[Bug 20553] Invalid read in LISTVIEW_NCDestroy in chromium unit_tests.exe in TableViewTest.Sort?

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Nov 12 00:02:04 CST 2009 

http://bugs.winehq.org/show_bug.cgi?id=20553


Dan Kegel <dank at kegel.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1




--- Comment #2 from Dan Kegel <dank at kegel.com>  2009-11-12 00:02:03 ---
Saw this in a much simpler testcase, NullModelTableViewTest.NullModel.

I'll attach the output of

WINEDEBUG=warn+heap,+message,+relay,+comctrl ~/wine-git/wine
src/chrome/Debug/unit_tests.exe --gtest_filter=NullModelTableViewTest.NullModel

with the line

 static inline BOOL is_valid(HIMAGELIST himl)
 {
+    ERR("is_valid: %p, magic %x\n", himl, himl ? himl->magic : -1);

added to imagelist.c.

This shows the problem even without valgrind.  Here's the interesting bit:

$ egrep -i 'err:|comctl|ExitProcess' log
...
0028:Call
comctl32.ImageList_Create(00000010,00000010,00000021,00000000,00000020)
ret=7e1a2653
0028:Ret  comctl32.ImageList_Create() retval=00167e40 ret=7e1a2653
0028:Call
comctl32.ImageList_Create(00000020,00000020,00000021,00000000,00000020)
ret=7e1a268a
0028:Ret  comctl32.ImageList_Create() retval=00168860 ret=7e1a268a
0028:Call comctl32.ImageList_SetBkColor(00167e40,ffffffff) ret=7e1a26af
err:imagelist:is_valid is_valid: 0x167e40, magic 53414d58
0028:Ret  comctl32.ImageList_SetBkColor() retval=ffffffff ret=7e1a26af
0028:Call comctl32.ImageList_SetBkColor(00168860,ffffffff) ret=7e1a26ca
err:imagelist:is_valid is_valid: 0x168860, magic 53414d58
0028:Ret  comctl32.ImageList_SetBkColor() retval=ffffffff ret=7e1a26ca
0028:Call comctl32.334(00167c28,00007fff,00169290) ret=7e1a2000
0028:Ret  comctl32.334() retval=00000000 ret=7e1a2000
0028:Call comctl32.ImageList_ReplaceIcon(00167e40,ffffffff,00001106)
ret=7e1a2066
err:imagelist:is_valid is_valid: 0x167e40, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000000 ret=7e1a2066
0028:Call comctl32.ImageList_ReplaceIcon(00168860,ffffffff,0000110e)
ret=7e1a208b
err:imagelist:is_valid is_valid: 0x168860, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000000 ret=7e1a208b
0028:Call comctl32.334(00167c28,00007fff,001692f8) ret=7e1a2000
0028:Ret  comctl32.334() retval=00000001 ret=7e1a2000
0028:Call comctl32.ImageList_ReplaceIcon(00167e40,ffffffff,00001106)
ret=7e1a2066
err:imagelist:is_valid is_valid: 0x167e40, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000001 ret=7e1a2066
0028:Call comctl32.ImageList_ReplaceIcon(00168860,ffffffff,0000110e)
ret=7e1a208b
err:imagelist:is_valid is_valid: 0x168860, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000001 ret=7e1a208b
err:imm:ImmAssociateContextEx Unknown dwFlags 0x0
0028:Call
comctl32.ImageList_Create(00000012,00000012,00000020,00000002,00000002)
ret=018b74b5
0028:Ret  comctl32.ImageList_Create() retval=00178f90 ret=018b74b5
0028:Call comctl32.ImageList_ReplaceIcon(00178f90,ffffffff,0000114e)
ret=018b7529
err:imagelist:is_valid is_valid: 0x178f90, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000000 ret=018b7529
0028:Call comctl32.ImageList_ReplaceIcon(00178f90,ffffffff,0000114e)
ret=018b7548
err:imagelist:is_valid is_valid: 0x178f90, magic 53414d58
0028:Ret  comctl32.ImageList_ReplaceIcon() retval=00000001 ret=018b7548
err:imagelist:is_valid is_valid: 0x178f90, magic 53414d58
err:imm:ImmAssociateContextEx Unknown dwFlags 0x0
0028:Call comctl32.ImageList_Destroy(00178f90) ret=018b843b
err:imagelist:is_valid is_valid: 0x178f90, magic 53414d58
0028:Ret  comctl32.ImageList_Destroy() retval=00000001 ret=018b843b
err:imagelist:is_valid is_valid: (nil), magic ffffffff
err:imagelist:is_valid is_valid: 0x178f90, magic aaaaaaaa   <---- bammo!
err:imagelist:is_valid is_valid: (nil), magic ffffffff
0028:Call KERNEL32.ExitProcess(00000000) ret=009fefda

I don't think LVS_SHAREIMAGELISTS is used?  You can see the code at

http://src.chromium.org/viewvc/chrome/trunk/src/views/controls/table/table_view.cc
http://src.chromium.org/viewvc/chrome/trunk/src/views/controls/table/table_view_unittest.cc

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list