Hi, found a problem with the latest locale changes. When it calls the
GetLocaleInfoW() function, the attached error occurs.
This occurred because of the new code using the LOCALE_RETURN_NUMBER flag. The
problem is if the buffer supplied to get_registry_locale_info is quite small
(say sizeof(INT)). The value returned by NtQueryValueKey() however, is for a
string, and is much longer. As NtQueryValueKey updates the value of size,
this caused other parts of the code to corrupt memory.
First chance exception: page fault on write access to 0x0000bad4 in 32-bit code (0x4021a1d0).
Register dump:
CS:0073 SS:007b DS:007b ES:007b FS:003b GS:0033
EIP:4021a1d0 ESP:406efc10 EBP:406efc1c EFLAGS:00210206( R- 00 I - -P1 )
EAX:0000bac8 EBX:4024ce88 ECX:00000378 EDX:40370074
ESI:403b8a70 EDI:403b8a50
Stack dump:
0x406efc10 (_end+0x156ce8): 403b8a50 403b8a50 40370000 406efc48
0x406efc20 (_end+0x156cf8): 4021a25f 40370000 403b8a50 00000020
0x406efc30 (_end+0x156d08): 403b8a50 00000001 00000001 4024ce88
0x406efc40 (_end+0x156d18): 403b8a50 40370000 406efc70 4021b368
0x406efc50 (_end+0x156d28): 40370000 403b8a50 40370000 403b8a50
0x406efc60 (_end+0x156d38): 00000000 405959e8 0000000c 403b8a58
0x406efc70 (_end+0x156d48):
Backtrace:
=>0 0x4021a1d0 (HEAP_CreateFreeBlock+0x120(subheap=0x40370000, ptr=0x403b8a50, size=0x20) [heap.c:417] in NTDLL.DLL) (ebp=406efc1c)
1 0x4021a25f (HEAP_MakeInUseBlockFree+0x4f(subheap=0x40370000, pArena=0x403b8a50) [heap.c:468] in NTDLL.DLL) (ebp=406efc48)
2 0x4021b368 (RtlFreeHeap+0xb8(heap=0x40370000, flags=0x2, ptr=0x403b8a58) [heap.c:1204] in NTDLL.DLL) (ebp=406efc70)
3 0x404e8981 (HeapFree+0x21(heap=0x40370000, flags=0x0, ptr=0x403b8a58) [heap.c:285] in KERNEL32.DLL) (ebp=406efc88)
4 0x404f4bab (get_registry_locale_info+0x15b(flags=0x0, value=0x40576294, buffer=0x0, len=0x0) [locale.c:822] in KERNEL32.DLL) (ebp=406efce8)
5 0x404f4fae (GetLocaleInfoW+0x1be(lcid=0x809, lctype=0x1f, buffer=0x0, len=0x0) [locale.c:934] in KERNEL32.DLL) (ebp=406efd18)
6 0x404f4cfa (GetLocaleInfoA+0x6a(lcid=0x809, lctype=0x1f, buffer=0x406efd64, len=0x100) [locale.c:859] in KERNEL32.DLL) (ebp=406efd44)
7 0x004ce4df (idag.exe.@Droptarget@initialization$qqrv+0x6fd93 in idag.exe) (ebp=406efe64)
8 0x004cf99a (idag.exe.@Droptarget@initialization$qqrv+0x7124e in idag.exe) (ebp=406efec0)
9 0x004d0384 (idag.exe.@Droptarget@initialization$qqrv+0x71c38 in idag.exe) (ebp=406efed4)
10 0x004e276d (idag.exe.@Droptarget@initialization$qqrv+0x84021 in idag.exe) (ebp=406efefc)
11 0x004e2943 (idag.exe.@Droptarget@initialization$qqrv+0x841f7 in idag.exe) (ebp=406eff24)
0x4021a1d0 (HEAP_CreateFreeBlock+0x120 [heap.c:417] in NTDLL.DLL): movl %edx,0xc(%eax)
418 pNext->prev->next = pNext->next;
Index: dlls/kernel/locale.c
===================================================================
RCS file: /home/wine/wine/dlls/kernel/locale.c,v
retrieving revision 1.27
diff -u -b -r1.27 locale.c
--- dlls/kernel/locale.c 1 Dec 2003 22:46:19 -0000 1.27
+++ dlls/kernel/locale.c 2 Dec 2003 19:52:47 -0000
@@ -742,6 +742,7 @@
static INT get_registry_locale_info( UINT flags, LPCWSTR value, LPWSTR buffer, INT len )
{
DWORD size;
+ DWORD resultSize;
INT ret;
HKEY hkey;
NTSTATUS status;
@@ -761,8 +762,9 @@
return 0;
}
- status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size );
+ status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &resultSize );
if (status == STATUS_BUFFER_OVERFLOW && !buffer) status = 0;
+ if (!(flags & LOCALE_RETURN_NUMBER)) size = info_size + resultSize;
if (!status)
{
