[Bug 23849] Hofmann photo album app has access violation dialog during startup
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Jul 31 06:10:06 CDT 2010
http://bugs.winehq.org/show_bug.cgi?id=23849
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |dotnet
CC| |focht at gmx.net
Component|-unknown |gdi32
--- Comment #1 from Anastasius Focht <focht at gmx.net> 2010-07-31 06:09:59 ---
Hello,
well it's a stupid app bug.
The app uses gdi32 font API incorrectly while trying to load (embedded) fonts
from its resources.
+tid,+seh,+font,+relay:
--- snip ---
...
0047:Call gdi32.AddFontMemResourceEx(00199050,00055fe1,00000000,00000001)
ret=0036a1c3
0047:trace:font:WineEngAddFontMemResourceEx Copying 352225 bytes of data from
0x199050 to 0x4cd9030
0047:trace:font:AddFontToList Loading font from ptr 0x4cd9030 size 352225,
index 0
0047:trace:font:get_familyname Got localised name L"Arial"
0047:trace:font:AddFontToList fsCsb = 400001ff ffff0000/00007a87 80000000
00000008 00000000
0047:trace:font:AddFontToList Added font L"Arial" L"Bold"
0047:trace:seh:raise_exception code=c0000005 flags=0 addr=0x201d327a
ip=201d327a tid=0047
0047:trace:seh:raise_exception info[0]=00000001
0047:trace:seh:raise_exception info[1]=00000001
0047:trace:seh:raise_exception eax=00000001 ebx=2020422c ecx=00000000
edx=00000001 esi=04cd9030 edi=20207f20
0047:trace:seh:raise_exception ebp=0032ea38 esp=0032ea00 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0047:trace:seh:call_vectored_handlers calling handler at 0x57ca3120
code=c0000005 flags=0
0047:trace:seh:call_vectored_handlers handler at 0x57ca3120 returned 0
0047:trace:seh:call_stack_handlers calling handler at 0x79fcc9ae code=c0000005
flags=0
--- snip ---
The app managed callstack:
--- snip ---
2010-07-31 10:18:51,512 [1] ERROR DigitalAlbum - SplashForm -> Set Font
System.AccessViolationException: Attempted to read or write protected memory.
This is often an indication that other memory is corrupt.
at HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32
cbFont, Int32 pdv, Int32 pcFonts)
at HofmannDigital.HelperFont.GetEmbeddedFonts()
at HofmannDigital.HelperFont.LoadEmbeddedFonts()
at HofmannDigital.HelperFont.GetPrivateFontFamily(String familyName)
at HofmannDigital.HelperFont.CreatePrivateFont(String familyName, Single
emSize, FontStyle style)
at HofmannDigital.Helper.CreateFont(String familyName, Single emSize,
FontStyle style, GraphicsUnit unit, Byte gdiCharSet)
at HofmannDigital.SplashForm.Initialize()
2010-07-31 10:18:51,527 [1] ERROR DigitalAlbum - SplashForm.Initialize
--- snip ---
The app's P/Invoke signature for gdi32.AddFontMemResourceEx() is wrong:
HofmannDigital.HelperFont.AddFontMemResourceEx(IntPtr pbFont, Int32 cbFont,
Int32 pdv, Int32 pcFonts)
Wine:
--- snip dlls/gdi32/freetype.c ---
HANDLE WineEngAddFontMemResourceEx(PVOID pbFont, DWORD cbFont, PVOID pdv, DWORD
*pcFonts)
--- snip dlls/gdi32/freetype.c ---
P/Invoke signature from:
http://www.pinvoke.net/default.aspx/gdi32.addfontmemresourceex
--- snip ---
[DllImport("gdi32.dll", ExactSpelling=true)]
private static extern IntPtr AddFontMemResourceEx(byte[] pbFont, int cbFont,
IntPtr pdv, out uint pcFonts)
--- snip ---
The App isn't passing pcFonts as out/ref param but as value (probably
initialized cFonts = 1 on its own). The compiler wont tell you that mistake due
to incorrect P/Invoke signature.
Not sure if Wine should fix such stupid apps/mistakes. Adding an SEH to
dlls/gdi32/freetype.c:WineEngAddFontMemResourceEx() seems like an overkill as
the found fonts count assigment is done _after_ the font(s) have already been
added.
Better would be a write ptr probing before doing any work (call to
AddFontToList()).
There is nothing mentioned regarding the validation of these parameters in MSDN
so this needs a test (NULL pcFonts, invalid pcFonts ptr -> 0xdeadbeef).
While you're at it the return values in error cases should be more consistent
(NULL vs. 0).
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list