Hi, while working through the test reports in the appdb, i saw users submitting crashes with applications , all similar to bug 7380, so i decided to take it here. The applications that crash are *WinMerge (newest version) *BookWorms Adventures + several other PopCap games ( i tested them) *5 other applications listed under bug 7380.
So i know of at least 10 applications that crash this way. They all start fine using the "buggy pointer" patch from Rein Klazes below. However, i think it's becoming rahter strange that all these (just released!) applications pass buggy pointers, so i'm beginning to think the problem must be somewhere else. I've sent in a patch to work around this bug by an exception handler a few weeks ago, but that's likely not the way to go either then. Anyone an idea how to tackle this problem? Thanks.
diff --git a/dlls/winex11.drv/dib.c b/dlls/winex11.drv/dib.c index cec2058..4e61da4 100644 --- a/dlls/winex11.drv/dib.c +++ b/dlls/winex11.drv/dib.c @@ -3861,6 +3861,7 @@ INT X11DRV_SetDIBits( X11DRV_PDEVICE *ph X11DRV_DIB_IMAGEBITS_DESCR descr; BITMAP bitmap; LONG width, height, tmpheight; + int nrsrcbytes, dibpitch; INT result;
descr.physDev = physDev; @@ -3880,6 +3881,17 @@ INT X11DRV_SetDIBits( X11DRV_PDEVICE *ph
if (startscan + lines > height) lines = height - startscan;
+ + /* pointer check */ + dibpitch = ((width * descr.infoBpp + 23) &~23) / 8; + if( descr.compression) + nrsrcbytes = 1; + else { + nrsrcbytes = lines * dibpitch; + if( nrsrcbytes < 0) nrsrcbytes = - nrsrcbytes; + } + if( IsBadReadPtr( bits, nrsrcbytes)) return 0; + switch (descr.infoBpp) { case 1: @@ -3926,7 +3938,7 @@ INT X11DRV_SetDIBits( X11DRV_PDEVICE *ph descr.width = bitmap.bmWidth; descr.height = lines; descr.useShm = FALSE; - descr.dibpitch = ((descr.infoWidth * descr.infoBpp + 31) &~31) / 8; + descr.dibpitch = dibpitch; X11DRV_DIB_Lock( physBitmap, DIB_Status_GdiMod, FALSE ); result = X11DRV_DIB_SetImageBits( &descr ); X11DRV_DIB_Unlock( physBitmap, TRUE );
--------------------------------- New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes.
On 3/30/07, Louis. Lenders xerox_xerox2000@yahoo.co.uk wrote:
Hi, while working through the test reports in the appdb, i saw users submitting crashes with applications , all similar to bug 7380, so i decided to take it here. The applications that crash are *WinMerge (newest version) *BookWorms Adventures + several other PopCap games ( i tested them) *5 other applications listed under bug 7380.
So i know of at least 10 applications that crash this way. They all start fine using the "buggy pointer" patch from Rein Klazes below. However, i think it's becoming rahter strange that all these (just released!) applications pass buggy pointers, so i'm beginning to think the problem must be somewhere else. I've sent in a patch to work around this bug by an exception handler a few weeks ago, but that's likely not the way to go either then. Anyone an idea how to tackle this problem? Thanks.
I noticed WinMerge crashing, but I think it worked a number of wine versions back (wine-0.9.2x, with x being around 6-8). Please regression test it if you can, I don't currently have the time.
May the bug hunt go well, Damjan
-
Damjan Jovanovic -
Louis. Lenders