Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-8098

Crash in IntHiliteMenuItem in user32_winetest:menu

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Fix Version/s: 0.3.17
    • Component/s: Win32SS
    • Labels:
      None

      Description

      Aaand another win32k crash with the new user32 tests... go Wine

      Problem here is that in the MF_BYCOMMAND case, neither IntHiliteMenuItem nor IntGetMenuItemByFlag initializes the MenuItem pointer if no menu was found. And IntGetMenuItemByFlag's return value is only checked in the MF_BYPOSITION case.
      That causes MenuItem to be uninitialized and hence crashes.

      No idea what the logic is supposed to be there. Neither of the behaviors makes sense to me – the variable should be nulled in the function and the return value always checked.

      
      Entered debugger on last-chance exception (Exception Code: 0xc0000005) (Page Fault)
      Memory at 0x002802E8 could not be written: Page not present.
      kdb:>
       bt
      Eip:
      <win32k.sys:4c076 (win32ss/user/ntuser/menu.c:1062 (IntHiliteMenuItem))>
      Frames:
      <win32k.sys:4de34 (win32ss/user/ntuser/menu.c:2069 (NtUserHiliteMenuItem))>
      <NTOSKRNL.EXE:140230 (ntoskrnl/include/internal/arch/../i386/ke.h:688 (KiFastCallEntryHandler))>
      <NTOSKRNL.EXE:3ced (:0 (KiFastCallEntry))>
      <ntdll.dll:c081 (:0 (KiIntSystemCall))>
      <user32_winetest.exe:4eb69 (modules/rostests/winetests/user32/menu.c:2426 (test_menu_hilitemenuitem))>
      <user32_winetest.exe:5df97 (modules/rostests/winetests/user32/menu.c:3651 (func_menu))>
      <user32_winetest.exe:d5359 (include/reactos/wine/test.h:606 (main))>

        Attachments

        1. nullcasec.patch
          0.4 kB
        2. win32k-menu.patch
          10 kB
        3. win32k-menu.patch
          10 kB
        4. win32k-menu.patch
          9 kB

          Activity

            People

            • Assignee:
              jimtabor jimtabor
              Reporter:
              ThFabba ThFabba
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: