This is my attempt at a fix for Helldivers crashing on startup. This is my first Wine patch and I don't know the msctf system. I'm removing a dereference because it *seems* like the right thing to do. It seems to pass the msctf tests on my Arch box. If someone with more knowledge of msctf can give this a review and see if it's sane that would be appreciated.
--------Patch below--------
Fixes https://bugs.winehq.org/show_bug.cgi?id=41252
ThreadMgr_QueryInterface is expecting ppvOut to be a pointer to a pointer. When UIElementMgr_QueryInterface calls the ThreadMgr_QueryInterface function it derefences the void **ppvOut making it a void *ppvOut when passing it in. When ThreadMgr_QueryInterface attempts to dereference this pointer to assign a pointer to it, it is instead accessing the value ppvOut is suppose to be pointing at. When the pointer ppvOut points to is NULL this causes a null pointer dereference
Tested on Arch Linux
Signed-off-by: Brock York twunknown@gmail.com --- dlls/msctf/threadmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/msctf/threadmgr.c b/dlls/msctf/threadmgr.c index e1f56f1..62ddfd2 100644 --- a/dlls/msctf/threadmgr.c +++ b/dlls/msctf/threadmgr.c @@ -1187,7 +1187,7 @@ static HRESULT WINAPI UIElementMgr_QueryInterface(ITfUIElementMgr *iface, REFIID { ThreadMgr *This = impl_from_ITfUIElementMgr(iface);
- return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, *ppvOut); + return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, ppvOut); }
static ULONG WINAPI UIElementMgr_AddRef(ITfUIElementMgr *iface)
On 12/09/2016 03:52 PM, Brock York wrote:
This is my attempt at a fix for Helldivers crashing on startup. This is my first Wine patch and I don't know the msctf system. I'm removing a dereference because it *seems* like the right thing to do. It seems to pass the msctf tests on my Arch box. If someone with more knowledge of msctf can give this a review and see if it's sane that would be appreciated.
Nothing to do with msctf, just plain COM. Good catch, your patch is correct. Please submit it to wine-patches@winehq.org.
thanks bye michael
--------Patch below--------
Fixes https://bugs.winehq.org/show_bug.cgi?id=41252
ThreadMgr_QueryInterface is expecting ppvOut to be a pointer to a pointer. When UIElementMgr_QueryInterface calls the ThreadMgr_QueryInterface function it derefences the void **ppvOut making it a void *ppvOut when passing it in. When ThreadMgr_QueryInterface attempts to dereference this pointer to assign a pointer to it, it is instead accessing the value ppvOut is suppose to be pointing at. When the pointer ppvOut points to is NULL this causes a null pointer dereference
Tested on Arch Linux
Signed-off-by: Brock York twunknown@gmail.com
dlls/msctf/threadmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/msctf/threadmgr.c b/dlls/msctf/threadmgr.c index e1f56f1..62ddfd2 100644 --- a/dlls/msctf/threadmgr.c +++ b/dlls/msctf/threadmgr.c @@ -1187,7 +1187,7 @@ static HRESULT WINAPI UIElementMgr_QueryInterface(ITfUIElementMgr *iface, REFIID { ThreadMgr *This = impl_from_ITfUIElementMgr(iface);
- return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, *ppvOut);
- return ITfThreadMgrEx_QueryInterface(&This->ITfThreadMgrEx_iface, iid, ppvOut);
}
static ULONG WINAPI UIElementMgr_AddRef(ITfUIElementMgr *iface)
-
Brock York -
Michael Stefaniuc