[Bug 11304] New: Wine Notepad: Overflow.
http://bugs.winehq.org/show_bug.cgi?id=11304 Summary: Wine Notepad: Overflow. Product: Wine Version: CVS/GIT Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: programs AssignedTo: wine-bugs(a)winehq.org ReportedBy: andrey(a)esin.name Created an attachment (id=10410) --> (http://bugs.winehq.org/attachment.cgi?id=10410) Little "exploit" to test this bug. Overflow in Wine Notepad. There is a overflow when opening a file containing a line which contain 24576 symbols (>= 24 Kb). If open such file Wine Notepad will exit with message: lastik(a)lastik:~/src/wine/cvs$ wine notepad X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 18 (X_ChangeProperty) Value in failed request: 0x1 Serial number of failed request: 6697 Current serial number in output stream: 6696 If you will open text file which contains string with more than 8192 symbols (>= 8 kb), you will see the effect of coating lines at each other. So if open file with 8191 symbols in string it's will ok. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 --- Comment #1 from Austin English <austinenglish(a)gmail.com> 2008-01-26 04:46:56 --- Confirming. On the 24Kb file, I got a different error: X connection to :0.0 broken (explicit kill or server shutdown). Notepad then froze. When I reran it and opened just that file, I get the same error as you. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |testcase -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 --- Comment #2 from Jeff Zaroyko <jeffzaroyko(a)gmail.com> 2008-07-18 02:17:19 --- (In reply to comment #1)
Confirming. On the 24Kb file, I got a different error:
X connection to :0.0 broken (explicit kill or server shutdown).
Notepad then froze. When I reran it and opened just that file, I get the same error as you.
Still present with wine-1.1.1-147-gb3f4091. I only get an error with the 24kb file. The offending call appears to be XRenderCompositeText16 called from X11DRV_XRender_ExtTextOut in winex11.drv/xrender.c -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 --- Comment #3 from Gabriele Moabiti <gabmoa(a)yahoo.it> 2008-08-27 08:12:37 --- Created an attachment (id=15680) --> (http://bugs.winehq.org/attachment.cgi?id=15680) test application for long string bug in TextOut -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Gabriele Moabiti <gabmoa(a)yahoo.it> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gabmoa(a)yahoo.it --- Comment #4 from Gabriele Moabiti <gabmoa(a)yahoo.it> 2008-08-27 08:15:02 --- I have developed a terminal app for a cnc and I am trying to port to linux with wine. I have noticed a problem maybe related to this one. It appears in hangs or errors so I have created a very simple application to reproduce only this problem (see attachment). There are two input parameters, the lenght of the string and the ascii number of character. [example, error with char 32 and lenght 21843 - Wine 1.1.2] X Error of failed request: BadLength (poly request too large or internal Xlib length error) Major opcode of failed request: 156 (RENDER) Minor opcode of failed request: 24 (RenderCompositeGlyphs16) Serial number of failed request: 934 Current serial number in output stream: 935 I noticed the ExtTextOutW use a WORD for glyps. BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, const RECT *lprect, LPCWSTR str, UINT count, const INT *lpDx ) { BOOL ret = FALSE; LPWSTR reordered_str = (LPWSTR)str; WORD *glyphs = NULL; ... may be related to this error? Any ideas?? Textout is widely used... -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified --- Comment #5 from Austin English <austinenglish(a)gmail.com> 2009-01-18 03:47:46 --- Removing deprecated CVS/GIT version tag. Please retest in current git. If the bug is still present in today's wine, but was not present in some earlier version of wine, please update version field to earliest known version of wine that had the bug. Thanks! -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 --- Comment #6 from Austin English <austinenglish(a)gmail.com> 2009-04-24 11:24:46 --- Dupe. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #7 from Austin English <austinenglish(a)gmail.com> 2009-04-24 11:25:41 --- Gr.... *** This bug has been marked as a duplicate of bug 8166 *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11304 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #8 from Austin English <austinenglish(a)gmail.com> 2009-04-24 11:30:28 --- Closing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org