http://bugs.winehq.org/show_bug.cgi?id=10439
Summary: Raddecay crashes with:"Access violation in riched20.dll" Product: Wine Version: CVS/GIT Platform: PC URL: http://www.griffith.edu.au/__data/assets/file/0020/31367 /raddecay_v4.zip OS/Version: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: wine-richedit AssignedTo: wine-bugs@winehq.org ReportedBy: xerox_xerox2000@yahoo.co.uk
Hi, a user submitted garbage test results for this into appdb. It starts fine, but if you do "Action" from the menu, then "select element from the periodic table", and then actually select an element in the table, it crashes with a message box "Access violation in riched20.dll"
http://bugs.winehq.org/show_bug.cgi?id=10439
--- Comment #1 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2007-11-13 11:54:34 --- Created an attachment (id=9139) --> (http://bugs.winehq.org/attachment.cgi?id=9139) +relay,+seh log, last lines before the "Access violation" messagebox
http://bugs.winehq.org/show_bug.cgi?id=10439
Alex Villacís Lasso a_villacis@palosanto.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |a_villacis@palosanto.com
--- Comment #2 from Alex Villacís Lasso a_villacis@palosanto.com 2007-12-07 15:18:27 --- Bug still exists in 0.9.50 git. App is using riched32 (richedit 1.0).
Traced it down to a broken linked list at dlls/riched20/para.c at line 100:
void ME_MarkForPainting(ME_TextEditor *editor, ME_DisplayItem *first, const ME_DisplayItem *last) { while(first != last) { first->member.para.nFlags |= MEPF_REPAINT; first = first->member.para.next_para; // <-- next_para is NULL (BUG!) } }
Somehow first->member.para.next_para is unexpectedly NULL, but last != NULL, so a null pointer access occurs. Currently a NULL pointer check averts the crash, but this particular pointer should not be NULL in the first place.
http://bugs.winehq.org/show_bug.cgi?id=10439
Alex Villacís Lasso a_villacis@palosanto.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|wine-bugs@winehq.org |a_villacis@palosanto.com Status|NEW |ASSIGNED
--- Comment #3 from Alex Villacís Lasso a_villacis@palosanto.com 2007-12-07 23:25:16 --- Created an attachment (id=9545) --> (http://bugs.winehq.org/attachment.cgi?id=9545) Invalidate all the text on bogus last selection
When removing text, beginning and end offsets of last selection are not inmediately updated. When calling ME_InvalidateSelection() in paint.c, the values are clipped to the current length of the text. However, even after clipping, the values are unusable for deciding which parts of the text should be updated. The control can very well try to mark invalidated paragraphs past the end of the last paragraph, triggering a null pointer access. The application RadDecay at bug #10439 crashes because of this.
The attached patch just ignores the values when one or both of them point past the length of the current text, and invalidates everything. Existing code then recalculates the new selection beginning and end anew.
Patch already sent to wine-patches.
http://bugs.winehq.org/show_bug.cgi?id=10439
assasuka assasukasse@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |assasukasse@gmail.com
--- Comment #4 from assasuka assasukasse@gmail.com 2007-12-09 04:41:08 --- Bug confirmed on 0.9.50, program doesn't work. When selecting anything an error popup comes out for 2 times: Access violation at address 7BCDEA40 in module 'riched20.dll'. write of address 0000002C. then a RichEdit line insertion error box.
http://bugs.winehq.org/show_bug.cgi?id=10439
--- Comment #5 from Alex Villacís Lasso a_villacis@palosanto.com 2007-12-10 09:47:13 --- Patch was committed in current 0.9.50 git. It now works correctly for me.
Please pull the current git and test to see if the bug was solved for all of you.
http://bugs.winehq.org/show_bug.cgi?id=10439
Louis Lenders xerox_xerox2000@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED
--- Comment #6 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2007-12-12 16:08:38 --- @Alex, yes it's fixed. Thanks very much
http://bugs.winehq.org/show_bug.cgi?id=10439
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from Dan Kegel dank@kegel.com 2008-01-28 05:43:11 --- Closing all RESOLVED FIXED bugs older than four weeks.
http://bugs.winehq.org/show_bug.cgi?id=10439
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
-
wine-bugs@winehq.org