2607,20 +2611,6 @@ if test "$enable_kernel32_Console_Handles" -eq 1; then ) >> "$patchlist" fi -# Patchset kernel32-SetFileInformationByHandle -# | -# | Modified files: -# | * dlls/kernel32/file.c, include/winbase.h -# | -if test "$enable_kernel32_SetFileInformationByHandle" -eq 1; then - patch_apply kernel32-SetFileInformationByHandle/0001-include-Declare-a-couple-more-file-information-class.patch - patch_apply kernel32-SetFileInformationByHandle/0002-kernel32-Implement-SetFileInformationByHandle.patch - ( - echo '+ { "Michael Müller", "include: Declare a couple more file information class structures.", 1 },'; - echo '+ { "Michael Müller", "kernel32: Implement SetFileInformationByHandle.", 1 },'; - ) >> "$patchlist" -fi - # Patchset ntdll-FileDispositionInformation # | # | This patchset fixes the following Wine bugs: @@ -2640,6 +2630,20 @@ if test "$enable_ntdll_FileDispositionInformation" -eq 1; then ) >> "$patchlist" fi +# Patchset kernel32-SetFileInformationByHandle +# | +# | Modified files: +# | * dlls/kernel32/file.c, include/winbase.h +# | +if test "$enable_kernel32_SetFileInformationByHandle" -eq 1; then + patch_apply kernel32-SetFileInformationByHandle/0001-include-Declare-a-couple-more-file-information-class.patch + patch_apply kernel32-SetFileInformationByHandle/0002-kernel32-Implement-SetFileInformationByHandle.patch + ( + echo '+ { "Michael Müller", "include: Declare a couple more file information class structures.", 1 },'; + echo '+ { "Michael Müller", "kernel32: Implement SetFileInformationByHandle.", 1 },'; + ) >> "$patchlist" +fi + # Patchset kernel32-CopyFileEx # | # | This patchset fixes the following Wine bugs: @@ -2875,6 +2879,21 @@ if test "$enable_kernel32_VerifyVersionInfo" -eq 1; then ) >> "$patchlist" fi +# Patchset kernel32-get_registry_locale_info +# | +# | This patchset fixes the following Wine bugs: +# | * [#38344] Fix invalid memory access in get_registry_locale_info +# | +# | Modified files: +# | * dlls/kernel32/locale.c +# | +if test "$enable_kernel32_get_registry_locale_info" -eq 1; then + patch_apply kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch + ( + echo '+ { "Sebastian Lackner", "kernel32: Fix calculation of returned buffer in get_registry_locale_info.", 1 },'; + ) >> "$patchlist" +fi + # Patchset libs-Unicode_Collation # | # | This patchset fixes the following Wine bugs: