http://bugs.winehq.org/show_bug.cgi?id=23849
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dotnet CC| |focht@gmx.net Component|-unknown |gdi32
--- Comment #1 from Anastasius Focht focht@gmx.net 2010-07-31 06:09:59 --- Hello,
well it's a stupid app bug. The app uses gdi32 font API incorrectly while trying to load (embedded) fonts from its resources.
+tid,+seh,+font,+relay:
--- snip --- ... 0047:Call gdi32.AddFontMemResourceEx(00199050,00055fe1,00000000,00000001) ret=0036a1c3 0047:trace:font:WineEngAddFontMemResourceEx Copying 352225 bytes of data from 0x199050 to 0x4cd9030 0047:trace:font:AddFontToList Loading font from ptr 0x4cd9030 size 352225, index 0 0047:trace:font:get_familyname Got localised name L"Arial" 0047:trace:font:AddFontToList fsCsb = 400001ff ffff0000/00007a87 80000000 00000008 00000000 0047:trace:font:AddFontToList Added font L"Arial" L"Bold" 0047:trace:seh:raise_exception code=c0000005 flags=0 addr=0x201d327a ip=201d327a tid=0047 0047:trace:seh:raise_exception info[0]=00000001 0047:trace:seh:raise_exception info[1]=00000001 0047:trace:seh:raise_exception eax=00000001 ebx=2020422c ecx=00000000 edx=00000001 esi=04cd9030 edi=20207f20 0047:trace:seh:raise_exception ebp=0032ea38 esp=0032ea00 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0047:trace:seh:call_vectored_handlers calling handler at 0x57ca3120 code=c0000005 flags=0 0047:trace:seh:call_vectored_handlers handler at 0x57ca3120 returned 0 0047:trace:seh:call_stack_handlers calling handler at 0x79fcc9ae code=c0000005 flags=0 --- snip ---
The app managed callstack:
--- snip --- 2010-07-31 10:18:51,512 [1] ERROR DigitalAlbum - SplashForm -> Set Font System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt. at HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32 cbFont, Int32 pdv, Int32 pcFonts) at HofmannDigital.HelperFont.GetEmbeddedFonts() at HofmannDigital.HelperFont.LoadEmbeddedFonts() at HofmannDigital.HelperFont.GetPrivateFontFamily(String familyName) at HofmannDigital.HelperFont.CreatePrivateFont(String familyName, Single emSize, FontStyle style) at HofmannDigital.Helper.CreateFont(String familyName, Single emSize, FontStyle style, GraphicsUnit unit, Byte gdiCharSet) at HofmannDigital.SplashForm.Initialize() 2010-07-31 10:18:51,527 [1] ERROR DigitalAlbum - SplashForm.Initialize --- snip ---
The app's P/Invoke signature for gdi32.AddFontMemResourceEx() is wrong:
HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32 cbFont, Int32 pdv, Int32 pcFonts)
Wine:
--- snip dlls/gdi32/freetype.c --- HANDLE WineEngAddFontMemResourceEx(PVOID pbFont, DWORD cbFont, PVOID pdv, DWORD *pcFonts) --- snip dlls/gdi32/freetype.c ---
P/Invoke signature from: http://www.pinvoke.net/default.aspx/gdi32.addfontmemresourceex
--- snip --- [DllImport("gdi32.dll", ExactSpelling=true)] private static extern IntPtr AddFontMemResourceEx(byte[] pbFont, int cbFont, IntPtr pdv, out uint pcFonts) --- snip ---
The App isn't passing pcFonts as out/ref param but as value (probably initialized cFonts = 1 on its own). The compiler wont tell you that mistake due to incorrect P/Invoke signature.
Not sure if Wine should fix such stupid apps/mistakes. Adding an SEH to dlls/gdi32/freetype.c:WineEngAddFontMemResourceEx() seems like an overkill as the found fonts count assigment is done _after_ the font(s) have already been added.
Better would be a write ptr probing before doing any work (call to AddFontToList()). There is nothing mentioned regarding the validation of these parameters in MSDN so this needs a test (NULL pcFonts, invalid pcFonts ptr -> 0xdeadbeef).
While you're at it the return values in error cases should be more consistent (NULL vs. 0).
Regards