Added patch to avoid crashing when broken app tries to release surface although refcount is zero.

2024-11-21 16:46:54 -08:00 · 2014-11-11 22:36:19 +01:00 · 2014-11-11 22:36:19 +01:00 · 3a5f2b6be0
commit 3a5f2b6be0
parent 7641fa58b9
5 changed files with 55 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -39,12 +39,13 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 ===================================

-**Bugfixes and features included in the next upcoming release [16]:**
+**Bugfixes and features included in the next upcoming release [17]:**

 * Add stub for NtSetLdtEntries/ZwSetLdtEntries ([Wine Bug #26268](https://bugs.winehq.org/show_bug.cgi?id=26268))
 * Add stubs for vectored continue handler ([Wine Bug #30572](https://bugs.winehq.org/show_bug.cgi?id=30572))
 * Allow NULL pointer for optional arguments of D3DXIntersectTri ([Wine Bug #35133](https://bugs.winehq.org/show_bug.cgi?id=35133))
 * Allow selection of audio device for PulseAudio backend
+* Avoid crashing when broken app tries to release surface although refcount is zero ([Wine Bug #18477](https://bugs.winehq.org/show_bug.cgi?id=18477))
 * CoWaitForMultipleHandles shouldn't process window events when APC calls are queued ([Wine Bug #32568](https://bugs.winehq.org/show_bug.cgi?id=32568))
 * Emulate access to KI_USER_SHARED_DATA kernel page on x86_64 ([Wine Bug #33849](https://bugs.winehq.org/show_bug.cgi?id=33849))
 * Exception during start of fr-043 caused by missing DXTn support ([Wine Bug #37391](https://bugs.winehq.org/show_bug.cgi?id=37391))
--- a/debian/changelog
+++ b/debian/changelog
@ -19,6 +19,7 @@ wine-compholio (1.7.31) UNRELEASED; urgency=low
  * Added patch to initialize irp.Tail.Overlay.OriginalFileObject with stub file object.
  * Added patch to implement emulation of SIDT instruction when using Exagear.
  * Added patch to return more context attributes in schan_InitializeSecurityContextW.
+  * Added patch to avoid crashing when broken app tries to release surface although refcount is zero.
  * Removed patch for iphlpapi stub functions (accepted upstream).
  * Removed patches for FindFirstFileExW (accepted upstream).
  * Removed patches for TLB dependencies lookup in resources (accepted upstream).
--- a/patches/Makefile
+++ b/patches/Makefile
@ -27,6 +27,7 @@ PATCHLIST := \
 	comctl32-LoadIconMetric.ok \
 	configure-Absolute_RPATH.ok \
 	configure-Detect_Gnutls.ok \
+	d3d9-Surface_Refcount.ok \
 	d3dx9_36-DXTn.ok \
 	d3dx9_36-Filter_Warnings.ok \
 	d3dx9_36-GetShaderSemantics.ok \
@ -326,6 +327,24 @@ configure-Detect_Gnutls.ok:
 		echo '+    { "configure-Detect_Gnutls", "Sebastian Lackner", "Fix detection of gnutls on Ubuntu 14.10. [rev 3]" },'; \
 	) > configure-Detect_Gnutls.ok

+# Patchset d3d9-Surface_Refcount
+# |
+# | Included patches:
+# |   *	Don't decrease surface refcount when its already zero. [by Henri Verbeet]
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#18477] Avoid crashing when broken app tries to release surface although refcount is zero
+# |
+# | Modified files:
+# |   *	dlls/d3d9/surface.c
+# |
+.INTERMEDIATE: d3d9-Surface_Refcount.ok
+d3d9-Surface_Refcount.ok:
+	$(call APPLY_FILE,d3d9-Surface_Refcount/0001-d3d9-Don-t-decrease-surface-refcount-when-its-alread.patch)
+	@( \
+		echo '+    { "d3d9-Surface_Refcount", "Henri Verbeet", "Don'\''t decrease surface refcount when its already zero." },'; \
+	) > d3d9-Surface_Refcount.ok
+
 # Patchset d3dx9_36-DXTn
 # |
 # | Included patches:
--- a/patches/d3d9-Surface_Refcount/0001-d3d9-Don-t-decrease-surface-refcount-when-its-alread.patch
+++ b/patches/d3d9-Surface_Refcount/0001-d3d9-Don-t-decrease-surface-refcount-when-its-alread.patch
@ -0,0 +1,29 @@
+From ee74f6d71079cda75ba94841e4369c519489c879 Mon Sep 17 00:00:00 2001
+From: Henri Verbeet <hverbeet@codeweavers.com>
+Date: Tue, 11 Nov 2014 22:32:00 +0100
+Subject: d3d9: Don't decrease surface refcount when its already zero.
+
+---
+ dlls/d3d9/surface.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dlls/d3d9/surface.c b/dlls/d3d9/surface.c
+index e5eb11f..2aab5f3 100644
+--- a/dlls/d3d9/surface.c
+++ b/dlls/d3d9/surface.c
+@@ -91,6 +91,12 @@ static ULONG WINAPI d3d9_surface_Release(IDirect3DSurface9 *iface)
+         return IDirect3DBaseTexture9_Release(&surface->texture->IDirect3DBaseTexture9_iface);
+     }
+ 
+    if (!surface->resource.refcount)
+    {
+        ERR("Surface doesn't have any references.\n");
+        return 0;
+    }
+
+     refcount = InterlockedDecrement(&surface->resource.refcount);
+     TRACE("%p decreasing refcount to %u.\n", iface, refcount);
+ 
+-- 
+2.1.3
+
--- a/patches/d3d9-Surface_Refcount/definition
+++ b/patches/d3d9-Surface_Refcount/definition
@ -0,0 +1,4 @@
+Author: Henri Verbeet
+Subject: Don't decrease surface refcount when its already zero.
+Revision: 1
+Fixes: [18477] Avoid crashing when broken app tries to release surface although refcount is zero