[bug2018 indirectly] Trap in mixerGetLineControlA
Ann and Jason Edmeades
us at the-edmeades.demon.co.uk
Mon Mar 14 16:34:05 CST 2005
I was trying to reproduce a problem in a game to see if it still existed but
couldn't actually run it. Debugging showed our Unification caused a trap
because we tried to allocate a massive block, failed (silently), left a null
pointer which was subsequently dereference.
The reason is in mixerGetLineControlsA we are passed an ASCII structure +
what to do. The MSDN documents the cControls field MUST be populated to the
number of controls, and we currently multiply that by the size of a
structure and try to allocate it. However this game doesn't fill it in, and
the value is a residual value off the stack.
Debugging windows shows it *specifically* looks for the case where the parm
is 2 (ie MIXER_GETLINECONTROLSSF_ONEBYTYPE) and if it is that, allocates 1x
sizeof(structure). I have modified our code to do the same. I couldn't think
of a testcase which could prove precisely this was the case so here's the
patch.
Also, game tested 'thoroughly' under wine to confirm the actual bug didn't
appear for me either :-))
Changelog
Avoid trap in mixerGetLineControlsA when cControls is uninitialized and
MIXER_GETLINECONTROLSSF_ONEBYTYPE requested.
Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug2018.patch
Type: application/octet-stream
Size: 995 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20050314/af27e36e/bug2018.obj
More information about the wine-patches
mailing list