[PATCH 0/1] MR10469: comctl32/imagelist: Allow for larger initial image count. - Wine-GitLab - list.winehq.org

newer
[PATCH 0/1] MR10488: win32u:...

[PATCH 0/1] MR10469: comctl32/imagelist: Allow for larger initial image count.

older
Re: [PATCH v9 0/3] MR10114: msi:...

Alistair Leslie-Hughes (＠alesliehughes)

March 27, 2026

5:17 a.m.

I have an application that uses 970+ as an valid initial value, and causes random crashes when restricted to 256. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10469

Reply

Sign in to reply online Use email software

Show replies by date

Alistair Leslie-Hughes

March 2026

5:17 a.m.

New subject: [PATCH 1/1] comctl32/imagelist: Allow for larger initial image count.

From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com> --- dlls/comctl32/imagelist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/comctl32/imagelist.c b/dlls/comctl32/imagelist.c index 6650e3db04b..f1d0d20b7a1 100644 --- a/dlls/comctl32/imagelist.c +++ b/dlls/comctl32/imagelist.c @@ -3664,7 +3664,7 @@ static HRESULT WINAPI ImageListImpl_Initialize(IImageList2 *iface, INT cx, INT c } /* Some applications mistakenly use a very large initial image count. Limit it to something reasonable */ - initial = min(initial, 256); + initial = min(initial, 2048); himl->cx = cx; himl->cy = cy; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10469

Reply

Sign in to reply online Use email software

Zhiyi Zhang (＠zhiyi)

5:28 a.m.

The initial image value serves as a suggestion for allocating memory. The imagelist should grow as large as needed. Please see IMAGELIST_InternalExpandBitmaps(). Do you know which function is causing the crash? Maybe it forgot to call IMAGELIST_InternalExpandBitmaps(). -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10469#note_134002

Reply

Sign in to reply online Use email software

Alistair Leslie-Hughes (＠alesliehughes)

11:39 p.m.

The issue is caused by this function ImageList_Duplicate (HIMAGELIST himlSrc) The ImageList_Create call in the function truncates the size, then further down assumes the image will be same size,. and does a memcpy which causes an access violation. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10469#note_134243

Reply

Sign in to reply online Use email software

Zhiyi Zhang (＠zhiyi)

1:13 a.m.

On Sun Mar 29 06:13:57 2026 +0000, Alistair Leslie-Hughes wrote:

The issue is caused by this function ImageList_Duplicate (HIMAGELIST himlSrc) The ImageList_Create call in the function truncates the size, then further down assumes the image will be same size,. and does a memcpy which causes an access violation. Okay, I see. Let's limit the maximum initial image size to USHORT_MAX and print a warning when it gets truncated. USHORT_MAX is the largest value that we can safely serialize according to ILHEAD. Another way is to call IMAGELIST_InternalExpandBitmaps() after ImageList_Create() in ImageList_Duplicate().

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/10469#note_134245

Reply

Sign in to reply online Use email software

1

Age (days ago)

3

Last active (days ago)

4 comments

3 participants

tags

participants (3)

Alistair Leslie-Hughes
Alistair Leslie-Hughes (＠alesliehughes)
Zhiyi Zhang (＠zhiyi)