https://bugs.winehq.org/show_bug.cgi?id=51856
Bug ID: 51856 Summary: access violation at emfdc_delete_object+0x17 Product: Wine Version: 6.19 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdi32 Assignee: wine-bugs@winehq.org Reporter: savelov@gmail.com Distribution: ---
Created attachment 70763 --> https://bugs.winehq.org/attachment.cgi?id=70763 backtrace
starting with wine 6.16 riched20.dll crashes when calling gdi32.DeleteObject in emfdc_delete_object+0x17 [Z:\usr\src\packages\BUILD\dlls\gdi32\emfdc.c:224]
application: samo-tour 5.3 wine config - winetricks riched20 use case - launch fastreport module, render rich text report
result - shows an error - Access violation at address 6C9CE4D7 in module 'gdi32.dll'. Read of address 000000A8
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #1 from Eugene Savelov savelov@gmail.com --- Created attachment 70764 --> https://bugs.winehq.org/attachment.cgi?id=70764 disasm of crash
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #2 from Eugene Savelov savelov@gmail.com --- $eax=0 , apparently previous call returned NULL instead of a valid pointer
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #3 from Eugene Savelov savelov@gmail.com --- application - SAMO Tour agent https://appdb.winehq.org/objectManager.php?sClass=application&iId=8803
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #4 from Eugene Savelov savelov@gmail.com --- https://github.com/wine-mirror/wine/blame/master/dlls/gdi32/objects.c#L224 https://github.com/wine-mirror/wine/blame/master/dlls/gdi32/emfdc.c#L223
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #5 from Eugene Savelov savelov@gmail.com --- Created attachment 70884 --> https://bugs.winehq.org/attachment.cgi?id=70884 part of gdi + relay trace
attaching trace - assuming which caused the exception - its visible that first gdi32.CloseEnhMetaFile(0521017a) is called, freeing gdi handle 0x521017a, and then when deleting another object (ee0a01c3) gdi tries to delete 0x521017a again.
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #6 from Eugene Savelov savelov@gmail.com --- Created attachment 70890 --> https://bugs.winehq.org/attachment.cgi?id=70890 checking for null pointer before deleting object data
function test after applying the patch - passed, exception does not happen
https://bugs.winehq.org/show_bug.cgi?id=51856
--- Comment #7 from Eugene Savelov savelov@gmail.com --- can not reproduce in latest wine master
https://bugs.winehq.org/show_bug.cgi?id=51856
Eugene Savelov savelov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #8 from Eugene Savelov savelov@gmail.com --- resolved by https://source.winehq.org/git/wine.git/commit/d85b700df9667e00c1408297da6050...
https://bugs.winehq.org/show_bug.cgi?id=51856
Eugene Savelov savelov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |d85b700df9667e00c1408297da6 | |05097ea628d82
https://bugs.winehq.org/show_bug.cgi?id=51856
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 6.21.
-
WineHQ Bugzilla