[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: [PATCH] user32: check for valid pointer in CreateIconFromResource
From:       Florian_Köberle <florian () fkoeberle ! de>
Date:       2010-06-28 20:09:39
Message-ID: 4C290183.4070201 () fkoeberle ! de
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On 06/28/2010 01:44 PM, Reece Dunn wrote:
> On 28 June 2010 12:26, Alexandre Julliard <julliard@winehq.org> wrote:
> 
> > Wolfram Sang <wolfram@the-dreams.de> writes:
> > 
> > 
> > > According to TestBot (#2851), all non-crashing Windows versions return 0.
> > > 
> > > Found while working on Bug 21012. Although this patch doesn't cure this
> > > bug, I think it is still worth adding the check because the pointer
> > > may come from the (always evil ;)) user-application.
> > > 
> > Do you have an actual application that does this, or is this just hiding
> > a Wine bug?
> > 
> When running winedbg on bfginstaller.exe (trying to track down
> http://bugs.winehq.org/show_bug.cgi?id=14343), winedbg will trap in
> the cursoricon.c code (line 771 --
> http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a1810e22 \
> a1a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771): 
> 767     /* pre-multiply by alpha */
> 768     for (i = 0, ptr = bits; i < bm.bmWidth * bm.bmHeight; i++, ptr += 4)
> 769     {
> 770         unsigned int alpha = ptr[3];
> 771         ptr[0] = ptr[0] * alpha / 255;
> 772         ptr[1] = ptr[1] * alpha / 255;
> 773         ptr[2] = ptr[2] * alpha / 255;
> 774     }
> 
> The app itself does not crash there when not running without winedbg,
> but is generating an issue later on that does not make sense (which I
> am suspecting is a stack corruption issue, possibly triggered by this
> issue).
> 
> I'm not sure if this is a wine bug, whether Wolfram's patch gets past
> the break triggered or whether it addresses the Big Fish Games issue.
> 
> I'll test the patch tonight.
> 
> - Reece
> 
> 
> 
> 
> 
When debugging another application I got a page fault at the same
position. You can either type "pass" or you can set |BreakOnFirstChance
to false to prevent the debugger from running into that "first chance"
page faults. That's expecially usefull when your application triggers
the page fault very frequently. See
http://www.winehq.org/docs/winedev-guide/dbg-config for more information.

The application I were debugging has a stack corruption bug too but I
don't think it's related.

> 


[Attachment #5 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
On 06/28/2010 01:44 PM, Reece Dunn wrote:
<blockquote
 cite="mid:AANLkTimT_rhwx6nFGnU__l0F2LmGUjOdBgxKT_XmXmWs@mail.gmail.com"
 type="cite">
  <pre wrap="">On 28 June 2010 12:26, Alexandre Julliard <a \
class="moz-txt-link-rfc2396E" \
href="mailto:julliard@winehq.org">&lt;julliard@winehq.org&gt;</a> wrote:  </pre>
  <blockquote type="cite">
    <pre wrap="">Wolfram Sang <a class="moz-txt-link-rfc2396E" \
href="mailto:wolfram@the-dreams.de">&lt;wolfram@the-dreams.de&gt;</a> writes:

    </pre>
    <blockquote type="cite">
      <pre wrap="">According to TestBot (#2851), all non-crashing Windows versions \
return 0.

Found while working on Bug 21012. Although this patch doesn't cure this
bug, I think it is still worth adding the check because the pointer
may come from the (always evil ;)) user-application.
      </pre>
    </blockquote>
    <pre wrap="">
Do you have an actual application that does this, or is this just hiding
a Wine bug?
    </pre>
  </blockquote>
  <pre wrap="">
When running winedbg on bfginstaller.exe (trying to track down
<a class="moz-txt-link-freetext" \
href="http://bugs.winehq.org/show_bug.cgi?id=14343">http://bugs.winehq.org/show_bug.cgi?id=14343</a>), \
winedbg will trap in the cursoricon.c code (line 771 --
<a class="moz-txt-link-freetext" \
href="http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a181 \
0e22a1a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771"> \
http://source.winehq.org/git/wine.git/?a=blob;f=dlls/user32/cursoricon.c;h=9a1810e22a1 \
a77c698a14e0d6a9a33c5d036bce0;hb=d474d3f142b6e5f50ca3253cd170695ac3cc8930#l771</a>):

 767     /* pre-multiply by alpha */
 768     for (i = 0, ptr = bits; i &lt; bm.bmWidth * bm.bmHeight; i++, ptr += 4)
 769     {
 770         unsigned int alpha = ptr[3];
 771         ptr[0] = ptr[0] * alpha / 255;
 772         ptr[1] = ptr[1] * alpha / 255;
 773         ptr[2] = ptr[2] * alpha / 255;
 774     }

The app itself does not crash there when not running without winedbg,
but is generating an issue later on that does not make sense (which I
am suspecting is a stack corruption issue, possibly triggered by this
issue).

I'm not sure if this is a wine bug, whether Wolfram's patch gets past
the break triggered or whether it addresses the Big Fish Games issue.

I'll test the patch tonight.

- Reece




  </pre>
</blockquote>
When debugging another application I got a page fault at the same
position. You can either type "pass" or you can set <code
 class="VARNAME">BreakOnFirstChance to false to prevent the debugger
from running into that "first chance" page faults. That's expecially
usefull when your application triggers the page fault very frequently.
See <a class="moz-txt-link-freetext" \
href="http://www.winehq.org/docs/winedev-guide/dbg-config">http://www.winehq.org/docs/winedev-guide/dbg-config</a> \
for more information. <br>
<br>
The application I were debugging has a stack corruption bug too but I
don't think it's related.<br>
<br>
</code>
</body>
</html>





[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic