[prev in list] [next in list] [prev in thread] [next in thread]
List: wine-devel
Subject: Re: [PATCH] user32: check for valid pointer in CreateIconFromResource
From: Florian_Köberle <florian () fkoeberle ! de>
Date: 2010-06-28 20:09:39
Message-ID: 4C290183.4070201 () fkoeberle ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 06/28/2010 01:44 PM, Reece Dunn wrote:
> On 28 June 2010 12:26, Alexandre Julliard <julliard@winehq.org> wrote:
>
> > Wolfram Sang <wolfram@the-dreams.de> writes:
> >
> >
> > > According to TestBot (#2851), all non-crashing Windows versions return 0.
> > >
> > > Found while working on Bug 21012. Although this patch doesn't cure this
> > > bug, I think it is still worth adding the check because the pointer
> > > may come from the (always evil ;)) user-application.
> > >
> > Do you have an actual application that does this, or is this just hiding
> > a Wine bug?
> >
> When running winedbg on bfginstaller.exe (trying to track down
> http://bugs.winehq.org/show_bug.cgi?id=14343), winedbg will trap in
> the cursoricon.c code (line 771 --
> http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a1810e22 \
> a1a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771):
> 767 /* pre-multiply by alpha */
> 768 for (i = 0, ptr = bits; i < bm.bmWidth * bm.bmHeight; i++, ptr += 4)
> 769 {
> 770 unsigned int alpha = ptr[3];
> 771 ptr[0] = ptr[0] * alpha / 255;
> 772 ptr[1] = ptr[1] * alpha / 255;
> 773 ptr[2] = ptr[2] * alpha / 255;
> 774 }
>
> The app itself does not crash there when not running without winedbg,
> but is generating an issue later on that does not make sense (which I
> am suspecting is a stack corruption issue, possibly triggered by this
> issue).
>
> I'm not sure if this is a wine bug, whether Wolfram's patch gets past
> the break triggered or whether it addresses the Big Fish Games issue.
>
> I'll test the patch tonight.
>
> - Reece
>
>
>
>
>
When debugging another application I got a page fault at the same
position. You can either type "pass" or you can set |BreakOnFirstChance
to false to prevent the debugger from running into that "first chance"
page faults. That's expecially usefull when your application triggers
the page fault very frequently. See
http://www.winehq.org/docs/winedev-guide/dbg-config for more information.
The application I were debugging has a stack corruption bug too but I
don't think it's related.
>
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
On 06/28/2010 01:44 PM, Reece Dunn wrote:
<blockquote
cite="mid:AANLkTimT_rhwx6nFGnU__l0F2LmGUjOdBgxKT_XmXmWs@mail.gmail.com"
type="cite">
<pre wrap="">On 28 June 2010 12:26, Alexandre Julliard <a \
class="moz-txt-link-rfc2396E" \
href="mailto:julliard@winehq.org"><julliard@winehq.org></a> wrote: </pre>
<blockquote type="cite">
<pre wrap="">Wolfram Sang <a class="moz-txt-link-rfc2396E" \
href="mailto:wolfram@the-dreams.de"><wolfram@the-dreams.de></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">According to TestBot (#2851), all non-crashing Windows versions \
return 0.
Found while working on Bug 21012. Although this patch doesn't cure this
bug, I think it is still worth adding the check because the pointer
may come from the (always evil ;)) user-application.
</pre>
</blockquote>
<pre wrap="">
Do you have an actual application that does this, or is this just hiding
a Wine bug?
</pre>
</blockquote>
<pre wrap="">
When running winedbg on bfginstaller.exe (trying to track down
<a class="moz-txt-link-freetext" \
href="http://bugs.winehq.org/show_bug.cgi?id=14343">http://bugs.winehq.org/show_bug.cgi?id=14343</a>), \
winedbg will trap in the cursoricon.c code (line 771 --
<a class="moz-txt-link-freetext" \
href="http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a181 \
0e22a1a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771"> \
http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a1810e22a1 \
a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771</a>):
767 /* pre-multiply by alpha */
768 for (i = 0, ptr = bits; i < bm.bmWidth * bm.bmHeight; i++, ptr += 4)
769 {
770 unsigned int alpha = ptr[3];
771 ptr[0] = ptr[0] * alpha / 255;
772 ptr[1] = ptr[1] * alpha / 255;
773 ptr[2] = ptr[2] * alpha / 255;
774 }
The app itself does not crash there when not running without winedbg,
but is generating an issue later on that does not make sense (which I
am suspecting is a stack corruption issue, possibly triggered by this
issue).
I'm not sure if this is a wine bug, whether Wolfram's patch gets past
the break triggered or whether it addresses the Big Fish Games issue.
I'll test the patch tonight.
- Reece
</pre>
</blockquote>
When debugging another application I got a page fault at the same
position. You can either type "pass" or you can set <code
class="VARNAME">BreakOnFirstChance to false to prevent the debugger
from running into that "first chance" page faults. That's expecially
usefull when your application triggers the page fault very frequently.
See <a class="moz-txt-link-freetext" \
href="http://www.winehq.org/docs/winedev-guide/dbg-config">http://www.winehq.org/docs/winedev-guide/dbg-config</a> \
for more information. <br>
<br>
The application I were debugging has a stack corruption bug too but I
don't think it's related.<br>
<br>
</code>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic