segfaults with last selection repaint patch in riched20

Phil Krylov phil at
Thu Aug 10 16:12:25 CDT 2006

Hi Krzysztof,

I was getting a segfault in ME_MarkForPainting() after that patch (BTW
great work), and started looking through the code. One thing I found
was obviously a typo which can be easily fixed (BTW I don't know for
sure but I'd also update pLastSelStartPara and pLastSelEndPara here):

--- a/dlls/riched20/paint.c
+++ b/dlls/riched20/paint.c
@@ -529,7 +529,7 @@ ME_InvalidateSelection(ME_TextEditor *ed
   /* last selection markers aren't always updated, which means
   they can point past the end of the document */
   if (editor->nLastSelStart > len)
-    editor->nLastSelEnd = len;
+    editor->nLastSelStart = len;
   if (editor->nLastSelEnd > len)
     editor->nLastSelEnd = len;

But it did not resolve my problem. I did not have time to find the
real reason for the segfault, but here is a quick hack which made the
segfault go away and can probably help you in finding the real reason.
Sorry, but I can't officially provide you with the failing application
 (IBM Translation Manager 6.0.9) which is proprietary and only for IBM
internal usage.

--- a/dlls/riched20/para.c
+++ b/dlls/riched20/para.c
@@ -94,7 +94,7 @@ void ME_MarkForWrapping(ME_TextEditor *e

 void ME_MarkForPainting(ME_TextEditor *editor, ME_DisplayItem *first,
ME_DisplayItem *last)
-  while(first != last)
+  while(first && first != last)
     first->member.para.nFlags |= MEPF_REPAINT;
     first = first->member.para.next_para;

The backtrace of the segfault was:
1 0x7d948cc0 ME_MarkForPainting+0x10(editor=0x11700f8,
first=0x11741d8, last=0x1173ac8)
[/home/phil/build/wine-git/dlls/riched20/para.c:99] in riched20
  2 0x7d948816 ME_InvalidateSelection+0x186(editor=0x11700f8)
[/home/phil/build/wine-git/dlls/riched20/paint.c:542] in riched20
  3 0x7d9442e9 RichEditANSIWndProc+0x22d9(hWnd=0x100b4, msg=0xb1,
wParam=0xe, lParam=0x117)
[/home/phil/build/wine-git/dlls/riched20/editor.c:1579] in riched20
  4 0x7d9466aa RichEdit10ANSIWndProc+0x3a(hWnd=0x100b4, msg=0xb1,
wParam=0xe, lParam=0x117)
[/home/phil/build/wine-git/dlls/riched20/editor.c:2598] in riched20

-- Ph.

