March 2025 - wine-gitlab

[PATCH 0/1] MR7544: ieframe: Enter reallocation path one position earlier (ASan).
by Bernhard Übelacker (＠bernhardu) 11 Mar '25

11 Mar '25

Trying to browse through the debugger.chm from an old windbg version with hh.exe, I encountered below ASan message. The reallocation path was not entered when `This->travellog.size < This->travellog.position+1`, with e.g. size == 4 and position == 3. Unfortunately the increment of position takes place a few lines later, therefore writing at index 4 of array with size 4. ``` ================================================================= ==hh.exe==316==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7e99833c9a80 at pc 0x6ffffe8490da bp 0x7ffffe1fea70 sp 0x7ffffe1feab0 WRITE of size 16 at 0x7e99833c9a80 thread T0 #0 0x6ffffe8490d9 in __asan_memset /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt\lib/asan/asan_interceptors_memintrinsics.cpp:67:3 #1 0x6ffffa7cb968 in update_travellog /home/bernhard/data/entwicklung/2025/wine\wine/dlls/ieframe/dochost.c:471:59 #2 0x6ffffa7caf09 in ClOleCommandTarget_Exec /home/bernhard/data/entwicklung/2025/wine\wine/dlls/ieframe/dochost.c:780:13 #3 0x6ffff929b38a in IOleCommandTarget_Exec /home/bernhard/data/entwicklung/2025/wine/wine-build/llvm-newwow64-asan-pe/obj\include\docobj.h:848:12 #4 0x6ffff929ad8c in notify_travellog_update /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/persist.c:71:9 #5 0x6ffff929a82b in set_current_mon /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/persist.c:108:17 #6 0x6ffff923abb7 in navigate_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/navigate.c:2155:9 #7 0x6ffff92d43df in hidden_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/task.c:398:17 #8 0x6ffffd3f3c8e in WINPROC_wrapper /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c:86:12 #9 0x6ffffd3f28c8 in call_window_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c:111:15 #10 0x6ffffd3f2ab2 in dispatch_win_proc_params /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c #11 0x6ffffd3df4fb in dispatch_message /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/message.c:804:14 #12 0x6ffffd3df5a1 in DispatchMessageW /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/message.c:890:16 #13 0x6ffffdc63d8e in doWinMain /home/bernhard/data/entwicklung/2025/wine\wine/dlls/hhctrl.ocx/hhctrl.c:580:9 #14 0x000140001036 in WinMain /home/bernhard/data/entwicklung/2025/wine\wine/programs/hh/main.c:34:12 #15 0x00014000118f in main /home/bernhard/data/entwicklung/2025/wine\wine/dlls/msvcrt/crt_winmain.c:53:12 #16 0x0001400010b5 in mainCRTStartup /home/bernhard/data/entwicklung/2025/wine\wine/dlls/msvcrt/crt_main.c:58:11 #17 0x6fffffc3565e in BaseThreadInitThunk /home/bernhard/data/entwicklung/2025/wine\wine/dlls/kernel32/thread.c:61:24 #18 0x6fffffdbba1a in RtlUserThreadStart (C:\windows\system32\ntdll.dll+0x17004ba1a) 0x7e99833c9a80 is located 0 bytes after 64-byte region [0x7e99833c9a40,0x7e99833c9a80) allocated by thread T0 here: #0 0x6ffffe84a4a1 in malloc /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt\lib/asan/asan_malloc_win.cpp:80:3 #1 0x6ffffa7cb68b in update_travellog /home/bernhard/data/entwicklung/2025/wine\wine/dlls/ieframe/dochost.c:437:31 #2 0x6ffffa7caf09 in ClOleCommandTarget_Exec /home/bernhard/data/entwicklung/2025/wine\wine/dlls/ieframe/dochost.c:780:13 #3 0x6ffff929b38a in IOleCommandTarget_Exec /home/bernhard/data/entwicklung/2025/wine/wine-build/llvm-newwow64-asan-pe/obj\include\docobj.h:848:12 #4 0x6ffff929ad8c in notify_travellog_update /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/persist.c:71:9 #5 0x6ffff929a82b in set_current_mon /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/persist.c:108:17 #6 0x6ffff923abb7 in navigate_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/navigate.c:2155:9 #7 0x6ffff92d43df in hidden_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/mshtml/task.c:398:17 #8 0x6ffffd3f3c8e in WINPROC_wrapper /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c:86:12 #9 0x6ffffd3f28c8 in call_window_proc /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c:111:15 #10 0x6ffffd3f2ab2 in dispatch_win_proc_params /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/winproc.c #11 0x6ffffd3df4fb in dispatch_message /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/message.c:804:14 #12 0x6ffffd3df5a1 in DispatchMessageW /home/bernhard/data/entwicklung/2025/wine\wine/dlls/user32/message.c:890:16 #13 0x6ffffdc63d8e in doWinMain /home/bernhard/data/entwicklung/2025/wine\wine/dlls/hhctrl.ocx/hhctrl.c:580:9 #14 0x000140001036 in WinMain /home/bernhard/data/entwicklung/2025/wine\wine/programs/hh/main.c:34:12 #15 0x00014000118f in main /home/bernhard/data/entwicklung/2025/wine\wine/dlls/msvcrt/crt_winmain.c:53:12 #16 0x0001400010b5 in mainCRTStartup /home/bernhard/data/entwicklung/2025/wine\wine/dlls/msvcrt/crt_main.c:58:11 #17 0x6fffffc3565e in BaseThreadInitThunk /home/bernhard/data/entwicklung/2025/wine\wine/dlls/kernel32/thread.c:61:24 #18 0x6fffffdbba1a in RtlUserThreadStart (C:\windows\system32\ntdll.dll+0x17004ba1a) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bernhard/data/entwicklung/2025/wine\wine/dlls/ieframe/dochost.c:471:59 in update_travellog Shadow bytes around the buggy address: 0x7e99833c9800: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd 0x7e99833c9880: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd 0x7e99833c9900: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa 0x7e99833c9980: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd 0x7e99833c9a00: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00 =>0x7e99833c9a80:[fa]fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa 0x7e99833c9b00: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd 0x7e99833c9b80: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 fa 0x7e99833c9c00: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa 0x7e99833c9c80: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd 0x7e99833c9d00: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ``` -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7544

3 3

Re: [PATCH v26 0/1] MR6884: Iphlpapi.dll: Included SendARP
by Thi Garlet (＠garlett) 11 Mar '25

11 Mar '25

On Mon Mar 3 23:25:58 2025 +0000, Thi Garlet wrote: > I think I saw ResolveIpNetEntry2() function documentation in the past. > Maybe because I could not find sources(help please), end up not using > it. Or I asked somebody. Not sure. > Does ResolveIpNetEntry2() need linux privileges ? > Thanks @huw, looking at [netioapi](https://gitlab.winehq.org/wine/wine/-/blob/master/include/netioap…, I found some functions from [IP Helper overview](https://learn.microsoft.com/en-us/windows-hardware/drivers/networ…, but ResolveIpNetEntry2() is not there. The SendARP() is workig, is something missing to merge ? thanks -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6884#note_97423

1 0

Re: [PATCH v3 0/6] MR7530: win32u, server: Improve tracking mouse messages from pointer messages.
by Paul Gofman (＠gofman) 11 Mar '25

11 Mar '25

v2: - move 'always_queue' send_hardarw_message parameter change to a later patch. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7530#note_97422

1 0

Re: [PATCH v3 0/6] MR7530: win32u, server: Improve tracking mouse messages from pointer messages.
by Paul Gofman (＠gofman) 11 Mar '25

11 Mar '25

On Tue Mar 11 09:22:36 2025 +0000, Rémi Bernon wrote: > Do we really need to call back into wineserver? Seems unfortunate, maybe > there's a better way? I don't see how to avoid that in principle? - the logic is triggered by calling DefWindowProc, so we can't avoid some action from DefWindowProc; - after WM_POINTERUPDATE with changing coordinates the messages should be generated (and, separately, updating cursor position) regardless of DefWindowProc calls; also generating that in DefWindowProc ever is clumsy because NtUserSendHardwareInput() can't generate the exact message we need, that would need some custom interface (and won't avoid a server call to send message anyway); - we could in principle stop sending those `track_mouse_from_pointer` calls once the tracking switched to server side (by returning the corresponding flag from this call and tracking this part of state in thread data), but we also want to update driver cursor position which seems to cope nicely with this call, in that case it would need to be done in some other more complicated ways. So reducing the amount of those calls (by not sending them once server tracking started) is possible but it will require these parts. I thought it doesn't add too much of calls, do you think it worth it? -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7530#note_97421

1 0

Re: [PATCH v3 0/6] MR7530: win32u, server: Improve tracking mouse messages from pointer messages.
by Paul Gofman (＠gofman) 11 Mar '25

11 Mar '25

On Tue Mar 11 09:22:36 2025 +0000, Rémi Bernon wrote: > This changes always_queue from 0 to 1, is it intentional? This is intentional because all the tracking and logic is to be done in the new track_mouse_message_from_pointer(), in a view of that some logic to skip mouse message generation in queue_hardware_message() looks misleading as best. But it doesn't belong to this patch actually, I am moving this change to the patch where track_mouse_message_from_pointer() is introduced. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7530#note_97420

1 0

Re: [PATCH v40 0/1] MR7400: cmd: Allow any key to continue past DIR /P pauses.
by Rémi Bernon (＠rbernon) 11 Mar '25

11 Mar '25

This broke the cmd.exe:batch tests. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7400#note_97418

1 0

[PATCH v3 0/2] MR7517: ntdll: Do not fail NtCreateUserProcess() if requested access doesn't have PROCESS_CREATE_THREAD.
by Paul Gofman (＠gofman) 11 Mar '25

11 Mar '25

-- v3: ntdll: Do not fail NtCreateUserProcess() if requested access doesn't have PROCESS_CREATE_THREAD. https://gitlab.winehq.org/wine/wine/-/merge_requests/7517

2 3

[PATCH 0/1] MR7543: win32u: Don't set foreground window if window is minimized.
by Rémi Bernon (＠rbernon) 11 Mar '25

11 Mar '25

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/7543

2 1

[PATCH 0/3] MR7542: ws2_32: Implement WSALookupService for Bluetooth device discovery.
by Vibhav Pant (＠vibhavp) 11 Mar '25

11 Mar '25

This MR adds an initial implementation of the winsock `WSALookupsService*` methods for performing Bluetooth device discovery (`LUP_CONTAINERS`). Pending !7472, the code will also eventually support performing device inquiry scans. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7542

2 3

[PATCH v2 0/4] MR7505: d3dx9: Partially implement ID3DXEffect::SetRawValue().
by Connor McAdams (＠cmcadams) 11 Mar '25

11 Mar '25

This patch series implements `ID3DXEffect::SetRawValue()` for the simplest cases, which are vec4s and matrix 4x4s. -- v2: d3dx9: Fixup return values for D3DXPT_BOOL parameters in ID3DXEffect::GetValue(). d3dx9: Add support for setting 4x4 matrices in ID3DXEffect::SetRawValue(). d3dx9: Partially implement ID3DXEffect::SetRawValue(). d3dx9/tests: Add tests for ID3DXEffect::SetRawValue(). https://gitlab.winehq.org/wine/wine/-/merge_requests/7505

3 11

2025

2024

2023

2022

wine-gitlab March 2025