On 12/21/2017 09:22 AM, Alexandre Julliard wrote:
Zebediah Figura z.figura12@gmail.com writes:
Signed-off-by: Zebediah Figura z.figura12@gmail.com
This mitigates an intermittent failure in the tests for LockWindowUpdate() on the testbot, reducing it from a crash to a normal failure. For as-yet undetermined reasons, the test window is being minimized, causing GetPixel() to attempt to access memory around (-32000,-32000) pixels outside of the window's actual bitmap.
No matter how screwed up the window position may be, it shouldn't access memory outside of the bitmap. Any chance you could write a test reproducing this crash?
Sure. I've attached a simple test program that creates a window, minimizes it, and tries to get the pixel at (10,10). On my machine this crashes with the backtrace below. dibdrv_GetPixel() only appears to test whether the requested pixel is within the bounds of the DIB rect relative to the position of the DIB rect, so it doesn't prevent this.
window: (-32000,-32000)-(-31968,-31968) client: (0,0)-(32,32) wine: Unhandled page fault on read access to 0x7e0c769c at address 0x7ebfa5fd (thread 0009), starting debugger... Unhandled exception: page fault on read access to 0x7e0c769c in 32-bit code (0x7ebfa5fd). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7ebfa5fd ESP:0061fcac EBP:0061fce8 EFLAGS:00010207( R- -- I - -P-C) EAX:7e4aec9c EBX:0000000a ECX:001287b4 EDX:ffc18a00 ESI:001287b4 EDI:001287a8 Stack dump: 0x0061fcac: 7ebf1750 001287b4 0000000a 0000000a 0x0061fcbc: 7b63a000 0000000a 0000000a 0000000a 0x0061fccc: 70a93e00 00126d88 00010010 7ebf167b 0x0061fcdc: 0011d5f0 0000000a 001283d8 0061fd08 0x0061fcec: 7ebec9b3 001287a8 0000000a 0000000a 0x0061fcfc: 7ebec9f5 0000000a 0000000a 0061fd38 Backtrace: =>0 0x7ebfa5fd get_pixel_32+0x1d(dib=<is not available>, x=<is not available>, y=<is not available>) [/home/hazel/git/wine32/dlls/gdi32/../../../wine/dlls/gdi32/dibdrv/primitives.c:2009] in gdi32 (0x0061fce8) 1 0x7ebf1750 dibdrv_GetPixel+0xdf(dev=0x1287a8, x=0xa, y=0xa) [/home/hazel/git/wine32/dlls/gdi32/../../../wine/dlls/gdi32/dibdrv/graphics.c:1123] in gdi32 (0x0061fce8) 2 0x7ebec9b3 windrv_GetPixel+0x62(dev=<is not available>, x=0xa, y=0xa) [/home/hazel/git/wine32/dlls/gdi32/../../../wine/dlls/gdi32/dibdrv/dc.c:793] in gdi32 (0x0061fd08) 3 0x7ec562b7 GetPixel+0x66(hdc=<couldn't compute location>, x=<couldn't compute location>, y=<couldn't compute location>) [/home/hazel/git/wine32/dlls/gdi32/../../../wine/dlls/gdi32/painting.c:495] in gdi32 (0x0061fd38) 4 0x004016fe in gptest (+0x16fd) (0x0061fdc8) 5 0x0040291d in gptest (+0x291c) (0x0061fde8) 6 0x004013e2 in gptest (+0x13e1) (0x0061fec0) 7 0x7b461f8c call_process_entry+0xb() in kernel32 (0x0061fed8) 8 0x7b463892 start_process+0x111(entry=<couldn't compute location>, peb=<couldn't compute location>) [/home/hazel/git/wine32/dlls/kernel32/../../../wine/dlls/kernel32/process.c:1139] in kernel32 (0x0061ffd8) 9 0x7b461f9a start_process_wrapper+0x9() in kernel32 (0x0061ffec) 0x7ebfa5fd get_pixel_32+0x1d [/home/hazel/git/wine32/dlls/gdi32/../../../wine/dlls/gdi32/dibdrv/primitives.c:2009] in gdi32: movl 0x0(%eax,%edx,1),%eax 2009 return *ptr;