[Bug 51496] On KDE riched20:editor triggers a clipboard infinite loop, crashing explorer.exe
WineHQ Bugzilla
wine-bugs at winehq.org
Sat Jul 24 08:11:49 CDT 2021
https://bugs.winehq.org/show_bug.cgi?id=51496
Bernhard Übelacker <bernhardu at mailbox.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bernhardu at mailbox.org
--- Comment #1 from Bernhard Übelacker <bernhardu at mailbox.org> ---
Created attachment 70343
--> https://bugs.winehq.org/attachment.cgi?id=70343
Remove in release_clipboard entries where the depending entry got removed.
I tried to collect some more information.
As far as I see in wineservers clipboard objects format list appears an entry
similar to that one with id=13=CF_UNICODETEXT:
(rr) print *(struct clip_format *)clipboard->formats->next
$148 = {entry = {}, id = 13, from = 0, seqno = 10, size = 0, data = 0x0}
A little later it looks like another entry appears that is derived from
that one, this with id=1=CF_TEXT:
(rr) print *(struct clip_format *)clipboard->formats->next->...next->next
$154 = {entry = {}, id = 1, from = 13, seqno = 16, size = 0, data = 0x0}
Then in a request release_clipboard the first entry gets removed from the list.
(rr) print *(struct clip_format *)clipboard->formats->next->...->next
$57 = {entry = {}, id = 13, from = 1, seqno = 18, size = 0, data = 0x0}
And now a call GetClipboardData(CF_UNICODETEXT) by explorer.exe
recreates an entry with id=13=CF_UNICODETEXT, but now with from=1=CF_TEXT:
That way GetClipboardData never returns because the wineserver request
CF_UNICODETEXT returns the depending CF_TEXT and vice versa.
(rr) bt
#0 GetClipboardData at 4 (format=1) at dlls/user32/clipboard.c:1035
#1 0x6ed0f4e6 in GetClipboardData at 4 () at dlls/user32/clipboard.c:581
#2 0x6ed0f4e6 in GetClipboardData at 4 () at dlls/user32/clipboard.c:581
#3 0x6ed0f4e6 in GetClipboardData at 4 () at dlls/user32/clipboard.c:581
#4 0x6ed0f4e6 in GetClipboardData at 4 () at dlls/user32/clipboard.c:581
#5 0x6ed0f4e6 in GetClipboardData at 4 () at dlls/user32/clipboard.c:581
#6 0x7e702b48 in export_selection () at dlls/winex11.drv/clipboard.c:1505
#7 0x7e7041db in X11DRV_SelectionRequest at dlls/winex11.drv/clipboard.c:2120
#8 0x7e708dba in call_event_handler () at dlls/winex11.drv/event.c:405
#9 0x7e708f2b in process_events () at dlls/winex11.drv/event.c:460
#10 0x7e7090c4 in X11DRV_MsgWaitForMultipleObjectsEx event.c:500
#11 0x6edad1f3 in wait_message () at dlls/user32/winproc.c:1164
#12 0x6ed6025b in wait_objects () at dlls/user32/message.c:3007
#13 0x6ed68b46 in GetMessageW at 16 () at dlls/user32/message.c:3815
#14 0x7e704024 in clipboard_thread () at dlls/winex11.drv/clipboard.c:2071
#15 0x7b62e250 in WriteTapemark at 16 ()
Attached draft patch is an attempt to remove also the entry with from=13,
when the entry with id=13 is removed in release_clipboard.
Then I could not observe the crash, but some tests fail,
maybe visible because of the KDE desktop.
It passed here: https://testbot.winehq.org/JobDetails.pl?Key=94491
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list