Module: wine Branch: master Commit: a7cdf6e110e8d5caaafd59e4f8eba117fbc3cd12 URL: http://source.winehq.org/git/wine.git/?a=commit;h=a7cdf6e110e8d5caaafd59e4f8...

Author: Alexandre Julliard julliard@winehq.org Date: Thu Jan 24 10:21:17 2008 +0100

winex11: Catch DIB memory accesses that touch the last page beyond the DIB bits end.

---

dlls/winex11.drv/dib.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/dlls/winex11.drv/dib.c b/dlls/winex11.drv/dib.c index fc71c24..a95783e 100644 --- a/dlls/winex11.drv/dib.c +++ b/dlls/winex11.drv/dib.c @@ -19,6 +19,7 @@ */

#include "config.h" +#include "wine/port.h"

#include <X11/Xlib.h> #ifdef HAVE_LIBXXSHM @@ -4302,6 +4303,7 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep ) BOOL found = FALSE; BYTE *addr; struct list *ptr; + const size_t pagemask = getpagesize() - 1;

if (ep->ExceptionRecord->ExceptionCode != EXCEPTION_ACCESS_VIOLATION) return EXCEPTION_CONTINUE_SEARCH; @@ -4312,7 +4314,8 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep ) LIST_FOR_EACH( ptr, &dibs_list ) { physBitmap = LIST_ENTRY( ptr, X_PHYSBITMAP, entry ); - if ((physBitmap->base <= addr) && (addr < physBitmap->base + physBitmap->size)) + if ((physBitmap->base <= addr) && + (addr < physBitmap->base + ((physBitmap->size + pagemask) & ~pagemask))) { found = TRUE; break; @@ -4322,6 +4325,9 @@ static LONG CALLBACK X11DRV_DIB_FaultHandler( PEXCEPTION_POINTERS ep )

if (!found) return EXCEPTION_CONTINUE_SEARCH;

+ if (addr >= physBitmap->base + physBitmap->size) + WARN( "%p: access to %p beyond the end of the DIB\n", physBitmap->hbitmap, addr ); + X11DRV_DIB_Lock( physBitmap, DIB_Status_None ); if (ep->ExceptionRecord->ExceptionInformation[0] == EXCEPTION_WRITE_FAULT) { /* the app tried to write the DIB bits */