Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

[-- Attachment #1: Type: text/plain, Size: 2328 bytes --]

Hi folks,

When playing with Cygwin / MSYS2 on Wine, I found a crashing related
to LsaLookupSids.


In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from
arg.full_acc->dom to dom:

1768     *wcpncpy (dom, arg.full_acc->dom->Buffer,
1769           arg.full_acc->dom->Length / sizeof (WCHAR)) = L'\0';

where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].DomainIndex]

winsup/cygwin/grp.cc:

650           fetch_acc_t full_acc =
651         {
652           .sid = sidp_buf[ncnt],
653           .name = &nlst[ncnt].Name,
654           .dom = &dlst->Domains[nlst[ncnt].DomainIndex].Name,
655           .acc_type = nlst[ncnt].Use
656         };

According to my test [1]. DomainIndex can be -1 sometimes, which seems
valid according to a similar MSDN entry [2]:

--- snip ---

Otherwise, the corresponding TranslatedNames entry MUST be updated with:

Use: SidTypeUnknown.

Name: Empty, unless LookupLevel is LsapLookupWksta. In that case, Name
MUST contain the textual representation of the corresponding SID, as
in step 2.

Flags: 0x00000000 (also see the following paragraph).

DomainIndex: -1.
--- snip ---

On windows, I never found crashing when accessing to Domains[-1]:
While it might be safe, but it might not be meaningful, here is an
example output of content of Domains[-1]:

lsa.c:431: haha names[8].DomainIndex -1
lsa.c:432: use 8 /* SidTypeUnknown */
lsa.c:433: name L"S-1-5-5-0-117053"
lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */
lsa.c:436: domain sid 00000020 /* not like a valid sid */

By comparing to a normal output, I strongly doubt Domains[-1] is meaningful.

lsa.c:431: names[7].DomainIndex 1
lsa.c:432: use 5
lsa.c:433: name L"This Organization"
lsa.c:434: domain name L"NT AUTHORITY"
lsa.c:436: domain sid 009808E8

Anyone know whether it is expected to access Domains[-1] in this case?

On Wine, accessing to Domains[-1] cause a crashing, I'll proposal a
patch to Wine to workaround this [as attachment], but it would be
great to see this issue also fixed at the Cygwin side if it is a
hidden bug.

Thanks for any comments and keep the great work!


[1] https://testbot.winehq.org/JobDetails.pl?Key=12577 (see attachment
for test case source code)
[2] https://msdn.microsoft.com/en-us/library/cc234496.aspx


-- 
Regards,
Qian Hong

-
http://www.winehq.org

[-- Attachment #2: 0001-advapi32-prepend-a-hidden-Domain-1-to-prevent-applicat.txt --]
[-- Type: text/plain, Size: 5142 bytes --]

From 9ade3cce58a26560920535496832e796f2fc0d90 Mon Sep 17 00:00:00 2001
From: Qian Hong <qhong@codeweavers.com>
Date: Wed, 1 Apr 2015 18:05:42 +0800
Subject: [PATCH] advapi32: prepend a hidden Domain[-1] to prevent application
 crashing when access to Domain[-1] by accident.

---
 dlls/advapi32/lsa.c       |  9 ++++++---
 dlls/advapi32/tests/lsa.c | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
index 2a8b791..8320d58 100644
--- a/dlls/advapi32/lsa.c
+++ b/dlls/advapi32/lsa.c
@@ -488,14 +488,16 @@ NTSTATUS WINAPI LsaLookupSids(
     if (!(*Names = heap_alloc(name_fullsize))) return STATUS_NO_MEMORY;
     /* maximum count of stored domain infos is Count, allocate it like that cause really needed
        count could only be computed after sid data is retrieved */
-    domain_fullsize = sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION)*Count;
+    domain_fullsize = sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION)*(Count+1);
     if (!(*ReferencedDomains = heap_alloc(domain_fullsize)))
     {
         heap_free(*Names);
         return STATUS_NO_MEMORY;
     }
     (*ReferencedDomains)->Entries = 0;
-    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST));
+    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION));
+    (*ReferencedDomains)->Domains[-1].Name.Buffer = NULL;
+    (*ReferencedDomains)->Domains[-1].Name.Length = 0;
 
     /* Get full names data length and full length needed to store domain name and SID */
     for (i = 0; i < Count; i++)
@@ -503,6 +505,7 @@ NTSTATUS WINAPI LsaLookupSids(
         (*Names)[i].Use = SidTypeUnknown;
         (*Names)[i].DomainIndex = -1;
         (*Names)[i].Name.Buffer = NULL;
+        (*Names)[i].Name.Length = 0;
 
         memset(&(*ReferencedDomains)->Domains[i], 0, sizeof(LSA_TRUST_INFORMATION));
 
@@ -555,7 +558,7 @@ NTSTATUS WINAPI LsaLookupSids(
 
     *ReferencedDomains = heap_realloc(*ReferencedDomains, domain_fullsize);
     /* fix pointer after reallocation */
-    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST));
+    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION));
     domain_data = (char*)(*ReferencedDomains)->Domains + sizeof(LSA_TRUST_INFORMATION)*Count;
 
     mapped = 0;
diff --git a/dlls/advapi32/tests/lsa.c b/dlls/advapi32/tests/lsa.c
index 1a0d211..38fee45 100644
--- a/dlls/advapi32/tests/lsa.c
+++ b/dlls/advapi32/tests/lsa.c
@@ -361,7 +361,10 @@ static void test_LsaLookupSids(void)
     LSA_TRANSLATED_NAME *names;
     LSA_HANDLE policy;
     TOKEN_USER *user;
+    TOKEN_GROUPS *groups;
+    int group_id;
     NTSTATUS status;
+    PSID sids[257];
     HANDLE token;
     DWORD size;
     BOOL ret;
@@ -392,6 +395,7 @@ static void test_LsaLookupSids(void)
        ok((char*)list->Domains[0].Sid - (char*)list->Domains > 0, "%p, %p\n", list->Domains, list->Domains[0].Sid);
        ok(list->Domains[0].Name.MaximumLength > list->Domains[0].Name.Length, "got %d, %d\n", list->Domains[0].Name.MaximumLength,
            list->Domains[0].Name.Length);
+       trace("haha names[0].DomainIndex %d\n", names[0].DomainIndex);
     }
 
     pLsaFreeMemory(names);
@@ -399,6 +403,39 @@ static void test_LsaLookupSids(void)
 
     HeapFree(GetProcessHeap(), 0, user);
 
+    /* Test Enum TokenGroups */
+    ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
+    ok(!ret, "got %d\n", ret);
+
+    groups = HeapAlloc(GetProcessHeap(), 0, size);
+    ret = GetTokenInformation(token, TokenGroups, groups, size, &size);
+    ok(ret, "got %d\n", ret);
+
+    for (group_id = 0; group_id < groups->GroupCount; group_id++)
+        sids[group_id] = groups->Groups[group_id].Sid;
+
+    status = pLsaLookupSids(policy, groups->GroupCount, sids, &list, &names);
+    ok(status == STATUS_SUCCESS, "got 0x%08x\n", status);
+
+    ok(list->Entries > 0, "got %d\n", list->Entries);
+    for (group_id = 0; group_id < groups->GroupCount; group_id++)
+    {
+        trace("entries %d\n", list->Entries);
+        if (list->Entries)
+        {
+           trace("names[%d].DomainIndex %d\n", group_id, names[group_id].DomainIndex);
+           trace("use %d\n", names[group_id].Use);
+           trace("name %s\n", wine_dbgstr_wn(names[group_id].Name.Buffer, names[group_id].Name.Length/sizeof(WCHAR)));
+           trace("domain name %s\n", wine_dbgstr_wn(list->Domains[names[group_id].DomainIndex].Name.Buffer, list->Domains[names[group_id].DomainIndex].Name.Length/sizeof(WCHAR)));
+        }
+           trace("domain sid %p\n", list->Domains[names[group_id].DomainIndex].Sid);
+    }
+
+    pLsaFreeMemory(names);
+    pLsaFreeMemory(list);
+
+    HeapFree(GetProcessHeap(), 0, groups);
+
     CloseHandle(token);
 
     status = pLsaClose(policy);
-- 
2.1.0


[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2077 bytes --]

Hi Qian,

On Apr  1 18:15, Qian Hong wrote:
> Hi folks,
> 
> When playing with Cygwin / MSYS2 on Wine, I found a crashing related
> to LsaLookupSids.
> 
> 
> In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from
> arg.full_acc->dom to dom:
> 
> 1768     *wcpncpy (dom, arg.full_acc->dom->Buffer,
> 1769           arg.full_acc->dom->Length / sizeof (WCHAR)) = L'\0';
> 
> where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].DomainIndex]
> 
> winsup/cygwin/grp.cc:
> 
> 650           fetch_acc_t full_acc =
> 651         {
> 652           .sid = sidp_buf[ncnt],
> 653           .name = &nlst[ncnt].Name,
> 654           .dom = &dlst->Domains[nlst[ncnt].DomainIndex].Name,
> 655           .acc_type = nlst[ncnt].Use
> 656         };
> 
> According to my test [1]. DomainIndex can be -1 sometimes, which seems
> valid according to a similar MSDN entry [2]:

Ouch.  I missed this hint in the description of LsaLookupSids:

  DomainIndex

    [...]
    If there is no corresponding domain for an account, this member
    contains a negative value.

> On windows, I never found crashing when accessing to Domains[-1]:
> While it might be safe, but it might not be meaningful, here is an
> example output of content of Domains[-1]:
> 
> lsa.c:431: haha names[8].DomainIndex -1
> lsa.c:432: use 8 /* SidTypeUnknown */
> lsa.c:433: name L"S-1-5-5-0-117053"
> lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */
> lsa.c:436: domain sid 00000020 /* not like a valid sid */

Ok, that makes sense.  This is a logon SID, a session-unique SID created
at logon time.  Not looking for invalid domain refs is clearly a bug in
Cygwin.  Since, as you said, Windows doesn't crash when accessing
ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
new Cygwin snapshot to https://cygwin.com/snapshots/ later today.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

Hi Corinna,

On Wed, Apr 1, 2015 at 6:37 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> Ok, that makes sense.  This is a logon SID, a session-unique SID created
> at logon time.  Not looking for invalid domain refs is clearly a bug in
> Cygwin.  Since, as you said, Windows doesn't crash when accessing
> ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
> new Cygwin snapshot to https://cygwin.com/snapshots/ later today.

Thanks very much for the quick response, I would be here to help to test ;-)


-- 
Regards,
Qian Hong

-
http://www.winehq.org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

On Wed, Apr 1, 2015 at 6:37 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> This is a logon SID, a session-unique SID created
> at logon time.

Indeed, this is very useful information, I guess you mean
SECURITY_BUILTIN_DOMAIN_RID, I'll investigate a bit more and improve
my Wine patch, thank you for the hint ;-)



-- 
Regards,
Qian Hong

-
http://www.winehq.org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 897 bytes --]

On Apr  1 18:46, Qian Hong wrote:
> On Wed, Apr 1, 2015 at 6:37 PM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> > This is a logon SID, a session-unique SID created
> > at logon time.
> 
> Indeed, this is very useful information, I guess you mean
> SECURITY_BUILTIN_DOMAIN_RID,

No, wait.  SECURITY_BUILTIN_DOMAIN_RID (32) is the RID for the "BUILTIN"
domain which contains well known groups like

  Administrators ==> SID S-1-5-32-544
  Users          ==> SID S-1-5-32-545
  etc.

SID S-1-5-5-... are logon SIDs.  They are generated on the fly to
identify your session and added to your user token's group list.  The
macro connected to them are SECURITY_LOGON_IDS_RID and
SECURITY_LOGON_IDS_RID_COUNT.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 921 bytes --]

On Apr  1 18:41, Qian Hong wrote:
> Hi Corinna,
> 
> On Wed, Apr 1, 2015 at 6:37 PM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> > Ok, that makes sense.  This is a logon SID, a session-unique SID created
> > at logon time.  Not looking for invalid domain refs is clearly a bug in
> > Cygwin.  Since, as you said, Windows doesn't crash when accessing
> > ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
> > new Cygwin snapshot to https://cygwin.com/snapshots/ later today.
> 
> Thanks very much for the quick response, I would be here to help to test ;-)

Done.

Please give the April's fool snapshot from https://cygwin.com/snapshots/
a try.  Or build yourself from git HEAD, whatever you prefer.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1174 bytes --]

On Apr  1 13:36, Corinna Vinschen wrote:
> On Apr  1 18:41, Qian Hong wrote:
> > Hi Corinna,
> > 
> > On Wed, Apr 1, 2015 at 6:37 PM, Corinna Vinschen
> > <corinna-cygwin@cygwin.com> wrote:
> > > Ok, that makes sense.  This is a logon SID, a session-unique SID created
> > > at logon time.  Not looking for invalid domain refs is clearly a bug in
> > > Cygwin.  Since, as you said, Windows doesn't crash when accessing
> > > ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
> > > new Cygwin snapshot to https://cygwin.com/snapshots/ later today.
> > 
> > Thanks very much for the quick response, I would be here to help to test ;-)
> 
> Done.
> 
> Please give the April's fool snapshot from https://cygwin.com/snapshots/
> a try.  Or build yourself from git HEAD, whatever you prefer.

Uhm, sorry, I `git commit'ed, but forgot to `git push'.  Old CVS
user here :}

I now `git push'ed and re-created the April's fool snapshot *with* the
patch to address your issue.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

On Wed, Apr 1, 2015 at 7:02 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> No, wait.  SECURITY_BUILTIN_DOMAIN_RID (32) is the RID for the "BUILTIN"
> domain which contains well known groups like
>
>   Administrators ==> SID S-1-5-32-544
>   Users          ==> SID S-1-5-32-545
>   etc.
>
> SID S-1-5-5-... are logon SIDs.  They are generated on the fly to
> identify your session and added to your user token's group list.  The
> macro connected to them are SECURITY_LOGON_IDS_RID and
> SECURITY_LOGON_IDS_RID_COUNT.

Thanks again! You are right. I was confused by 0x00000020, I thought
it is a constant, further testing indicate it is just garbage value.


-- 
Regards,
Qian Hong

-
http://www.winehq.org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

Hi Corinna,

On Wed, Apr 1, 2015 at 8:22 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
>
> I now `git push'ed and re-created the April's fool snapshot *with* the
> patch to address your issue.
Thanks for the quick fix.

I tested a little bit but it doesn't work, and my patch to Wine still works.

Unfortunately it would be a bit tricky for me to provide a backtrace
very soon due to limited debug symbol support of WineDbg. Before look
deeper, could we confirm we are testing the same binary?

I'm testing:
 x86/cygwin1-20150401.dll.xz

$ sha1sum cygwin1-20150401.dll.xz
01d5092d48f3742cedcb28ea646b10088373d549  cygwin1-20150401.dll.xz

$ sha1sum cygwin1-20150401.dll
5619b74582a6584626c6dc05106698f9560d0d8a  cygwin1-20150401.dll

I renamed cygwin1-20150401.dll to  cygwin1.dll and copied to
C:\cygwin\bin\cygwin1.dll

But Wine bash.exe still crashes, in a slightly different way:
originally, it complains about access to invalid memory address
0x00000002, now it turns to invalid address 0x00000000 => not sure
this is useful information.

Here is some strace.exe output:

  228  142321 [main] bash 11 __get_lcid_from_locale: LCID=0x0409
  659  142980 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
<Administrators:S-1-5-32-544:544:>
  715  143695 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
<LOCAL:S-1-2-0:66048:>
  146  143841 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
<INTERACTIVE:S-1-5-4:4:>
  141  143982 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
<Authenticated Users:S-1-5-11:11:>
  155  144137 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
<Users:S-1-5-32-545:545:>
--- Process 11, exception c0000005 at 6113FD85
  236  144373 [main] bash 11 exception::handle: In
cygwin_except_handler exception 0xC0000005 at 0x6113FD85 sp 0x6CC204
  138  144511 [main] bash 11 exception::handle: In
cygwin_except_handler signal 11 at 0x6113FD85
  138  144649 [main] bash 11 try_to_debug: debugger_command ''
  147  144796 [main] bash 11 _cygtls::inside_kernel: pc 0x6113FD85, h
0x61000000, inside_kernel 0
  273  145069 [main] bash 11 normalize_posix_path: src /dev/kmsg
  135  145204 [main] bash 11 normalize_posix_path: /dev/kmsg =
normalize_posix_path (/dev/kmsg)
  139  145343 [main] bash 11 mount_info::conv_to_win32_path:
conv_to_win32_path (/dev/kmsg)
  137  145480 [main] bash 11 mount_info::conv_to_win32_path: src_path
/dev/kmsg, dst \Device\MailSlot\cygwin\dev\kmsg, flags 0x2, rc 0
  151  145631 [main] bash 11 __set_errno: fhandler_base*
build_fh_name(const char*, unsigned int, suffix_info*):443 setting
errno 6

I can investigate deeper if that helps, maybe tomorrow.

-- 
Regards,
Qian Hong

-
http://www.winehq.org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2637 bytes --]

On Apr  1 21:31, Qian Hong wrote:
> Hi Corinna,
> 
> On Wed, Apr 1, 2015 at 8:22 PM, Corinna Vinschen
> <corinna-cygwin@cygwin.com> wrote:
> >
> > I now `git push'ed and re-created the April's fool snapshot *with* the
> > patch to address your issue.
> Thanks for the quick fix.
> 
> I tested a little bit but it doesn't work, and my patch to Wine still works.
> 
> Unfortunately it would be a bit tricky for me to provide a backtrace
> very soon due to limited debug symbol support of WineDbg. Before look
> deeper, could we confirm we are testing the same binary?
> 
> I'm testing:
>  x86/cygwin1-20150401.dll.xz
> 
> $ sha1sum cygwin1-20150401.dll.xz
> 01d5092d48f3742cedcb28ea646b10088373d549  cygwin1-20150401.dll.xz
> 
> $ sha1sum cygwin1-20150401.dll
> 5619b74582a6584626c6dc05106698f9560d0d8a  cygwin1-20150401.dll
> 
> I renamed cygwin1-20150401.dll to  cygwin1.dll and copied to
> C:\cygwin\bin\cygwin1.dll
> 
> But Wine bash.exe still crashes, in a slightly different way:
> originally, it complains about access to invalid memory address
> 0x00000002, now it turns to invalid address 0x00000000 => not sure
> this is useful information.

A bit more debugging would be useful.  I debugged this on native
Windows and the code is not accessing a negative index to the domain
list anymore.  From my POV *this* part of the code is working as
desired.

> Here is some strace.exe output:
> 
>   228  142321 [main] bash 11 __get_lcid_from_locale: LCID=0x0409
>   659  142980 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
> <Administrators:S-1-5-32-544:544:>
>   715  143695 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
> <LOCAL:S-1-2-0:66048:>
>   146  143841 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
> <INTERACTIVE:S-1-5-4:4:>
>   141  143982 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
> <Authenticated Users:S-1-5-11:11:>
>   155  144137 [main] bash 11 pwdgrp::fetch_account_from_windows: line:
> <Users:S-1-5-32-545:545:>
> --- Process 11, exception c0000005 at 6113FD85

That's a crash in wcsncpy.  Where's the NULL pointer coming from?
The pointer I created for the domain name points to an empty
unicode string, it's not NULL.

Oh, hang on.

On Windows, the name part of the logon sid is the login sid as 
a string.  So, if the login sid is S-1-5-5-0-1234, the name of the
sid is L"S-1-5-5-0-1234".

Is it possible that Wine doesn't reflect that?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

[Qian Hong]

Hi Corinna,

On Wed, Apr 1, 2015 at 9:45 PM, Corinna Vinschen
<corinna-cygwin@cygwin.com> wrote:
> That's a crash in wcsncpy.  Where's the NULL pointer coming from?
> The pointer I created for the domain name points to an empty
> unicode string, it's not NULL.
>
> Oh, hang on.
>
> On Windows, the name part of the logon sid is the login sid as
> a string.  So, if the login sid is S-1-5-5-0-1234, the name of the
> sid is L"S-1-5-5-0-1234".
>
> Is it possible that Wine doesn't reflect that?

Thanks for the hints, very useful. My previous patch actually
fixed(hacked) two independent issue in Wine, sorry for not mention
about it, I just forgot. Now Cygwin fixed one, the remain one seems
like a Wine bug, nothing to do with Cygwin. With the second issue
fixed(hacked) in Wine, Cygwin is happy now. I'll investigate the
second issue deeper, maybe your hints is exactly the reason.

Thank you very much for the help!

-- 
Regards,
Qian Hong

-
http://www.winehq.org

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple