winhlp32 crashes when openning freepy.hlp from command-line

Question

winhlp32 crashes when openning freepy.hlp from command-line

roytam1 opened this issue 7 months ago · comments

Describe the bug
It crashes when openning freepy.hlp from command-line or DnD to winhlp32.exe (I replaced ROS winhlp32.exe with otvdm's one here):

Unhandled exception
ExceptionCode:    c0000005
Faulting Address: 00000000
CS:EIP 1b:40d1b3
DS 23 ES 23 FS 3b GS 0
EAX: 00000000   EBX: 00238120   ECX: 00000001
EDX: 00000002   EBP: 0022fe68   ESI: 0000001e   ESP: 0022fdb0
EDI: 00257560   EFLAGS: 00000202
Address:
<winhlp32.exe:d1b3> (C:\ReactOS\winhlp32.exe@400000)
Frames:
<winhlp32.exe:11bf9> (C:\ReactOS\winhlp32.exe@400000)
<winhlp32.exe:14a9d> (C:\ReactOS\winhlp32.exe@400000)
<winhlp32.exe:1363> (C:\ReactOS\winhlp32.exe@400000)
<kernel32.dll:11cde> (C:\ReactOS\system32\kernel32.dll@7c620000)

Expected behavior
It should open freepy.hlp without crashing.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

OS: ReactOS
Version 0.4.15-git-head

Additional context
If running winhlp32.exe and open freepy.hlp from its file dialog, it doesn't crash.

tested build from: https://ci.appveyor.com/project/otya128/winevdm/builds/48749573/job/f8st5b5j4envaplf
freepy.hlp.zip

otya · Answer 1 · Thu Dec 14 2023 00:53:18 GMT+0800 (China Standard Time)

This also reproduces on Windows.
It seems that not including a title in the hlp file causes a null dereference in WINHELP_GetWindowInfo.

Roy Tam · Answer 2 · Thu Dec 14 2023 14:33:54 GMT+0800 (China Standard Time)

It seems that not including a title in the hlp file causes a null dereference in WINHELP_GetWindowInfo.

I wonder if my fix in #1347 is a proper one?

Roy Tam · Answer 3 · Sun Dec 17 2023 18:00:07 GMT+0800 (China Standard Time)

It seems that not including a title in the hlp file causes a null dereference in WINHELP_GetWindowInfo.

checked ROS' winhlp32, it can open without crashing and the line I changed is intact in ROS version. so the root of problem may be in elsewhere?
and BTW after I changed that line, it doesn't show default title.

ROS version looks more sane:

(I think this could be ROS problems)

cracyc · Answer 4 · Mon Dec 18 2023 00:28:12 GMT+0800 (China Standard Time)

Reactos allocates space for the title even if the file doesn't have one (https://github.com/reactos/reactos/blob/master/base/applications/winhlp32/hlpfile.c#L2158) so it's just a different way of fixing it.

BTW after I changed that line, it doesn't show default title.

Maybe lpszTitle should be filled with the default caption rather than just checking for null. The current logic may already try to do that but one byte is too small.

otya · Answer 5 · Mon Dec 18 2023 01:09:57 GMT+0800 (China Standard Time)

This seems to be a regression caused by adcbee1.