[Bug 43408] Quest 5.7.x (.NET 4.0 WPF app) crashes on direct access of MIL4 (Media Integration Layer, wpfgfx_v0400.dll) to internal bitmap struct/class impl (depends on exact layout)

WineHQ Bugzilla wine-bugs at winehq.org
Thu Jan 14 09:45:44 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=43408

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Fixed by SHA1|                            |f6cab98d4b7c423ef9487657b88
                   |                            |c6ff6f8eb452f
                URL|https://github.com/textadve |https://web.archive.org/web
                   |ntures/quest/releases/downl |/20210114142858/https://git
                   |oad/v5.7.1/quest571.exe     |hub.com/textadventures/ques
                   |                            |t/releases/download/v5.7.1/
                   |                            |quest571.exe
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

as already mentioned in my comment #4, the bug can't be reproduced with
mainline Wine 2.x series since it depends on Wine-Staging patchset. With
mainline Wine the following crash is encountered instead:

--- snip ---
...
err:eventlog:ReportEventW L"Application: Quest.exe\nFramework Version:
v4.0.30319\nDescription: The process was terminated due to an unhandled
exception.\nException Info: System.AccessViolationException\nStack:\n   at
MS.Internal.Text.TextInterface.Font.CreateFontFace()\n   at
MS.Internal.Text.TextInterface.Font.AddFontFaceToCa"...
fixme:advapi:DeregisterEventSource (0xcafe4242) stub

Unhandled Exception: System.AccessViolationException: Attempted to read or
write protected memory. This is often an indication that other memory is
corrupt.
   at MS.Internal.Text.TextInterface.Font.CreateFontFace()
   at MS.Internal.Text.TextInterface.Font.AddFontFaceToCache()
   at MS.Internal.Text.TextInterface.Font.GetFontFace()
   at MS.Internal.FontCache.FontFaceLayoutInfo.IntMap.TryGetValues(UInt32*
pKeys, UInt32 characterCount, UInt16* pIndices)
   at
System.Windows.Media.GlyphTypeface.GetGlyphMetricsAndIndicesOptimized(UInt32*
pCodepoints, Int32 characterCount, Double emSize, UInt16[] glyphIndices,
GlyphMetrics[] glyphMetrics, TextFormattingMode textFormattingMode, Boolean
isSideways)
   at
System.Windows.Media.GlyphTypeface.GetGlyphMetricsOptimized(CharacterBufferRange
characters, Double emSize, UInt16[] glyphIndices, GlyphMetrics[] glyphMetrics,
TextFormattingMode textFormattingMode, Boolean isSideways)
   at
System.Windows.Media.Typeface.CheckFastPathNominalGlyphs(CharacterBufferRange
charBufferRange, Double emSize, Double scalingFactor, Double widthMax, Boolean
keepAWord, Boolean numberSubstitution, CultureInfo cultureInfo,
TextFormattingMode textFormattingMode, Boolean isSideways, Int32&
stringLengthFit)
   at
MS.Internal.TextFormatting.SimpleRun.CreateSimpleTextRun(CharacterBufferRange
charBufferRange, TextRun textRun, TextFormatterImp formatter, Int32 widthLeft,
Boolean emergencyWrap)
   at MS.Internal.TextFormatting.SimpleRun.Create(FormatSettings settings,
CharacterBufferRange charString, TextRun textRun, Int32 cp, Int32 cpFirst,
Int32 runLength, Int32 widthLeft)
   at MS.Internal.TextFormatting.SimpleTextLine.Create(FormatSettings settings,
Int32 cpFirst, Int32 paragraphWidth)
   at MS.Internal.TextFormatting.TextFormatterImp.FormatLineInternal(TextSource
textSource, Int32 firstCharIndex, Int32 lineLength, Double paragraphWidth,
TextParagraphProperties paragraphProperties, TextLineBreak previousLineBreak,
TextRunCache textRunCache)
   at MS.Internal.TextFormatting.TextFormatterImp.FormatLine(TextSource
textSource, Int32 firstCharIndex, Double paragraphWidth,
TextParagraphProperties paragraphProperties, TextLineBreak previousLineBreak,
TextRunCache textRunCache)
   at System.Windows.Controls.TextBlock.MeasureOverride(Size constraint)
...
Backtrace:
=>0 0x001100a8 (0x0033b728)
  1 0x7d5bbb57 factory_get_cached_fontface+0x116(iface=0x5ec0b00,
font_files=0x5f381ec, index=0, simulations=DWRITE_FONT_SIMULATIONS_NONE,
font_face=0x33b8c8, cached_list=0x33b7d0)
[/home/focht/projects/wine/mainline-build-2.14-i686/dlls/dwrite/../../include/dwrite_3.h:4868]
in dwrite (0x0033b798)
  2 0x7d5a4c37 get_fontface_from_font+0x46(font=<is not available>,
fontface=<is not available>)
[/home/focht/projects/wine/mainline-src-2.14/dlls/dwrite/font.c:1380] in dwrite
(0x0033b808)
  3 0x7d5a4cf3 dwritefont3_CreateFontFace+0x32(iface=<is not available>,
fontface=<is not available>)
[/home/focht/projects/wine/mainline-src-2.14/dlls/dwrite/font.c:1666] in dwrite
(0x0033b838)
  4 0x7d5974b7 dwritefont_CreateFontFace+0x36(iface=<is not available>,
fontface=<is not available>)
[/home/focht/projects/wine/mainline-build-2.14-i686/dlls/dwrite/../../include/dwrite_3.h:1208]
in dwrite (0x0033b878)
  5 0x064e0713 (0x0033b8d8)
...
--- snip ---

That one went away with Wine 2.15 release. It was likely one of these:

--- snip ---
$ git log --oneline  wine-2.14...wine-2.15 -- dlls/dwrite
eb212c1939b dwrite: Simplify GetFontSignature().
b93d9d93e78 dwrite: Added a helper to check for supported characters.
fb5079d8870 dwrite: Protect cached fontface list when accessed from multiple
threads.
--- snip ---

Now to the original problem, related to Wine-Staging patchset:

https://github.com/wine-compholio/wine-staging/tree/v2.12/patches/windowscodecs-IMILBitmapSource

The aforementioned patchset was removed in this large rebase here:

https://github.com/wine-staging/wine-staging/commit/1b7ebd3bb8b7fc6fa3347da8de4fc528c89adc38
(Part of Wine-Staging 4.9 release).

I'm not in favour of doing things this way. Patch removal should be always
per-patchset (atomic) commits like patch additions and not be buried together
with rebase/updates of other unrelated patchsets. It messes up the tracebility.

Relevant mainline commits that causes removal from Wine-Staging:

*
https://source.winehq.org/git/wine.git/commitdiff/f6cab98d4b7c423ef9487657b88c6ff6f8eb452f
("windowscodecs: Improve compatibility of IMILBitmap interface.")

*
https://source.winehq.org/git/wine.git/commitdiff/36095e2dedb264b207fbeae9f7f4b986a895c46e
("windowscodecs: Add support for IMILBitmapScaler interface.")

Part of Wine 4.9 release.

Thanks Dmitry

The removed patch from Wine-Staging:

https://github.com/wine-staging/wine-staging/blob/6ce73c283d4953e348ef87e237c4d29b933abadb/patches/windowscodecs-IMILBitmapSource/0001-windowscodecs-Improve-compatibility-of-IMILBitmapSou.patch

and the commit in mainline:

https://source.winehq.org/git/wine.git/commitdiff/f6cab98d4b7c423ef9487657b88c6ff6f8eb452f

are not exactly the same. Bug 34764 targeted MIL 3.x while this bug 43408
targets MIL 4.x compat. The final version fixed both cases.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list