[Bug 1127] Page fault in heap functions in native Winhlp32 (win2k) when cancelling from the full text search setup window

Wine Bugs wine-bugs at winehq.com
Sat Jun 28 07:48:51 CDT 2003 

http://bugs.winehq.com/show_bug.cgi?id=1127





------- Additional Comments From z_god at wanadoo.nl  2003-28-06 07:48 -------
Bug comments restored from Gmane.org: 
 
Winhlp32 crashes when cancelling from the full text search setup window. 
How to reproduce: 
1. run winedbg winhlp32 (Windows 2000 native version) 
2. select a .hlp file (I selected any from msoe.hlp  msoeacct.hlp  wab.hlp) 
3. click on "Help Topics" toolbar item 
4. click cancel in "Find Setup Wizard" window 
 
Depending on where it crashes it gives either a page fault on a null pointer 
(HEAP_FindFreeBlock) or 
a page fault on 0xC (RtlAllocateHeap) 
It seems to be random where it crashes. 
HEAP_FindFreeBlock [heap.c:608] 
DWORD arena_size = (pArena->size & ARENA_SIZE_MASK) + 
 
0 0x400ce8f4 HEAP_FindFreeBlock(heap=0x40370000, size=0x80, 
ppSubHeap=0x406925f8) 
1 0x400cf318 RtlAllocateHeap(heap=0x40370000, flags=0x2, size=0x80) 
2 0x408e6293 list_window_children(hwnd=0x11005e, atom=0x0, tid=0x0) 
3 0x408ea5d0 WIN_ListChildren 
4 0x408dbd7b RDW_UpdateRgns 
5 0x408dc5ca RedrawWindow 
6 0x40a7ee4e expose_window 
7 0x50a7f0c7 X11DRV_Expose 
8 0x40a75b6b EVENT_ProcessEvent 
... 
13 0x40904de7 GetMessageA 
14 0x0102b892 winhlp32.exe..text+0x2a892 
 
Another crash trace: 
RtlAllocateHeap+0xe6 [heap.c:1039] 
pArena->prev->next = pArena->next; 
 
0 0x400cf386 RtlAllocateHeap(heap=0x4037, flags=0x2, size=0x20) 
1 0x4081b293 REGION_AllocWineRegion(n=0x2) 
2 0x4081b31c REGION_CreateRegion(n=0x2) 
3 0x4081b5d4 CreateRectRgn(left=0x32, top=0x43, right=0x158, bottom=0x45) 
4 0x4081b647 CreateRectRgnIndirect 
5 0x408dc4e3 RedrawWindow 
6 0x40a7ee4e expose_window 
7 0x40a7f0c7 X11DRV_Expose 
... 
13 0x40904de7 GetMessageA 
14 0x0102b892 winhlp32.exe..text+0x2a892 
 
Nothing out of the ordinary appears at the console 
 
 
------- Additional Comments From R.J.Shearman <at> warwick.ac.uk  2003-05-16 08:07 
------- 
I've discovered the reason it corrupts the heap is because it destroys the  
dialog in WM_INITDIALOG (patch on the way) but the reason it does this is still  
unknown to me. 

-- 
Configure bugmail: http://bugs.winehq.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the wine-bugs mailing list