About fdo#47044 crashed when accessing Proxy etc

classic Classic list List threaded Threaded
7 messages Options
julien2412 julien2412
Reply | Threaded
Open this post in threaded view
|

About fdo#47044 crashed when accessing Proxy etc

Hello,

Quite recently, an interesting bt has been published by "bfoman" about this bug (see https://bugs.freedesktop.org/attachment.cgi?id=62055) , here are the top lines :
sal3!rtl_uString_newFromAscii+0x15
wininetbe1_uno!rtl::OUString::createFromAscii+0x40
wininetbe1_uno!WinInetBackend::WinInetBackend+0x1a0

Searching about "createFromAscii" in "wininetbackend" files, I found them in "wininetbackend.cxx"
The only lines containing "createFromAscii" are :
  157             rtl::OUString aProxyList       = rtl::OUString::createFromAscii( lpi->lpszProxy );
  158             rtl::OUString aProxyBypassList = rtl::OUString::createFromAscii( lpi->lpszProxyBypass );

Then I wonder what was "lpi" type and just read some lines above :
126             LPINTERNET_PROXY_INFO lpi = NULL;

Then searching about LPINTERNET_PROXY_INFO gave this url :
http://msdn.microsoft.com/en-us/library/windows/desktop/aa385148%28v=vs.85%29.aspx
"
typedef struct {
  DWORD   dwAccessType;
  LPCTSTR lpszProxy;
  LPCTSTR lpszProxyBypass;
} INTERNET_PROXY_INFO, * LPINTERNET_PROXY_INFO;
"
So kept on with attributes "lpszProxy" and "lpszProxyBypass" and its type LPCTSTR, it gave this link : http://msdn.microsoft.com/en-us/library/aa383751%28v=vs.85%29.aspx
"
This type is declared in WinNT.h as follows:

#ifdef UNICODE
 typedef LPCWSTR LPCTSTR;
#else
 typedef LPCSTR LPCTSTR;
#endif
"

On the same page, we can read :
for LPCSTR :
"
A pointer to a constant null-terminated string of 8-bit Windows (ANSI) characters. For more information, see Character Sets Used By Fonts.

This type is declared in WinNT.h as follows:

typedef __nullterminated CONST CHAR *LPCSTR;
"

and for LPCWSTR :
"
A pointer to a constant null-terminated string of 16-bit Unicode characters. For more information, see Character Sets Used By Fonts.

This type is declared in WinNT.h as follows:

typedef CONST WCHAR *LPCWSTR;
"

Then going back to createFromAscii to see if it could match with all this :
sal/inc/rtl/ustring.hxx    :     static OUString createFromAscii( const sal_Char * value ) SAL_THROW(())
+
sal/inc/sal/types.h      :     typedef char  sal_Char;

Now I wonder if it's ok to use createFromAscii to manage the attributes  "lpszProxy" and "lpszProxyBypass" ? (no ironical question here, just a beginner question only :-))

Julien.
julien2412 julien2412
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

Just noticed that fdo#49903 contained the same top lines (more than 10) on the bt. However, I wonder why this part of code (shell\source\backends\wininetbe\wininetbackend.cxx) is called.

Julien
sberg sberg
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

On 05/31/2012 01:52 PM, julien2412 wrote:
> Just noticed that fdo#49903 contained the same top lines (more than 10) on
> the bt. However, I wonder why this part of code
> (shell\source\backends\wininetbe\wininetbackend.cxx) is called.

Looks like doc contains a http link to a graphic, so webdav ucp is
called to load that, which asks configmgr about proxy settings, which
(in default "system proxy settings" mode) asks WinInetBackend for the
proxy setting values.

Stephan
_______________________________________________
LibreOffice mailing list
[hidden email]
http://lists.freedesktop.org/mailman/listinfo/libreoffice
sberg sberg
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

In reply to this post by julien2412
On 05/30/2012 11:45 PM, julien2412 wrote:

> Quite recently, an interesting bt has been published by "bfoman" about this
> bug (see https://bugs.freedesktop.org/attachment.cgi?id=62055) , here are
> the top lines :
> sal3!rtl_uString_newFromAscii+0x15
> wininetbe1_uno!rtl::OUString::createFromAscii+0x40
> wininetbe1_uno!WinInetBackend::WinInetBackend+0x1a0
>
> Searching about "createFromAscii" in "wininetbackend" files, I found them in
> "wininetbackend.cxx"
> The only lines containing "createFromAscii" are :
>    157             rtl::OUString aProxyList       =
> rtl::OUString::createFromAscii( lpi->lpszProxy );
>    158             rtl::OUString aProxyBypassList =
> rtl::OUString::createFromAscii( lpi->lpszProxyBypass );
>
> Then I wonder what was "lpi" type and just read some lines above :
> 126             LPINTERNET_PROXY_INFO lpi = NULL;
>
> Then searching about LPINTERNET_PROXY_INFO gave this url :
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa385148%28v=vs.85%29.aspx
> "
> typedef struct {
>    DWORD   dwAccessType;
>    LPCTSTR lpszProxy;
>    LPCTSTR lpszProxyBypass;
> } INTERNET_PROXY_INFO, * LPINTERNET_PROXY_INFO;
> "
> So kept on with attributes "lpszProxy" and "lpszProxyBypass" and its type
> LPCTSTR, it gave this link :
> http://msdn.microsoft.com/en-us/library/aa383751%28v=vs.85%29.aspx
> "
> This type is declared in WinNT.h as follows:
>
> #ifdef UNICODE
>   typedef LPCWSTR LPCTSTR;
> #else
>   typedef LPCSTR LPCTSTR;
> #endif
> "
>
> On the same page, we can read :
> for LPCSTR :
> "
> A pointer to a constant null-terminated string of 8-bit Windows (ANSI)
> characters. For more information, see Character Sets Used By Fonts.
>
> This type is declared in WinNT.h as follows:
>
> typedef __nullterminated CONST CHAR *LPCSTR;
> "
>
> and for LPCWSTR :
> "
> A pointer to a constant null-terminated string of 16-bit Unicode characters.
> For more information, see Character Sets Used By Fonts.
>
> This type is declared in WinNT.h as follows:
>
> typedef CONST WCHAR *LPCWSTR;
> "
>
> Then going back to createFromAscii to see if it could match with all this :
> sal/inc/rtl/ustring.hxx    :     static OUString createFromAscii( const
> sal_Char * value ) SAL_THROW(())
> +
> sal/inc/sal/types.h      :     typedef char  sal_Char;
>
> Now I wonder if it's ok to use createFromAscii to manage the attributes
> "lpszProxy" and "lpszProxyBypass" ? (no ironical question here, just a
> beginner question only :-))

wininetbackend.cxx explicitly calls the InternetQueryOptionA variant, so
the returned lpszProxy and lpszProxyBypass are char-sized strings, so
calling createFromAscii shall work.  (Strictly speaking, it would cause
confusion if the strings contained characters outside ASCII, but it
would not lead to a crash within createFromAscii.)  (And the version of
LPINTERNET_PROXY_INFO seen in wininetbackend.cxx also is the one using
LPCSTR, not LPCWSTR, as the call to createFromAscii would otherwise fail
to compile; and again, char/wchar_t mismatch would not explain a crash
within createFromAscii, anyway.)

The crash within createFromAscii is near the start of
rtl_uString_newFromAscii, from the crash information it looks like it
appears at dereferencing the first byte of pCharStr (aka pTempStr),
where pCharStr == 0x8fda7dbb.  So it looks like InternetQueryOptionA
returns with the lpszProxy and/or lpszProxyBypass pointers pointing to
non-allocated memory.

What one notices is that neither of the two calls to
InternetQueryOptionA in WinInetBackend check the return value (the first
shall return with FALSE and GetLastError()==ERROR_INSUFFICIENT_BUFFER,
while the second shall return with TRUE).  Maybe the call just fails and
returns FALSE?
(<http://msdn.microsoft.com/en-us/library/windows/desktop/aa385328%28v=vs.85%29.aspx>
"Option Flags" in the description of INTERNET_OPTION_PROXY states that
it is deprecated in favour of INTERNET_OPTION_PER_CONNECTION_OPTION.)

Stephan
_______________________________________________
LibreOffice mailing list
[hidden email]
http://lists.freedesktop.org/mailman/listinfo/libreoffice
bfoman bfoman
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

In reply to this post by julien2412
julien2412 wrote
Hello,
Quite recently, an interesting bt has been published by "bfoman" about this bug (see https://bugs.freedesktop.org/attachment.cgi?id=62055) , here are the top lines :
Hi.
I just wanted to add, that if there is more I can do to debug it - I will do it (like some WinDbg magic commands as per developers' suggestions). I can reproduce at will in Windows 7 (Windows XP is not affected as I can tell atm). This is a blocker in my organization, as this is triggered always when users copy'n'paste from Intranet sites into Writer (instant crash) - and they do it quite frequently. And as per bug https://bugs.freedesktop.org/show_bug.cgi?id=49903 seems this is involved in other areas when links are processed.
Best regards.
bfoman bfoman
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

In reply to this post by julien2412
julien2412 wrote
Quite recently, an interesting bt has been published by "bfoman" about this bug (see https://bugs.freedesktop.org/attachment.cgi?id=62055) , here are the top lines :
Also check updated bt at https://bugs.freedesktop.org/attachment.cgi?id=62322
julien2412 julien2412
Reply | Threaded
Open this post in threaded view
|

Re: About fdo#47044 crashed when accessing Proxy etc

In reply to this post by sberg
Thank you for the explanation Stephan. It 's a little more clear now but still :
- typedef to define function alias
- double call of a function (why ?)
- "alloca" ?  (just read some pages on this function alloca that I didn't know showed a real debate about it but I summarized by "can be useful but be very careful"), ....
- what about if we need Unicode ? (would we need it ?) Change InternetQueryOptionA by InternetQueryOptionW and replace "createFromAscii" by something else ?
Too much non beginner elements for me to even try a patch, sorry :-(

Julien