http://bugs.winehq.org/show_bug.cgi?id=23849 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dotnet CC| |focht(a)gmx.net Component|-unknown |gdi32 --- Comment #1 from Anastasius Focht <focht(a)gmx.net> 2010-07-31 06:09:59 --- Hello, well it's a stupid app bug. The app uses gdi32 font API incorrectly while trying to load (embedded) fonts from its resources. +tid,+seh,+font,+relay: --- snip --- ... 0047:Call gdi32.AddFontMemResourceEx(00199050,00055fe1,00000000,00000001) ret=0036a1c3 0047:trace:font:WineEngAddFontMemResourceEx Copying 352225 bytes of data from 0x199050 to 0x4cd9030 0047:trace:font:AddFontToList Loading font from ptr 0x4cd9030 size 352225, index 0 0047:trace:font:get_familyname Got localised name L"Arial" 0047:trace:font:AddFontToList fsCsb = 400001ff ffff0000/00007a87 80000000 00000008 00000000 0047:trace:font:AddFontToList Added font L"Arial" L"Bold" 0047:trace:seh:raise_exception code=c0000005 flags=0 addr=0x201d327a ip=201d327a tid=0047 0047:trace:seh:raise_exception info[0]=00000001 0047:trace:seh:raise_exception info[1]=00000001 0047:trace:seh:raise_exception eax=00000001 ebx=2020422c ecx=00000000 edx=00000001 esi=04cd9030 edi=20207f20 0047:trace:seh:raise_exception ebp=0032ea38 esp=0032ea00 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0047:trace:seh:call_vectored_handlers calling handler at 0x57ca3120 code=c0000005 flags=0 0047:trace:seh:call_vectored_handlers handler at 0x57ca3120 returned 0 0047:trace:seh:call_stack_handlers calling handler at 0x79fcc9ae code=c0000005 flags=0 --- snip --- The app managed callstack: --- snip --- 2010-07-31 10:18:51,512 [1] ERROR DigitalAlbum - SplashForm -> Set Font System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt. at HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32 cbFont, Int32 pdv, Int32 pcFonts) at HofmannDigital.HelperFont.GetEmbeddedFonts() at HofmannDigital.HelperFont.LoadEmbeddedFonts() at HofmannDigital.HelperFont.GetPrivateFontFamily(String familyName) at HofmannDigital.HelperFont.CreatePrivateFont(String familyName, Single emSize, FontStyle style) at HofmannDigital.Helper.CreateFont(String familyName, Single emSize, FontStyle style, GraphicsUnit unit, Byte gdiCharSet) at HofmannDigital.SplashForm.Initialize() 2010-07-31 10:18:51,527 [1] ERROR DigitalAlbum - SplashForm.Initialize --- snip --- The app's P/Invoke signature for gdi32.AddFontMemResourceEx() is wrong: HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32 cbFont, Int32 pdv, Int32 pcFonts) Wine: --- snip dlls/gdi32/freetype.c --- HANDLE WineEngAddFontMemResourceEx(PVOID pbFont, DWORD cbFont, PVOID pdv, DWORD *pcFonts) --- snip dlls/gdi32/freetype.c --- P/Invoke signature from: http://www.pinvoke.net/default.aspx/gdi32.addfontmemresourceex --- snip --- [DllImport("gdi32.dll", ExactSpelling=true)] private static extern IntPtr AddFontMemResourceEx(byte[] pbFont, int cbFont, IntPtr pdv, out uint pcFonts) --- snip --- The App isn't passing pcFonts as out/ref param but as value (probably initialized cFonts = 1 on its own). The compiler wont tell you that mistake due to incorrect P/Invoke signature. Not sure if Wine should fix such stupid apps/mistakes. Adding an SEH to dlls/gdi32/freetype.c:WineEngAddFontMemResourceEx() seems like an overkill as the found fonts count assigment is done _after_ the font(s) have already been added. Better would be a write ptr probing before doing any work (call to AddFontToList()). There is nothing mentioned regarding the validation of these parameters in MSDN so this needs a test (NULL pcFonts, invalid pcFonts ptr -> 0xdeadbeef). While you're at it the return values in error cases should be more consistent (NULL vs. 0). Regards -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.