[Bug 2210] wine crashs - wine-bugs

10 May 2004


      http://bugs.winehq.org/show_bug.cgi?id=2210
saulius.krasuckas@elst.vtu.lt changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |saulius.krasuckas@elst.vtu.l
                   |                            |t
------- Additional Comments From saulius.krasuckas@elst.vtu.lt  2004-10-05 11:27 -------
Wine crashes in same way while running vidsize.exe utility from Diablo1 (at
least).  the problem shows up somewhere at windows/dialog.c lines 635-675:
dlgInfo = DIALOG_get_info(hwnd);
    dlgInfo->hwndFocus   = 0;
    dlgInfo->hUserFont   = hUserFont;
inline DIALOG_get_info() calls GetWindowLongW() and gets back with weird pointer
at dlls/user/controls.h lines 137-147.
call maps to WIN_GetWindowLong() which basically does following:
static LONG WIN_GetWindowLong( HWND hwnd, INT offset, WINDOWPROCTYPE type )
{
    LONG retvalue = 0;
    WND *wndPtr;
    // ..skipped
    if (!(wndPtr = WIN_GetPtr( hwnd )))
    {
        SetLastError( ERROR_INVALID_WINDOW_HANDLE );
        return 0;
    }
    // ..skipped
    if (offset >= 0)
    {
        // ..skipped
        retvalue = *(LONG *)(((char *)wndPtr->wExtra) + offset);
        /* Special case for dialog window procedure */
        // ..skipped
        WIN_ReleasePtr( wndPtr );
        return retvalue;
    }
// ..skipped
}
DWORD wndPtr->wExtra contains zero, and adding "offset" (containing "12") to it
plus typecasting gives us weird pointer.  i would like to know where and what
side the logic is flawed on.
BTW, that is a regression, maybe very old.  still i hadn't some time to make a
search.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.