From: Derek Lesho Subject: Re: [PATCH] mfplat: Copy all image planes in buffer copies. Message-Id: <7aa037cc-1c5c-702c-8a8f-10f39ee290ff@codeweavers.com> Date: Mon, 7 Jun 2021 10:39:06 -0400 In-Reply-To: References: <20210602211856.429704-1-dlesho@codeweavers.com> Sorry for the late reply, I missed your mail when it first came. On 6/3/21 3:37 AM, Nikolay Sivov wrote: > Not sure what's happening yet, but this gives me heap corruption it > seems, with crashes looking like this: > > Backtrace: > =>0 0x7bc26f16 HEAP_CreateFreeBlock+0x126(subheap=, > ptr=0x1825918, size=) > [Z:\ssd\data\wine\wine-git\include\wine\list.h:100] in ntdll (0x006cfa68) >   1 0x7bc279a4 HEAP_MakeInUseBlockFree+0xe3(subheap=, > pArena=) > [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:665] in ntdll (0x006cfaa8) >   2 0x7bc2822c HEAP_IsRealArena+0x73b(heapPtr=, > flags=, block=) > [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:1767] in ntdll (0x006cfb08) >   3 0x7bc2954a RtlCreateHeap+0x139(flags=, addr= not available>, totalSize=, commitSize= available>, unknown=, definition= not available>) [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:1744] in > ntdll (0x006cfb48) >   4 0x1002821b EntryPoint+0x16ba() in ucrtbase (0x006cfb68) >   5 0x00cc396d memory_buffer_GetMaxLength+0x10c() > [Z:\ssd\data\wine\wine-git\dlls\mfplat\buffer.c:175] in mfplat (0x006cfba8) >   6 0x00415b46 test_MFCreate2DMediaBuffer+0x16d5() > [Z:\ssd\data\wine\build\wine32\include\mfobjects.h:809] in mfplat_test > (0x006cfc58) > > It seems to be about IMC2/IMC4 case, if I comment out both MFCopyImage > calls it doesn't crash. For IMC1/IMC3 same strides are used, so you copy > U/V in one go, including padding half-sized areas. For IMC2/IMC4 same > stride is used for Y and U/V making two calls, is this correct? In both formats (IMC1, IMC2, and derivatives), the stride is the same between all three planes.  In IMC2 the only difference is that the U plane is offset by half a stride. > > I was going to suggest something like attached patch as an alternative > to whole thing, but we need to fix this corruption first. Yeah, I'll look into it.