https://bugs.winehq.org/show_bug.cgi?id=56768
Bug ID: 56768 Summary: uxtheme crash when using themed CheckBoxes Product: Wine Version: 9.9 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: uxtheme Assignee: wine-bugs@winehq.org Reporter: kyle.kcsoftwares@gmail.com Distribution: ---
Created attachment 76569 --> https://bugs.winehq.org/attachment.cgi?id=76569 uxtheme patch
Initially found here https://jira.reactos.org/browse/CORE-16410 but also applicable to Wine 9.9 staging as "latent bug"
comctl32/button.c CB_ThemedPaint, before https://github.com/wine-mirror/wine/commit/830348d78c38e9f68772bd6e5a3ea2555... passed NULL as LPCRECT prc for GetThemePartSize (allowed as per https://learn.microsoft.com/en-en/windows/win32/api/uxtheme/nf-uxtheme-getth... ) then get_image_part_size then UXTHEME_LoadImage then UXTHEME_SelectImage which unconditionnally calls
POINT size = {pRect->right-pRect->left, pRect->bottom-pRect->top};
without checking pRect as non-NULL
Attached patch (to be adapted here) prevents such a case.