[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: DSA_* bugs
From:       "Eric Kohl" <ekohl () abo ! rhein-zeitung ! de>
Date:       1999-05-29 19:22:26
[Download RAW message or body]

Ian Schmidt wrote:
[...]
>At this point on the CVS version SHELL32 crashes because DSA_GetItemPtr
returns
>a NULL pointer.  Why?  DSA_SetItem doesn't update the nItemCount field in
the
>structure for the case where it grows the DSA heap.  DSA_GetItemPtr then
checks
>if the incoming item number (0 in this case) is >= to nItemCount and
returns
>NULL if so.
>
>This is easily fixed by adding this to DSA_SetItem:
>
>     hdsa->nMaxCount = nNewItems; (existing line)
>     hdsa->nItemCount = nIndex;         (add this, it's a duplicate of the
>non-grow case)
>
>and indeed this fixes that crash.  But one happens later from this call:

>
>trace:commctrl:DSA_GetItemPtr (0x40dc009c 499)
>
>Since earlier it did a SetItem on item 499 you'd expect this to work.
However,
>DSA_GetItemPtr's test is:
>
> if ((nIndex < 0) || (nIndex >= hdsa->nItemCount))
>    return NULL;
>
>Since nItemCount is 499, this returns NULL and another crash results.  This
can
>be fixed one of two ways: make nItemCount nIndex+1 in DSA_SetItem or change
the
>tests in GetItem and GetItemPtr to (nIndex > hdsa->nItemCount).  Either way
>gets SHELL running past this and onward to other WINE problems :-/
>
>Any comments from whoever implemented this stuff originally?
I'd prefer to fix DSA_SetItem using 'hdsa->nItemCount = nIndex + 1;'. It is
obvious that nItemCount is not set correctly. Since nItemCount stores the
number of 'used' items in the DSA it better to change it than to change the
boundary checks.

BTW, I'm working on an improved DPA_LoadStream().
--

Eric Kohl                ekohl@abo.rhein-zeitung.de


=========================================================================

[prev in list] [next in list] [prev in thread] [next in thread]