http://bugs.winehq.org/show_bug.cgi?id=16585 Vitaliy Margolen <vitaliy(a)kievinfo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stevie1401(a)web.de --- Comment #1 from Vitaliy Margolen <vitaliy(a)kievinfo.com> 2008-12-21 11:52:07 --- *** Bug 16583 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 Igor Tarasov <tarasov.igor(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #18107|0 |1 is obsolete| | --- Comment #3 from Igor Tarasov <tarasov.igor(a)gmail.com> 2009-01-01 07:02:00 --- Created an attachment (id=18360) --> (http://bugs.winehq.org/attachment.cgi?id=18360) WINEDEBUG=+print,+ntprint,+winspool,+driver log and backtrace Okay, I have compiled wine and ran it again. Hope this helps. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #5 from Jeff Zaroyko <jeffz(a)jeffz.name> 2009-01-01 07:50:59 --- oh, and the debug channels you applied before aren't needed, just use +psdrv -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 Jeff Zaroyko <jeffz(a)jeffz.name> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #18364|0 |1 is obsolete| | --- Comment #7 from Jeff Zaroyko <jeffz(a)jeffz.name> 2009-01-01 16:59:25 --- Created an attachment (id=18372) --> (http://bugs.winehq.org/attachment.cgi?id=18372) hack2 Thanks, I was just curious to see what the effect was because I'm not familiar with this area and I don't have the program to test myself. Try this patch instead. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #18372|application/octet-stream |text/plain mime type| | Attachment #18372|0 |1 is patch| | -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #9 from Igor Tarasov <tarasov.igor(a)gmail.com> 2009-01-02 16:07:32 --- I think I have figured it out. It's all in dlls/wineps.drv/bitmap.c. This code has a lot of similarities and copypasties from dlls/gdi32/dib.c / dlls/gdi32/bitmap.c. Maybe that code could be somehow combined? AFAIU gdi32 code is much more tested and fixed, and wineps.drv code is pretty buggy. Or it could be at least refactored, esp. in PSDRV_StretchDIBits. So, I've made it printing and not crashing this way: As far as I understand it now, PSDRV_StretchDIBits misuses srcHeight and srcWidth. I've been working olny with 32bit image section, and since all other parts have similar code I tend to think that this error is throughout all that function. http://source.winehq.org/source/dlls/wineps.drv/bitmap.c#L371 I've replaced heightSrc and widthSrc with fullSrcHeight and fullSrcWidth respectevly in all that 'case' section. Since heightSrc sometimes may become negative, and since these heightSrc and widthSrc values are pretty big, bitmap_size = heightSrc * widthSrc * 3; dst_ptr = bitmap = HeapAlloc(GetProcessHeap(), 0, bitmap_size); bitmap_size here becomes around -350 000 000, and HeapAlloc just returns 0 and this is one of the reasons for crash. Also, I've commented out line 375: src_ptr += (ySrc * widthbytes); Not sure that this is the most correct way to work this around, but ySrc in my case contains the same value as fullSrcHeight. This means, that pointer gets moved to the end of allocated memory and then in starts iterating it, increasing pointer. Clearly, it leads to crash, since memory manager won't allow getting out of boundaries. So, there were at least 2 reasons for crash. I post it all here since I am not that good in C and this code to understand why it all works so wrong and how it all should work. So, any help is appreciated. :) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #10 from Igor Tarasov <tarasov.igor(a)gmail.com> 2009-01-04 02:14:34 --- Well, after a lot of digging, I've found the following: 1. Image display is done through OLE IPicture. 2. Real image size is 467 x 338 (for simplicity, let's talk only about the first one). 3. But size that is being passed to PSDRV_StretchDIBits is 12356 x -8942. 4. OLEPictureImpl_Render may render picture to various devices. 5. ...including winex11 and it passes quite the same parameters to BITBLT_InternalStretchBlt. 6. But it does not crash, and works as expected. The difference between BITBLT_InternalStretchBlt and PSDRV_StretchDIBits in their handling of incoming data is that BITBLT_InternalStretchBlt converts logical coordinates to device coordinates (via LPtoDP) for source coordinates. See http://source.winehq.org/source/dlls/winex11.drv/bitblt.c#L1285 So, the fix seems to be simple: just add LP2DP conversion for source coordinates to PSDRV_StretchDIBits. But there is one problem: LPtoDP requires source device handle, but it does not being passed to PSDRV_StretchDIBits. Or, possibly, this conversion should be done somewhere here: http://source.winehq.org/source/dlls/gdi32/bitblt.c#L172 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #12 from Austin English <austinenglish(a)gmail.com> 2009-01-27 09:47:05 --- (In reply to comment #11)

Created an attachment (id=19020) --> (http://bugs.winehq.org/attachment.cgi?id=19020) [details] patch

Okay, I've attempted to implement it, so here is the patch. It works well for me.

A testcase would help. Please send patches to wine-patches(a)winehq.org. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #14 from Austin English <austinenglish(a)gmail.com> 2009-01-28 09:31:34 --- (In reply to comment #13)

The patch sent: http://www.winehq.org/pipermail/wine-patches/2009-January/068450.html

What's next?

Wait for it to be applied. If it's not, ask for feedback on wine-devel (though, likely the thing you'll hear most is requests for a testcase). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 --- Comment #16 from Austin English <austinenglish(a)gmail.com> 2009-01-28 09:47:17 --- Fixed then? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=16585 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #18 from Alexandre Julliard <julliard(a)winehq.org> 2009-01-30 11:04:42 --- Closing bugs fixed in 1.1.14. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.