[Bug 12307] firefox 3 crash on some web pages [dogfood]
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Aug 19 01:37:12 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=12307
--- Comment #20 from Michael Karcher <wine at mkarcher.dialup.fu-berlin.de> 2008-08-19 01:37:11 ---
Its an uniscript bug, not a Firefox bug.
ScriptPlace is called with hdc=0. According to MSDN this is OK, and means to
use cached metrics/indices information only. Wine puts a DC into the script
cache when it is created, and tries to use this DC to obtain font information,
regardless of what DC is passed. This is wrong. Wine must use the DC passed to
ScriptPlace instead. The crash is caused by the DC in the cache (which should
not be there!) being stale. The stale hDC creates a chain reaction that leads
to the crash:
a) GetGlyphIndicesW fails because of the stale DC in the cache. This failure
does not get propagated in ScriptPlace, so ScriptPlace returns garbage in it
output buffer without telling anyone that there is garbage.
b) ExtTextOutW is called with a valid DC and the uninitialized glyph index
list. This causes GetGlyphOutline to fail, as these uninitialized values are
invalid.
c) This causes UploadGlyph to fail.
d) This causes a crash in ExtTextOutW later.
The suggested patches fix d), which is worth fixing, but the real problem is
that Wine's SCRIPT_CACHE contains a DC the application might have (and firefox
does so) deleted a long time ago.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list