From: Derek Lesho <dlesho@codeweavers.com>
Subject: Re: [PATCH] mfplat: Copy all image planes in buffer copies.
Message-Id: <7aa037cc-1c5c-702c-8a8f-10f39ee290ff@codeweavers.com>
Date: Mon, 7 Jun 2021 10:39:06 -0400
In-Reply-To: <face5f75-cbb2-02dc-dcf1-395061347a34@codeweavers.com>
References: <20210602211856.429704-1-dlesho@codeweavers.com> <face5f75-cbb2-02dc-dcf1-395061347a34@codeweavers.com>

Sorry for the late reply, I missed your mail when it first came.

On 6/3/21 3:37 AM, Nikolay Sivov wrote:

> Not sure what's happening yet, but this gives me heap corruption it
> seems, with crashes looking like this:
>
> Backtrace:
> =>0 0x7bc26f16 HEAP_CreateFreeBlock+0x126(subheap=<is not available>,
> ptr=0x1825918, size=<is not available>)
> [Z:\ssd\data\wine\wine-git\include\wine\list.h:100] in ntdll (0x006cfa68)
>    1 0x7bc279a4 HEAP_MakeInUseBlockFree+0xe3(subheap=<is not available>,
> pArena=<is not available>)
> [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:665] in ntdll (0x006cfaa8)
>    2 0x7bc2822c HEAP_IsRealArena+0x73b(heapPtr=<is not available>,
> flags=<is not available>, block=<is not available>)
> [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:1767] in ntdll (0x006cfb08)
>    3 0x7bc2954a RtlCreateHeap+0x139(flags=<is not available>, addr=<is
> not available>, totalSize=<is not available>, commitSize=<is not
> available>, unknown=<is not available>, definition=<is
> not available>) [Z:\ssd\data\wine\wine-git\dlls\ntdll\heap.c:1744] in
> ntdll (0x006cfb48)
>    4 0x1002821b EntryPoint+0x16ba() in ucrtbase (0x006cfb68)
>    5 0x00cc396d memory_buffer_GetMaxLength+0x10c()
> [Z:\ssd\data\wine\wine-git\dlls\mfplat\buffer.c:175] in mfplat (0x006cfba8)
>    6 0x00415b46 test_MFCreate2DMediaBuffer+0x16d5()
> [Z:\ssd\data\wine\build\wine32\include\mfobjects.h:809] in mfplat_test
> (0x006cfc58)
>
> It seems to be about IMC2/IMC4 case, if I comment out both MFCopyImage
> calls it doesn't crash. For IMC1/IMC3 same strides are used, so you copy
> U/V in one go, including padding half-sized areas. For IMC2/IMC4 same
> stride is used for Y and U/V making two calls, is this correct?
In both formats (IMC1, IMC2, and derivatives), the stride is the same 
between all three planes.  In IMC2 the only difference is that the U 
plane is offset by half a stride.
>
> I was going to suggest something like attached patch as an alternative
> to whole thing, but we need to fix this corruption first.
Yeah, I'll look into it.