[Bug 8287] Custom toolbar skin makes Irfan View 4.00 crash at start up - wine-bugs

15 Sep 2008


      http://bugs.winehq.org/show_bug.cgi?id=8287
--- Comment #12 from Jan de Mooij jandemooij@gmail.com  2008-09-15 07:55:14 ---
(In reply to comment #8)
...
Hmm, why doesn't it crash in Windows? Or does it?
Windows allocates memory differently. Or the bug is hidden deeper.. If someone
wants to work on this, here are some snippets from my relay log with comments,
look how memory location 00149578 is reused:
# allocate room for "Toolbars/Grosberg_24.png", pass it to CreateDIBitmap and
free after use:
0009:Call KERNEL32.GlobalAlloc(00000040,00008068) ret=0040e2a9
0009:Ret  KERNEL32.GlobalAlloc() retval=00149578 ret=0040e2a9
0009:Call
gdi32.CreateDIBitmap(00000358,00149578,00000004,001495a0,00149578,00000000)
ret=0041fb4d
0009:Ret  gdi32.CreateDIBitmap() retval=00000378 ret=0041fb4d
0009:Call KERNEL32.GlobalFree(00149578) ret=0041511f
# allocate, use and free a LOGPALETTE struct, note that it's at the same
location:
0009:Call KERNEL32.GlobalAlloc(00000040,00000408) ret=00420c98
0009:Call gdi32.CreatePalette(00149578) ret=00420cee
0009:Call KERNEL32.GlobalFree(00149578) ret=00420d00
# CreateDIBitmap allocates struct for HBitmap 0x384, again at 0x149578
0009:Call
gdi32.CreateDIBitmap(00000358,001516a0,00000004,00151ac8,001516a0,00000000)
ret=0041fb4d
0009:trace:bitmap:CreateDIBitmap hdc=0x358, header=0x1516a0, init=4,
bits=0x151ac8, data=0x1516a0, coloruse=0 (bitmap: width=456, height=24, bpp=8,
compr=0)
0009:trace:heap:RtlAllocateHeap (0x110000,00000002,00000044): returning
0x149578
0009:trace:gdi:GDI_AllocObject (0x384): enter 1
# What is this call supposed to free?? It frees the GDI-structure allocated by
Wine, not good
0009:Call KERNEL32.GlobalFree(00149578) ret=0045fd5f
# ImageList_AddMasked is called, with HBitmap 0x384
0009:Call comctl32.ImageList_AddMasked(0014b748,00000384,00e6e6e6) ret=0045fe68
0009:trace:imagelist:ImageList_AddMasked himl=0x14b748 hbitmap=0x384
clrmask=e6e6e6
# get the struct behind it
0009:Call gdi32.GetObjectW(00000384,00000018,0032e1f4) ret=7ed9c76a
0009:trace:gdi:GetObjectW 0x384 24 0x32e1f4
0009:trace:gdi:GDI_GetObjPtr (0x384): enter 1
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7ebd68f3
And this crashes, of course.
I will leave this to someone with more low-level experience. Just wanted to
post my work, so it's not done twice.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.