Need help debugging a memory corruption bug in shfldr_unixfs.c

[Phil Krylov]

On Fri, 26 Aug 2005 23:03:33 +0200
Michael Jung <mjung at iss.tu-darmstadt.de> wrote:

> Every time you double click a folder, the current ShellView object is 
> destroyed and a new one is created. Given that I have to browse into like 30 
> different folders before it crashes on me, I can't pin down the relevant 
> infoPtr.

In hunt for this bug, I discovered the following:

* It appears both with unixfs and normal Wine fs.

* Every double click on a folder in the listview destroys this listview
  object (effectively destroying all underlying structures), creates a new
  one, and returns control to the place where double click notification was
  sent by the old listview (notify_hdr() function in listview.c). This time
  the old listview and its structures are already destroyed, but we
  continue to access them, exception!

Here is a patch which adds checking if the window has been destroyed at
that point. I don't know if it is acceptable but it fixes the problem.

ChangeLog:

Protect against wrong memory access if a listview is destroyed in a handler
for its NM_DBLCLK notification.

-- Ph.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: listview.patch
Type: text/x-patch
Size: 1206 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20050908/a6e709fe/listview.patch