[PATCH 0/1] MR5305: ddraw: Release only valid texture parents on ddraw_texture_init failure.
When ddraw_texture_init needs to clean up on failure, it will call the wined3d_texture_get_sub_resource_parent function on draw_texture in order to retrieve its parent for a IDirectDrawSurface release call. However, if draw_texture is NULL, then the function call will crash due to a null pointer dereference.
Therefore, on failure cleanup, the release operation on the texture parent should only be performed if draw_texture is not NULL.
This fixes a crash in the Virtual Insanity game demo.
From: Andrew Nguyen arethusa26@gmail.com
When ddraw_texture_init needs to clean up on failure, it will call the wined3d_texture_get_sub_resource_parent function on draw_texture in order to retrieve its parent for a IDirectDrawSurface release call. However, if draw_texture is NULL, then the function call will crash due to a null pointer dereference.
Therefore, on failure cleanup, the release operation on the texture parent should only be performed if draw_texture is not NULL.
This fixes a crash in the Virtual Insanity game demo. --- dlls/ddraw/surface.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/dlls/ddraw/surface.c b/dlls/ddraw/surface.c index d0c4bf67cbc..a096c5d7d8e 100644 --- a/dlls/ddraw/surface.c +++ b/dlls/ddraw/surface.c @@ -6519,15 +6519,17 @@ static HRESULT ddraw_texture_init(struct ddraw_texture *texture, struct ddraw *d
fail: if (draw_texture) + { wined3d_texture_decref(draw_texture);
- parent = wined3d_texture_get_sub_resource_parent(draw_texture, 0); - if (texture->version == 7) - IDirectDrawSurface7_Release(&parent->IDirectDrawSurface7_iface); - else if (texture->version == 4) - IDirectDrawSurface4_Release(&parent->IDirectDrawSurface4_iface); - else - IDirectDrawSurface_Release(&parent->IDirectDrawSurface_iface); + parent = wined3d_texture_get_sub_resource_parent(draw_texture, 0); + if (texture->version == 7) + IDirectDrawSurface7_Release(&parent->IDirectDrawSurface7_iface); + else if (texture->version == 4) + IDirectDrawSurface4_Release(&parent->IDirectDrawSurface4_iface); + else + IDirectDrawSurface_Release(&parent->IDirectDrawSurface_iface); + } return hr; }
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=144052
Your paranoid android.
=== debian11b (64 bit WoW report) ===
d3dx10_34: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011E3980. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011B4D80. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011E3B50. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011B60D0. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011BE6C0.
d3dx10_35: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 0000000001239D10. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011D3AA0. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011D3C70. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011D3AA0. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011D3C70.
d3dx10_36: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011BB900. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011B5D20. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011BB6A0. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011B5D20. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011D18E0.
d3dx10_37: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 0000000001239C20. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 0000000001239D20. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 0000000001239C20. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011D3E90. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 0000000001195A50.
d3dx10_38: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011D57E0. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011D57E0. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011D57E0. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011BB620.
d3dx10_39: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 0000000001195800. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011D1B50. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011D1B50. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011B5DE0. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011D5650.
d3dx10_40: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011A4690. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011A4860. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011A4A30. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011D5530. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011D5700.
d3dx10_41: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011C37C0. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011D1820. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011C3440. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011C3440. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011D1820.
d3dx10_42: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 00000000011B4EC0. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011E3D80. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011E3990. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011BB870. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011BB6A0.
d3dx10_43: d3dx10.c:4380: Test succeeded inside todo block: Got unexpected effect 0000000001239D60. d3dx10.c:4470: Test succeeded inside todo block: Got unexpected effect 00000000011A4A60. d3dx10.c:4480: Test succeeded inside todo block: Got unexpected effect 00000000011D5720. d3dx10.c:4589: Test succeeded inside todo block: Got unexpected effect 00000000011BB560. d3dx10.c:4599: Test succeeded inside todo block: Got unexpected effect 00000000011B6050.
This merge request was approved by Zebediah Figura.
Approving because this is strictly an improvement, but this cleanup path is gross to begin with. It would be better if we release the wined3d texture last. It won't be destroyed because the ddraw surface is holding a reference to it, so the code works anyway, but it looks wrong.
This merge request was approved by Jan Sikorski.
-
Andrew Nguyen -
Andrew Nguyen (@arethusa)
-
Jan Sikorski (@jsikorski)
-
Marvin -
Zebediah Figura (@zfigura)