RFC [PATCH] ddraw: Prevent refcount underflow

Vincent Pelletier plr.vincent at gmail.com
Sun Sep 26 05:01:33 CDT 2010


Attached patch fixes a problem with Beetle Crazy Cup's VideoSetup.exe, which 
hangs at exit because some code tries to free ddraw surface on which a 
refcount underflow happened earlier in the execution.

Executing it with winedbg shows that the first call causing the underflow is 
triggered from game's binary:
Stopped on breakpoint 3 at 0x7ed494fc ddraw1_Release+0x2c 
[/home/vincent/git/wine/dlls/ddraw/ddraw.c:476] in ddraw
476	    ULONG ref = InterlockedDecrement(&ddraw->ref1);
Wine-dbg>print ddraw->ref1
=>0 0x7ed494fc ddraw1_Release+0x2c(iface=0x129e10) 
[/home/vincent/git/wine/dlls/ddraw/ddraw.c:476] in ddraw (0x0033fd24)
  1 0x00401d2c in videosetup (+0x1d2b) (0x0033fd5c)
  2 0x0040342b in videosetup (+0x342a) (0x0033fd84)
  3 0x004034f5 in videosetup (+0x34f4) (0x0033fda0)
  4 0x00402f65 in videosetup (+0x2f64) (0x0033fe04)
  5 0x00404a4e in videosetup (+0x4a4d) (0x0033fe90)
  6 0x7b8565bc call_process_entry+0xb() in kernel32 (0x0033fea8)
  7 0x7b8565bc call_process_entry+0xb() in kernel32 (0x0033fee8)
  8 0x7b858a9b start_process+0x5a(peb=0x536430) 
[/home/vincent/git/wine/dlls/kernel32/process.c:994] in kernel32 (0x0033fef8)
  9 0x7bc715f0 call_thread_func+0xb() in ntdll (0x0033ffc8)
  10 0x7bc717c0 call_thread_entry_point+0x6f(entry=0x7b858a40, arg=0x7ffdf000) 
[/home/vincent/git/wine/dlls/ntdll/signal_i386.c:2473] in ntdll (0x0033ffe8)
  11 0x7bc4cefa start_process+0x29(kernel_start=0x7b858a40) 
[/home/vincent/git/wine/dlls/ntdll/loader.c:2610] in ntdll (0x00000000)

Points on which I would like opinions:
- getting rid of the magic number
- need to check after InterlockedDecrement (in doubt I did, but the code is
  much less readable this way)
- couldn't it actually hide a refcount problem in wine ?
- if not, then would it be good to extend to other refcounts aswell or include
  in [a local wrapper for] InterlockedDecrement ?

 dlls/ddraw/ddraw.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ddraw-Prevent-refcount-underflow.patch
Type: text/x-patch
Size: 677 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20100926/00b01429/attachment.bin>

More information about the wine-devel mailing list