[Bug 56768] New: uxtheme crash when using themed CheckBoxes
https://bugs.winehq.org/show_bug.cgi?id=56768 Bug ID: 56768 Summary: uxtheme crash when using themed CheckBoxes Product: Wine Version: 9.9 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: uxtheme Assignee: wine-bugs(a)winehq.org Reporter: kyle.kcsoftwares(a)gmail.com Distribution: --- Created attachment 76569 --> https://bugs.winehq.org/attachment.cgi?id=76569 uxtheme patch Initially found here https://jira.reactos.org/browse/CORE-16410 but also applicable to Wine 9.9 staging as "latent bug" comctl32/button.c CB_ThemedPaint, before https://github.com/wine-mirror/wine/commit/830348d78c38e9f68772bd6e5a3ea2555... passed NULL as LPCRECT prc for GetThemePartSize (allowed as per https://learn.microsoft.com/en-en/windows/win32/api/uxtheme/nf-uxtheme-getth... ) then get_image_part_size then UXTHEME_LoadImage then UXTHEME_SelectImage which unconditionnally calls POINT size = {pRect->right-pRect->left, pRect->bottom-pRect->top}; without checking pRect as non-NULL Attached patch (to be adapted here) prevents such a case. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=56768 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |source -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=56768 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4(a)web.de --- Comment #1 from Fabian Maurer <dark.shadow4(a)web.de> --- How exactly do you get a crash? Do you need a special theme for that? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #2 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- Only with a Theme that affect checkboxes, such as Royalty as mentionned in https://jira.reactos.org/browse/CORE-16410 (eg : using specific image for checked/unchecked states) and BEFORE application of the commit that hides the mishandled NULL LPRECT... or with a sample app to be built calling GetThemePartSize with a NULL pRect -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #3 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- See https://learn.microsoft.com/en-us/windows/win32/api/uxtheme/nf-uxtheme-getth... [in] prc Type: LPCRECT Pointer to a RECT structure that contains the rectangle used for the part drawing destination. This parameter may be set to NULL. Faulty code is here https://github.com/wine-mirror/wine/blob/master/dlls/uxtheme/draw.c#L232 where pRect is used with POINT size = {pRect->right-pRect->left, pRect->bottom-pRect->top}; without checking pRect as non-NULL (see the patch in attachment) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 KRosUser <kyle.kcsoftwares(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Distribution|--- |Ubuntu Version|9.9 |10.7 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #4 from Nikolay Sivov <bunglehead(a)gmail.com> --- This needs some reproducible use case. The patch you attached is obviously not for wine codebase. From the code it looks like it only happens with background images, which I guess we don't use for our builtin themes. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #5 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- Yes but that's an active code path in Wine that can lead to the NULL pRec situation. Where could I find a Wine theme to build a sample application and theme to exploit this bug if further evidence is required ? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|10.7 |9.9 --- Comment #6 from Fabian Maurer <dark.shadow4(a)web.de> --- Please don't change the version once reported.(In reply to KRosUser from comment #5)
Where could I find a Wine theme to build a sample application and theme to exploit this bug if further evidence is required ?
Not sure what you mean? I guess you'd have to make it yourself. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #7 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- OK so i'll just keep the reported faulty code path. .patch is self explanatory on what is a decent fix for Wine even if it has to be adapted to Wine codebase -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #8 from Nikolay Sivov <bunglehead(a)gmail.com> --- You reported a crash, presumably when running something with wine. If it needs a special theme, make sure you mentioned where to get it. If it needs a specific test program, mention that also. If none of that is available, it's making it more difficult for people to reproduce and figure out correct fix. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=56768 --- Comment #9 from KRosUser <kyle.kcsoftwares(a)gmail.com> --- Theme to be used : https://jira.reactos.org/secure/attachment/54626/54626_royalty_for_xp_by_pit... Program to be used calc.exe from ReactOs, in Scientific mode -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla