Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-19544

Explorer : Unhandled Exception due to incorrect Icon lead to systematic crash

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None

    Description

      reactos-bootcd-0.4.15-dev-7973-g7586fe5-x86-gcc-lin-dbg

      While restesting CORE-14587 with AudioScore Ultimate 6.5 downloaded from CNET here https://download.cnet.com/download-launch/2140_4-10369126/windows/?dt=internalDownload&token=77Dwwa5k5nwHc-j6ayM_6Le6y3PePWw_vCP3pXozTcI 

      When Explorer is opened to the folder containing the file it systematically crashes with : 

      Looks related to CORE-15879

      Guilty code is likely https://git.reactos.org/?p=reactos.git;a=blob;f=win32ss/user/user32/windows/cursoricon.c#l2288 

      if(!(dir && !dir->idReserved && (dir->idType & 3))) 

      Note :

      https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-lookupiconidfromdirectoryex

      [in] presbits
      Type: PBYTE
      The icon or cursor directory data. Because this function does not validate the resource data, it causes a general protection (GP) fault or returns an undefined value if presbits is not pointing to valid resource data. 

      However, this file does NOT generate a GP in Win2K3 which seems robust to these cases somehow.

      PATCH : as GP is an expected behavior, SEH is required in LookupIconIdFromDirectoryEx ( win32ss/user/user32/windows/cursoricon.c )

      _SEH2_TRY
      {
          if(!(dir && !dir->idReserved && (dir->idType & 3)))
          {
              WARN("Invalid resource.\n");
              return 0;
          }
      }
      _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
      {
              ERR("Invalid resource.\n");
              return 0;
      }
      _SEH2_END; 

      Result : 

       

      Unhandled exception
      ExceptionCode:    c0000005
      Faulting Address: 0457B1E0
      CS:EIP 1b:77a5d234
      DS 23 ES 23 FS 3b GS 0
      EAX: 0457b1e0   EBX: 0457b1e0   ECX: 00000020
      EDX: 00004000   EBP: 01a2f0dc   ESI: 01e20c78   ESP: 01a2f074
      EDI: 00000000   EFLAGS: 00010202
      Address:
      * <user32.dll:3d234 (win32ss/user/user32/windows/cursoricon.c:2288 (LookupIconIdFromDirectoryEx))> (C:\ReactOS\system32\user32.dll@77a20000)
      Frames:
      * <user32.dll:30678 (win32ss/user/user32/misc/exticon.c:730 (ICO_ExtractIconExW))> (C:\ReactOS\system32\user32.dll@77a20000)
      * <user32.dll:30be7 (win32ss/user/user32/misc/exticon.c:880 (PrivateExtractIconsW))> (C:\ReactOS\system32\user32.dll@77a20000)
      * <shell32.dll:44f91 (dll/win32/shell32/iconcache.cpp:391 (SIC_LoadIcon))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:4530d (dll/win32/shell32/iconcache.cpp:466 (SIC_GetIconIndex))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:45cdc (dll/win32/shell32/iconcache.cpp:732 (PidlToSicIndex))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:45e68 (dll/win32/shell32/iconcache.cpp:784 (SHMapPIDLToSystemImageListIndex))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:93bab (dll/win32/shell32/CDefView.cpp:993 (CDefView::LV_RenameItem))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:98156 (dll/win32/shell32/CDefView.cpp:2334 (CDefView::OnChangeNotify))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:100e51 (dll/win32/shell32/CDefView.cpp:388 (CDefView::ProcessWindowMessage))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:fd882 (sdk/lib/atl/atlwin.h:1660 (CWindowImplBaseT<ATL::CWindow, ATL::CWinTraits<1442840576, 0> >::WindowProc))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <shell32.dll:100afa (dll/win32/shell32/CDefView.cpp:374 (CDefView::WindowProc))> (C:\ReactOS\system32\shell32.dll@7af50000)
      * <user32.dll:6b51e (win32ss/user/user32/windows/wndproc_fixup.S:48 (CALL_EXTERN_WNDPROC))> (C:\ReactOS\system32\user32.dll@77a20000)
      * <user32.dll:5f814 (win32ss/user/user32/windows/message.c:1547 (IntCallWindowProcW))> (C:\ReactOS\system32\user32.dll@77a20000)
      * <user32.dll:6165b (win32ss/user/user32/windows/message.c:3015 (User32CallWindowProcFromKernel))> (C:\ReactOS\system32\user32.dll@77a20000)
      * <ntdll.dll:f805 (dll/ntdll/dispatch/i386/dispatch.S:142 (KiUserCallbackDispatcher))> (C:\ReactOS\System32\ntdll.dll@7c920000)
      * <browseui.dll:2a388 (dll/win32/browseui/desktopipc.cpp:395 (ExplorerMessageLoop))> (C:\ReactOS\System32\browseui.dll@78e20000)
      * <browseui.dll:2a548 (dll/win32/browseui/desktopipc.cpp:430 (BrowserThreadProc))> (C:\ReactOS\System32\browseui.dll@78e20000)
      * <kernel32.dll:1ca58 (dll/win32/kernel32/client/thread.c:71 (BaseThreadStartup))> (C:\ReactOS\system32\kernel32.dll@7c600000)
      err:(win32ss/user/user32/windows/messagebox.c:1048) MessageBox: L"The instruction at \"0x77a5d234\" referenced memory at \"0x0457b1e0\". The memory could not be \"read\".\r\n\nCliquez sur OK pour terminer le programme.\nCliquez sur Annuler pour d\00e9boguer le programme." 

      Attachments

        Activity

          People

            Unassigned Unassigned
            KRosUser KRosUser
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: