http://bugs.winehq.org/show_bug.cgi?id=17431
Summary: SPY_DumpMem shouldn't crash when given an invalid pointer Product: Wine Version: 1.1.15 Platform: Other URL: http://test.winehq.org/data/3fa05ae6a7c08f9534badfeffbe0 2db9e00ab47a/wine_xp_ae-ub810-all/comctl32:datetime.html OS/Version: other Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: user32 AssignedTo: wine-bugs@winehq.org ReportedBy: madewokherd@gmail.com
The linked test was run by Austin English with WINEDEBUG=+all.
The line in the test that caused the crash was probably this one, or a similar line: http://source.winehq.org/git/wine.git/?a=blob;f=dlls/comctl32/tests/datetime...
The test is sending DTM_SETMCCOLOR, which has lParam as a COLORREF. SPY_DumpStructure is checking for several LVM_ messages that have a pointer in lParam. Apparently, DTM_SETMCCOLOR has the same value as one of those other symbols, and our message spy code can't tell the difference.
I don't think we can avoid this situation, but it shouldn't crash. SPY_DumpMem should be able to catch page faults.
http://bugs.winehq.org/show_bug.cgi?id=17431
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, testcase
http://bugs.winehq.org/show_bug.cgi?id=17431
--- Comment #1 from Dmitry Timoshkov dmitry@codeweavers.com 2009-02-16 23:56:36 --- SPY_DumpMem is an internal API, the caller should be fixed instead, or SPY_DumpMem should not try to access invalid memory.
http://bugs.winehq.org/show_bug.cgi?id=17431
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=17431
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|SPY_DumpMem shouldn't crash |the +message debug channel |when given an invalid |can cause crashes when |pointer |printing sent messages
--- Comment #2 from Vincent Povirk madewokherd@gmail.com 2009-02-17 07:30:48 --- SPY_DumpStructure is called with any message a program sends, if the +message debug channel is enabled. These messages can have any meaning defined by the program, especially if they are >= WM_USER. I think this is also true of messages < WM_USER, as long as they are used within a process.
I don't care HOW this is fixed, as long as +message won't cause crashes when the program sends messages.
http://bugs.winehq.org/show_bug.cgi?id=17431
--- Comment #3 from Alexandre Julliard julliard@winehq.org 2009-02-17 08:08:11 --- Messages normally have a well defined meaning, except there are some that have duplicate values like listview/datetime messages. That's an MS bug, the solution is to simply not print details for those.
http://bugs.winehq.org/show_bug.cgi?id=17431
--- Comment #4 from Austin English austinenglish@gmail.com 2009-02-18 20:12:23 --- *** Bug 17462 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=17431
--- Comment #5 from Vincent Povirk madewokherd@gmail.com 2010-07-16 15:14:30 --- Patch sent: http://www.winehq.org/pipermail/wine-patches/2010-July/090521.html
http://bugs.winehq.org/show_bug.cgi?id=17431
Vincent Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED
--- Comment #6 from Vincent Povirk madewokherd@gmail.com 2011-03-30 13:00:34 CDT --- The comctl32 datetime test succeeds with WINEDEBUG=+message.
http://bugs.winehq.org/show_bug.cgi?id=17431
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from Alexandre Julliard julliard@winehq.org 2011-04-01 12:39:52 CDT --- Closing bugs fixed in 1.3.17.
-
wine-bugs@winehq.org