[Bug 24249] Firestarter Demo crashes with page fault on read access on start

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Sep 3 10:22:32 CDT 2010


http://bugs.winehq.org/show_bug.cgi?id=24249

--- Comment #3 from Henri Verbeet <hverbeet at gmail.com> 2010-09-03 10:22:32 CDT ---
(In reply to comment #2)
> There might be another problem when WINED3DTSS_FORCE_DWORD is triggered (e.g.
> Type == 0). So it could happen that there is also an access violation on read
> access.

Yeah, something like the following should work:

if (Type >= sizeof(tss_lookup) / sizeof(*tss_lookup)) Type = 0;
l = &tss_lookup[Type];
if (l->state == WINED3DTSS_FORCE_DWORD)
{
    *pValue = 0;
    return D3D_OK;
}

Note that there are some more places with constructions like this, at the very
least IDirect3DDevice8Impl_SetTextureStageState(). We probably don't want a
test for this though, I think it's accessing beyond the end of the array on
native as well, it's just that native probably doesn't have the extra level of
indirection.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list