https://bugs.winehq.org/show_bug.cgi?id=55960
Bug ID: 55960 Summary: user32: 512 is not enough for LB_ADDSTRING Product: Wine Version: 8.21 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: user32 Assignee: wine-bugs@winehq.org Reporter: galtgendo@o2.pl Distribution: ---
So, as noted in bug 54034, while dealing with some out-of-memory crashes, I ran into an odd one, one that could be triggered even shortly after reload and acting more like a buffer overflow bug.
Namely, if a certain string that was about to be displayed on the screen was above 530 chars (but it had newline embedded), the game crashed, but didn't if the string was manually truncated.
It left me grasping at straws, as my (quite lacking) gdb skills didn't lets me see where the crash occurred.
So, I was left waiting for some burst of inspiration.
It came today.
For some reason, this felt like I had been hitting some internal limit. I suspected wine code.
After trying a few debug channel combinations, I eventually tested 'msg'.
The strings were printed using ID3DXFontImpl_DrawTextA. In the log, I've noted LB_ADDSTRING and - after looking at that code - took a stab in the dark.
I've set the buffer size for that message in both WINPROC_CallProcAtoW and WINPROC_CallProcWtoA to 1536 (yes, likely excessively large). Making this change has fixed the crash.
I'm marking it wine 8.21, but I expect this has been around as long as wine has been using too small buffer.
https://bugs.winehq.org/show_bug.cgi?id=55960
Rafał Mużyło galtgendo@o2.pl changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|user32: 512 is not enough |user32: 512 is not enough |for LB_ADDSTRING |for LB_ADDSTRING (crash)
https://bugs.winehq.org/show_bug.cgi?id=55960
Roman Pišl rpisl@seznam.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rpisl@seznam.cz
--- Comment #1 from Roman Pišl rpisl@seznam.cz --- This is probably a problem I had with multiple applications and a duplicate of bug 48559. Very annoying bug that leads to memory corruption and crashes. The solution was not accepted but what else can be done? The same behavior is in message.c in win32u.
https://bugs.winehq.org/show_bug.cgi?id=55960
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE CC| |z.figura12@gmail.com
--- Comment #2 from Zeb Figura z.figura12@gmail.com --- Marking duplicate.
*** This bug has been marked as a duplicate of bug 48559 ***
https://bugs.winehq.org/show_bug.cgi?id=55960
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alistair Leslie-Hughes leslie_alistair@hotmail.com --- Closing duplicate.
-
WineHQ Bugzilla