https://bugs.winehq.org/show_bug.cgi?id=51496 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu(a)mailbox.org --- Comment #1 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Created attachment 70343 --> https://bugs.winehq.org/attachment.cgi?id=70343 Remove in release_clipboard entries where the depending entry got removed. I tried to collect some more information. As far as I see in wineservers clipboard objects format list appears an entry similar to that one with id=13=CF_UNICODETEXT: (rr) print *(struct clip_format *)clipboard->formats->next $148 = {entry = {}, id = 13, from = 0, seqno = 10, size = 0, data = 0x0} A little later it looks like another entry appears that is derived from that one, this with id=1=CF_TEXT: (rr) print *(struct clip_format *)clipboard->formats->next->...next->next $154 = {entry = {}, id = 1, from = 13, seqno = 16, size = 0, data = 0x0} Then in a request release_clipboard the first entry gets removed from the list. (rr) print *(struct clip_format *)clipboard->formats->next->...->next $57 = {entry = {}, id = 13, from = 1, seqno = 18, size = 0, data = 0x0} And now a call GetClipboardData(CF_UNICODETEXT) by explorer.exe recreates an entry with id=13=CF_UNICODETEXT, but now with from=1=CF_TEXT: That way GetClipboardData never returns because the wineserver request CF_UNICODETEXT returns the depending CF_TEXT and vice versa. (rr) bt #0 GetClipboardData(a)4 (format=1) at dlls/user32/clipboard.c:1035 #1 0x6ed0f4e6 in GetClipboardData(a)4 () at dlls/user32/clipboard.c:581 #2 0x6ed0f4e6 in GetClipboardData(a)4 () at dlls/user32/clipboard.c:581 #3 0x6ed0f4e6 in GetClipboardData(a)4 () at dlls/user32/clipboard.c:581 #4 0x6ed0f4e6 in GetClipboardData(a)4 () at dlls/user32/clipboard.c:581 #5 0x6ed0f4e6 in GetClipboardData(a)4 () at dlls/user32/clipboard.c:581 #6 0x7e702b48 in export_selection () at dlls/winex11.drv/clipboard.c:1505 #7 0x7e7041db in X11DRV_SelectionRequest at dlls/winex11.drv/clipboard.c:2120 #8 0x7e708dba in call_event_handler () at dlls/winex11.drv/event.c:405 #9 0x7e708f2b in process_events () at dlls/winex11.drv/event.c:460 #10 0x7e7090c4 in X11DRV_MsgWaitForMultipleObjectsEx event.c:500 #11 0x6edad1f3 in wait_message () at dlls/user32/winproc.c:1164 #12 0x6ed6025b in wait_objects () at dlls/user32/message.c:3007 #13 0x6ed68b46 in GetMessageW(a)16 () at dlls/user32/message.c:3815 #14 0x7e704024 in clipboard_thread () at dlls/winex11.drv/clipboard.c:2071 #15 0x7b62e250 in WriteTapemark(a)16 () Attached draft patch is an attempt to remove also the entry with from=13, when the entry with id=13 is removed in release_clipboard. Then I could not observe the crash, but some tests fail, maybe visible because of the KDE desktop. It passed here: https://testbot.winehq.org/JobDetails.pl?Key=94491 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=51496 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch Assignee|wine-bugs(a)winehq.org |fgouget(a)codeweavers.com --- Comment #2 from François Gouget <fgouget(a)codeweavers.com> --- Thanks a lot for the patch, it pinpointed the source of the issue. Looking into it I figured out that the patch can be simplified: * Only the Wine server can set the from field. * The from field also can only reference entries that precede it in the list because the synthesized formats must have a lower priority. That means when we loop other the list the formats referenced by the from field will be removed first. * All the synthesized formats are below CF_MAX. All that combined means we can check whether the format referenced by the from field is 'present' by checking the format_map field which simplifies the code. So I submitted a patch based on that idea. https://www.winehq.org/pipermail/wine-devel/2021-August/192280.html I also wanted a test that can reproduce the issue to be sure I understood it correctly. I also submitted a user32:clipboard patch for that: https://www.winehq.org/pipermail/wine-devel/2021-August/192279.html -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=51496 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 6.15. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.