[Bug 10521] New: make test crashes msvcrt/tests/heap.c...

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Nov 21 04:46:18 CST 2007 

http://bugs.winehq.org/show_bug.cgi?id=10521

           Summary: make test crashes msvcrt/tests/heap.c...
           Product: Wine
           Version: CVS/GIT
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: P2
         Component: wine-msvcrt
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: lionel_debroux at yahoo.fr


The msvcrt heap test has been consistently crashing on my computer since the
following commit:
commit  a1e4758f076190dbef7d06f9e10241d0aabe3788
Author: Dan Kegel <dank at kegel.com>
Date:   Tue Nov 6 16:52:19 2007 -0800
It crashes with WINEDEBUG="" (access to 0x04030205) and WINEDEBUG="warn+heap"
(access to 0x55555559), and an assertion aborts the program with
WINEDEBUG="+heap".
It crashes when compiling (GCC 4.1.1 from Debian stable) the whole Wine DLLs,
programs and executables with -O0, -O2 and -O3, so that is probably not due to
a compiler optimization screwup.


I've been discussing the issue for a while with Dan, and he is able to
reproduce the problem.
However, all commit a1e4758f... does is fixing two memory leaks. Therefore,
neither of us feels that the change in this commit should cause a crash. There
may be a problem somewhere else. Since it touches the heap subsystem, I'm
putting severity to major.


While commenting tests in order to reduce the testcase, by looking at the
traces, I found that a crash can be triggered (but not reproducably...) with
the single:
test_aligned_realloc(256, 512, 16);
(everything before and after this line being commented).
Strange.


Attached is a tarball I sent to Dan, which contains:
* a script to run the test in various situations. Compilation is not part of
the script; if you want to run Valgrind, you have to edit the location of
valgrind to match the location of Wine-improved Valgrind (
http://wiki.winehq.org/Wine_and_Valgrind );
* traces created by the script;
* I noticed that a 'invalid arena magic' warning is triggered by warn+heap
before the crash occurs, so I made a trivial patch that adds printing of the
invalid arena magic values.
I think it helps debugging the issue, by showing the exact kind of overwrite
that occurred: 1-byte, 2-byte, 4-byte; which bytes of the arena are affected;
etc.
With warn+heap (crash), the arena magic is 0x00555555.
With +heap (assert failed), the arena magic is 0x55555555.


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list