http://bugs.winehq.org/show_bug.cgi?id=11304
Summary: Wine Notepad: Overflow. Product: Wine Version: CVS/GIT Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: programs AssignedTo: wine-bugs@winehq.org ReportedBy: andrey@esin.name
Created an attachment (id=10410) --> (http://bugs.winehq.org/attachment.cgi?id=10410) Little "exploit" to test this bug.
Overflow in Wine Notepad. There is a overflow when opening a file containing a line which contain 24576 symbols (>= 24 Kb). If open such file Wine Notepad will exit with message: lastik@lastik:~/src/wine/cvs$ wine notepad X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 18 (X_ChangeProperty) Value in failed request: 0x1 Serial number of failed request: 6697 Current serial number in output stream: 6696
If you will open text file which contains string with more than 8192 symbols (>= 8 kb), you will see the effect of coating lines at each other. So if open file with 8191 symbols in string it's will ok.
http://bugs.winehq.org/show_bug.cgi?id=11304
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #1 from Austin English austinenglish@gmail.com 2008-01-26 04:46:56 --- Confirming. On the 24Kb file, I got a different error:
X connection to :0.0 broken (explicit kill or server shutdown).
Notepad then froze. When I reran it and opened just that file, I get the same error as you.
http://bugs.winehq.org/show_bug.cgi?id=11304
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |testcase
http://bugs.winehq.org/show_bug.cgi?id=11304
--- Comment #2 from Jeff Zaroyko jeffzaroyko@gmail.com 2008-07-18 02:17:19 --- (In reply to comment #1)
Confirming. On the 24Kb file, I got a different error:
X connection to :0.0 broken (explicit kill or server shutdown).
Notepad then froze. When I reran it and opened just that file, I get the same error as you.
Still present with wine-1.1.1-147-gb3f4091. I only get an error with the 24kb file.
The offending call appears to be XRenderCompositeText16 called from X11DRV_XRender_ExtTextOut in winex11.drv/xrender.c
http://bugs.winehq.org/show_bug.cgi?id=11304
--- Comment #3 from Gabriele Moabiti gabmoa@yahoo.it 2008-08-27 08:12:37 --- Created an attachment (id=15680) --> (http://bugs.winehq.org/attachment.cgi?id=15680) test application for long string bug in TextOut
http://bugs.winehq.org/show_bug.cgi?id=11304
Gabriele Moabiti gabmoa@yahoo.it changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gabmoa@yahoo.it
--- Comment #4 from Gabriele Moabiti gabmoa@yahoo.it 2008-08-27 08:15:02 ---
I have developed a terminal app for a cnc and I am trying to port to linux with wine. I have noticed a problem maybe related to this one. It appears in hangs or errors so I have created a very simple application to reproduce only this problem (see attachment). There are two input parameters, the lenght of the string and the ascii number of character.
[example, error with char 32 and lenght 21843 - Wine 1.1.2] X Error of failed request: BadLength (poly request too large or internal Xlib length error) Major opcode of failed request: 156 (RENDER) Minor opcode of failed request: 24 (RenderCompositeGlyphs16) Serial number of failed request: 934 Current serial number in output stream: 935
I noticed the ExtTextOutW use a WORD for glyps.
BOOL WINAPI ExtTextOutW( HDC hdc, INT x, INT y, UINT flags, const RECT *lprect, LPCWSTR str, UINT count, const INT *lpDx ) { BOOL ret = FALSE; LPWSTR reordered_str = (LPWSTR)str; WORD *glyphs = NULL; ...
may be related to this error?
Any ideas?? Textout is widely used...
http://bugs.winehq.org/show_bug.cgi?id=11304
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
--- Comment #5 from Austin English austinenglish@gmail.com 2009-01-18 03:47:46 --- Removing deprecated CVS/GIT version tag. Please retest in current git. If the bug is still present in today's wine, but was not present in some earlier version of wine, please update version field to earliest known version of wine that had the bug. Thanks!
http://bugs.winehq.org/show_bug.cgi?id=11304
--- Comment #6 from Austin English austinenglish@gmail.com 2009-04-24 11:24:46 --- Dupe.
http://bugs.winehq.org/show_bug.cgi?id=11304
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE
--- Comment #7 from Austin English austinenglish@gmail.com 2009-04-24 11:25:41 --- Gr....
*** This bug has been marked as a duplicate of bug 8166 ***
http://bugs.winehq.org/show_bug.cgi?id=11304
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Austin English austinenglish@gmail.com 2009-04-24 11:30:28 --- Closing.
-
wine-bugs@winehq.org