Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
reactos-bootcd-0.4.15-dev-7973-g7586fe5-x86-gcc-lin-dbg
While restesting CORE-14587 with AudioScore Ultimate 6.5 downloaded from CNET here https://download.cnet.com/download-launch/2140_4-10369126/windows/?dt=internalDownload&token=77Dwwa5k5nwHc-j6ayM_6Le6y3PePWw_vCP3pXozTcI
When Explorer is opened to the folder containing the file it systematically crashes with :
Looks related to CORE-15879
Guilty code is likely https://git.reactos.org/?p=reactos.git;a=blob;f=win32ss/user/user32/windows/cursoricon.c#l2288
if(!(dir && !dir->idReserved && (dir->idType & 3))) |
Note :
https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-lookupiconidfromdirectoryex
[in] presbits
|
Type: PBYTE
|
The icon or cursor directory data. Because this function does not validate the resource data, it causes a general protection (GP) fault or returns an undefined value if presbits is not pointing to valid resource data. |
However, this file does NOT generate a GP in Win2K3 which seems robust to these cases somehow.
PATCH : as GP is an expected behavior, SEH is required in LookupIconIdFromDirectoryEx ( win32ss/user/user32/windows/cursoricon.c )
_SEH2_TRY
|
{
|
if(!(dir && !dir->idReserved && (dir->idType & 3))) |
{
|
WARN("Invalid resource.\n"); |
return 0; |
}
|
}
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
{
|
ERR("Invalid resource.\n"); |
return 0; |
}
|
_SEH2_END;
|
Result :
Unhandled exception
|
ExceptionCode: c0000005
|
Faulting Address: 0457B1E0
|
CS:EIP 1b:77a5d234
|
DS 23 ES 23 FS 3b GS 0 |
EAX: 0457b1e0 EBX: 0457b1e0 ECX: 00000020 |
EDX: 00004000 EBP: 01a2f0dc ESI: 01e20c78 ESP: 01a2f074 |
EDI: 00000000 EFLAGS: 00010202 |
Address:
|
* <user32.dll:3d234 (win32ss/user/user32/windows/cursoricon.c:2288 (LookupIconIdFromDirectoryEx))> (C:\ReactOS\system32\user32.dll@77a20000) |
Frames:
|
* <user32.dll:30678 (win32ss/user/user32/misc/exticon.c:730 (ICO_ExtractIconExW))> (C:\ReactOS\system32\user32.dll@77a20000) |
* <user32.dll:30be7 (win32ss/user/user32/misc/exticon.c:880 (PrivateExtractIconsW))> (C:\ReactOS\system32\user32.dll@77a20000) |
* <shell32.dll:44f91 (dll/win32/shell32/iconcache.cpp:391 (SIC_LoadIcon))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:4530d (dll/win32/shell32/iconcache.cpp:466 (SIC_GetIconIndex))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:45cdc (dll/win32/shell32/iconcache.cpp:732 (PidlToSicIndex))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:45e68 (dll/win32/shell32/iconcache.cpp:784 (SHMapPIDLToSystemImageListIndex))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:93bab (dll/win32/shell32/CDefView.cpp:993 (CDefView::LV_RenameItem))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:98156 (dll/win32/shell32/CDefView.cpp:2334 (CDefView::OnChangeNotify))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:100e51 (dll/win32/shell32/CDefView.cpp:388 (CDefView::ProcessWindowMessage))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:fd882 (sdk/lib/atl/atlwin.h:1660 (CWindowImplBaseT<ATL::CWindow, ATL::CWinTraits<1442840576, 0> >::WindowProc))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <shell32.dll:100afa (dll/win32/shell32/CDefView.cpp:374 (CDefView::WindowProc))> (C:\ReactOS\system32\shell32.dll@7af50000) |
* <user32.dll:6b51e (win32ss/user/user32/windows/wndproc_fixup.S:48 (CALL_EXTERN_WNDPROC))> (C:\ReactOS\system32\user32.dll@77a20000) |
* <user32.dll:5f814 (win32ss/user/user32/windows/message.c:1547 (IntCallWindowProcW))> (C:\ReactOS\system32\user32.dll@77a20000) |
* <user32.dll:6165b (win32ss/user/user32/windows/message.c:3015 (User32CallWindowProcFromKernel))> (C:\ReactOS\system32\user32.dll@77a20000) |
* <ntdll.dll:f805 (dll/ntdll/dispatch/i386/dispatch.S:142 (KiUserCallbackDispatcher))> (C:\ReactOS\System32\ntdll.dll@7c920000) |
* <browseui.dll:2a388 (dll/win32/browseui/desktopipc.cpp:395 (ExplorerMessageLoop))> (C:\ReactOS\System32\browseui.dll@78e20000) |
* <browseui.dll:2a548 (dll/win32/browseui/desktopipc.cpp:430 (BrowserThreadProc))> (C:\ReactOS\System32\browseui.dll@78e20000) |
* <kernel32.dll:1ca58 (dll/win32/kernel32/client/thread.c:71 (BaseThreadStartup))> (C:\ReactOS\system32\kernel32.dll@7c600000) |
err:(win32ss/user/user32/windows/messagebox.c:1048) MessageBox: L"The instruction at \"0x77a5d234\" referenced memory at \"0x0457b1e0\". The memory could not be \"read\".\r\n\nCliquez sur OK pour terminer le programme.\nCliquez sur Annuler pour d\00e9boguer le programme." |
