[PATCH v2] urlmon: Always report available data before stop_binding.
Jacek Caban
jacek at codeweavers.com
Wed Jan 5 15:07:08 CST 2022
On 1/5/22 16:49, Jacek Caban wrote:
> On 1/5/22 08:22, Rémi Bernon wrote:
>> On 1/4/22 23:23, Jacek Caban wrote:
>>> Hi Rémi,
>>>
>>> On 1/4/22 21:31, Rémi Bernon wrote:
>>>> The HTML launcher of several Rebellion games (all probably based on
>>>> the
>>>> same code) use a custom protocol handler which calls ReportResult in
>>>> LockRequest, causing an invalid memory access when OnDataAvailable
>>>> callback is called, as the binding has already been stopped and
>>>> terminated.
>>>>
>>>> Wine-Bug:https://bugs.winehq.org/show_bug.cgi?id=46213
>>>> Wine-Bug:https://bugs.winehq.org/show_bug.cgi?id=52286
>>>> Signed-off-by: Rémi Bernon<rbernon at codeweavers.com>
>>>> ---
>>>>
>>>> v2: Use an even more ad-hoc flag to detect LockRequest calls during
>>>> ReportData.
>>>>
>>>> dlls/mshtml/tests/htmldoc.c | 18 +++++++++++++++++-
>>>> dlls/urlmon/binding.c | 23 +++++++++++++++++++++++
>>>> 2 files changed, 40 insertions(+), 1 deletion(-)
>>>
>>>
>>> Those tests in htmldoc.c are a few layers above the problem, so they
>>> are not very informative. I did a quick experiment (see the
>>> attachment) with more precise test and an ad-hoc fix. It still needs
>>> better understanding, but does it help in your case?
>>>
>>>
>>> Thanks,
>>>
>>> Jacek
>>
>> Hi Jacek,
>>
>> I must admit that I have very little idea how all this urlmon thing
>> works or does. Your patch only partially fix the launcher issue (it
>> doesn't crash anymore but it still doesn't show any window).
>>
>> As far as I understand, the custom protocol handler is:
>>
>> 1) Calling ReportResult within LockRequest.
>> 2) Expecting OnDataAvailable to be called after.
>> 3) Expecting OnStopBinding to be called after.
>>
>> I believe your patch doesn't do 3)? I'm not sure it expects this to
>> happen while ReportData is called, but it's how it usually happens,
>> and it definitely expect OnStopBinding to be called after
>> ReportResult has been, to continue.
>
>
> Sure, but I suspect that it should be handled one layer bellow what
> your patch does. bindprot.c is between Binding object and protocol
> itself and it already has some tools to do deal with such cases. For
> example, the attached patch fixes Zombie Army Trilogy and is close to
> what I'd expect. I'd like to do some more tests to understand how
> exactly it is supposed to work.
>
>
>>
>> It also causes ReportResult to return E_FAIL when called within
>> LockRequest, which is not what native does (at least it's not with
>> the mshtml version of the test).
>
>
> That matched what my test showed, but it seems that it fails on some
> Windows, so there was probably a problem with the test itself.
A better test confirmed my theory. I sent a series that fixes the
problem for me.
Thanks,
Jacek
More information about the wine-devel
mailing list