Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-17626

[WIN32K] reproducible BSOD 0x1E in CreateDIBPalette() when passing invalid arguments to CreateDIBSection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Fix Version/s: 0.4.14, 0.4.15
    • Component/s: None
    • Labels:

      Description

      Reproduction steps:

      Regression test
      0.4.15-dev-2689-ge70df4c crashes with BSOD0x1E
      0.4.15-dev-2689-ge70df4c_BSOD0x1E.webm
      0.4.15-dev-2689-ge70df4c_BSOD0x1E.log

      ReactOS-0.4.14-RC-71-gcfc2431.iso crashes with BSOD0x1E
      ReactOS-0.4.14-RC-64-g44e1f96.iso crashes with BSOD0x1E (proving that it was not introduced by 0.4.15-dev-2085-g834394a / 0.4.14-RC-65-gdd0f439)
      reactos-bootcd-0.4.14-dev-1-gd055c9f-x86-gcc-lin-dbg.iso crashes with BSOD0x1E
      reactos-bootcd-0.4.12-dev-1082-ge0e5363-x86-gcc-lin-dbg.iso BSOD 0x1E
      reactos-bootcd-0.4.12-dev-360-gdaadcc6-x86-gcc-lin-dbg.iso BSOD 0x1E
      reactos-bootcd-0.4.12-dev-280-g44fdf3f-x86-gcc-lin-dbg.iso BSOD 0x1E
      reactos-bootcd-0.4.12-dev-270-g60448f8-x86-gcc-lin-dbg.iso BSOD 0x1E
      reactos-bootcd-0.4.12-dev-267-gd6dc1fd-x86-gcc-lin-dbg.iso BSOD 0x1E
      reactos-bootcd-0.4.12-dev-266-g8ab3652-x86-gcc-lin-dbg.iso BSOD 0x1E guilty
      reactos-bootcd-0.4.12-dev-265-g13efff3-x86-gcc-lin-dbg.iso ok 0.4.12-dev-265-g13efff3_ok.webm
      reactos-bootcd-0.4.12-dev-260-g0150bb9-x86-gcc-lin-dbg.iso ok
      reactos-bootcd-0.4.12-dev-240-gc109019-x86-gcc-lin-dbg.iso ok
      reactos-bootcd-0.4.12-dev-200-gec5c0c9-x86-gcc-lin-dbg.iso ok
      reactos-bootcd-0.4.12-dev-116-g6d47eab-x86-gcc-lin-dbg.iso ok
      reactos-bootcd-0.4.12-dev-8-g958ae44-x86-gcc-lin-dbg.iso ok
      reactos-bootcd-0.4.8-dev-1074-g111c40e-x86-gcc-lin-dbg.iso ok

      I noticed it the first time, when I wanted to test the https://github.com/reactos/reactos/pull/3678 for the gdiprog case.

      Is it a nullptr deref? dibobj.c Line 138 looks like that

                      COLORREF crColor = RGB(rgb.rgbRed, rgb.rgbGreen, rgb.rgbBlue);
      

      Expected result
      2K3_SP2_ok_also_for_path_C_gdiprog_crtrel_main_exe.png

        Attachments

        1. 0.4.12-dev-265-g13efff3_ok.log
          89 kB
        2. 0.4.12-dev-265-g13efff3_ok.webm
          503 kB
        3. 0.4.12-dev-266-g8ab3652_affected.log
          90 kB
        4. 0.4.12-dev-266-g8ab3652_affected.log
          90 kB
        5. 0.4.14-RC-74-g164b000_patched_JID59662.log
          84 kB
        6. 0.4.14-RC-74-g164b000_patched_JID59662.png
          0.4.14-RC-74-g164b000_patched_JID59662.png
          25 kB
        7. 0.4.14-RC-74-g164b000_patched_JID59694_itWorks.webm
          445 kB
        8. 0.4.15-dev-2689-ge70df4c_BSOD0x1E.log
          112 kB
        9. 0.4.15-dev-2689-ge70df4c_BSOD0x1E.webm
          701 kB
        10. 0.4.15-dev-2707-gd042f51_JID59666_CreateDIBSection_02__BSODsAgain.log
          132 kB
        11. 15-2714_GDIProg-Menu_C_GDIProg_Fail.txt
          41 kB
        12. 15-2714_GDIProg-Menu_My_Documents_OK.txt
          51 kB
        13. 2K3_SP2_in_VBox_ok.png
          2K3_SP2_in_VBox_ok.png
          30 kB
        14. 2K3_SP2_ok_also_for_path_C_gdiprog_crtrel_main_exe.png
          2K3_SP2_ok_also_for_path_C_gdiprog_crtrel_main_exe.png
          37 kB
        15. CreateDIBSection_01.patch
          0.7 kB
        16. CreateDIBSection_02.patch
          1 kB
        17. doesNotWork_make_relocation_less_probable_for_comctl32_shell32_browseui.patch
          2 kB
        18. GDIProg_FixedPDB.zip
          45 kB
        19. GDIProg_Main_Color_Black.png
          GDIProg_Main_Color_Black.png
          72 kB
        20. GDIProg_Main_Color_Blue.png
          GDIProg_Main_Color_Blue.png
          75 kB
        21. GDIProg_Main_Color_Yellow.png
          GDIProg_Main_Color_Yellow.png
          78 kB
        22. GDIProg_Main_Menu_Fails1.png
          GDIProg_Main_Menu_Fails1.png
          92 kB
        23. GDIProg_Main_Menu_Fails2.png
          GDIProg_Main_Menu_Fails2.png
          51 kB
        24. GDIProg_Main_Menu_Fails3.png
          GDIProg_Main_Menu_Fails3.png
          86 kB
        25. GDIProg_Main_Menu_Works1.png
          GDIProg_Main_Menu_Works1.png
          84 kB
        26. GDIProg_Main_Menu_Works2.png
          GDIProg_Main_Menu_Works2.png
          69 kB
        27. GDIProg.zip
          46 kB
        28. image-2021-06-13-18-40-40-774.png
          image-2021-06-13-18-40-40-774.png
          10 kB
        29. new_dibobj.patch
          0.6 kB
        30. ntgdi_dibobj_c_01.patch
          0.6 kB
        31. ntgdi_dibobj_c_02.patch
          2 kB
        32. ReactOS-15-2714.webm
          1.51 MB

          Issue Links

            Activity

              People

              • Assignee:
                DougLyons DougLyons
                Reporter:
                reactosfanboy reactosfanboy
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: