Description
user32_winetest performs calls such as:
507 ret = GetUserObjectInformationA(old_input_desk, UOI_NAME, name, 1024, NULL);
This crashes:
Running Wine Test, Module: user32, Test: winstation
|
[7h
|
Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page Fault)
|
Memory at 0x00000000 could not be written: Page not present.
|
kdb:> bt
|
Eip:
|
<win32k.sys:7b48e (win32ss/user/ntuser/winsta.c:730 (NtUserGetObjectInformation))>
|
Frames:
|
<NTOSKRNL.EXE:140230 (ntoskrnl/include/internal/arch/../i386/ke.h:688 (KiFastCallEntryHandler))>
|
<NTOSKRNL.EXE:3ced (:0 (KiFastCallEntry))>
|
<ntdll.dll:1b500>
|
<user32_winetest.exe:cf371>
|
<user32_winetest.exe:d1a28>
|
<user32_winetest.exe:d5359>
|
<user32_winetest.exe:d6356>
|
<user32_winetest.exe:d63b8>
|
<kernel32.dll:fb63>
|
<00000000>
|
kdb:>
|
[SYSREG] Rebooting VM (retry 2)
|
... because NtUserGetObjectInformation doesn't use SEH and ProbeForWrite to write to nLengthNeeded:
/* try to copy data to caller */
|
if (Status == STATUS_SUCCESS)
|
{
|
TRACE("Trying to copy data to caller (len = %lu, len needed = %lu)\n", nLength, nDataSize);
|
*nLengthNeeded = nDataSize;
|
if (nLength >= nDataSize)
|
Status = MmCopyToCaller(pvInformation, pvData, nDataSize);
|
else
|
Status = STATUS_BUFFER_TOO_SMALL;
|
}
|
Also, this parameter is optional and should not be written to if NULL.