[Bug 2640] New: riched32 dereferences null pointer from WASTE

Wine Bugs wine-bugs at winehq.org
Tue Jan 4 17:36:08 CST 2005 

http://bugs.winehq.org/show_bug.cgi?id=2640

           Summary: riched32 dereferences null pointer from WASTE
           Product: Wine
           Version: 20041201
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: P2
         Component: wine-winelib
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: aerowolf at gmail.com


Hi, I just ported WASTE 1.0b to winelib.  It is unstable without native DLLs:

type 1 line, it shows up fine.
type 2 lines, they show up.
type 3 lines, the first two disappear.
type more than 3, all lines disappear.  Until you get to 7 or 8, at which point
the first line shows up again in the middle of the richedit box, and eventually
all the other lines show up.

When you try to select any of the text, and copy it to the clipboard, it
triggers a catastrophic failure:

wine: Unhandled exception (thread 0009), starting debugger...
WineDbg starting on pid 0x8
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x1028114b).
In 32 bit mode.
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:003b GS:0033
 EIP:1028114b ESP:1018eb00 EBP:1018eb1c EFLAGS:00010246(   - 00      -RIZP1)
 EAX:4eb8be80 EBX:1028fc5c ECX:45e03dc0 EDX:10293c30
 ESI:00000000 EDI:4eb8be80
Stack dump:
0x1018eb00:  00000000 1028fc5c 00000000 00000111
0x1018eb10:  1028fc5c 797c0488 00000111 1018eb50
0x1018eb20:  102849d7 4eb8be80 00000000 00000205
0x1018eb30:  00000000 006f0030 1018eb74 5f722481
0x1018eb40:  45e03dc0 45df634c 00000000 000100c2
0x1018eb50:  1018eb74 45d7ceb7 000100c2 00000111
Backtrace:
=>1 0x1028114b RTFSetEditStream+0x2b in riched32 (0x1018eb1c)
  2 0x102849d7 in riched32 (+0x49d7) (0x1018eb50)
  3 0x45d7ceb7 WINPROC_wrapper+0x17 in user32 (0x1018eb74)
  4 0x45d7d318 WINPROC_wrapper+0x478 in user32 (0x1018ebb4)
  5 0x45d83672 CallWindowProcA+0x192 in user32 (0x1018ebf8)
  6 0x4b10300f _Z15text_newWndProcP6HWND__jjl+0xa3 in waste (0x1018ec38)
  7 0x45d7ceb7 WINPROC_wrapper+0x17 in user32 (0x1018ec5c)
  8 0x45d7d318 WINPROC_wrapper+0x478 in user32 (0x1018ec9c)
  9 0x45d83904 CallWindowProcW+0x184 in user32 (0x1018f1ac)
  10 0x45d60042 DispatchMessageW+0x112 in user32 (0x1018f1d8)
  11 0x45d53823 IsDialogMessageW+0x103 in user32 (0x1018f338)
  12 0x45dbed19 IsDialogMessageA+0x59 in user32 (0x1018f370)
  13 0x4b1027d9 _Z20IsChatRoomDlgMessageP6tagMSG+0xe7 in waste (0x1018f3a0)
  14 0x4b118f3f WinMain+0x13bf in waste (0x1018fe90)
  15 0x4b0fa11c __wine_exe_main+0x11c in waste (0x1018ff20)
  16 0x5f70aed5 in kernel32 (+0x5aed5) (0x1018fff4)
  17 0x21a34c11 (0x00000000)
0x1028114b RTFSetEditStream+0x2b in riched32: movl      0x0(%esi),%eax

This is the Fedora Core 3 RPM release of 01Dec2004.  There is no older (i.e.,
riched20) implementation I can otherwise use.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the wine-bugs mailing list