[Bug 21504] New: Valgrind warnings in HEAP_ValidateInUseArena when checking adjacent blocks

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jan 26 19:04:45 CST 2010 

http://bugs.winehq.org/show_bug.cgi?id=21504

           Summary: Valgrind warnings in HEAP_ValidateInUseArena when
                    checking adjacent blocks
           Product: Wine
           Version: 1.1.37
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Keywords: source
          Severity: normal
          Priority: P2
         Component: ntdll
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com


After applying the patches for bug 21502 and 21503, the next
valgrind warning one sees with +heap,+relay is

trace:heap:RtlFreeHeap (0x7f000000,70000062,0x7f000130): returning TRUE
Invalid read of size 4 
   at HEAP_ValidateInUseArena (heap.c:1217)
   by HEAP_IsRealArena (heap.c:1330)
   by HEAP_GetPtr (heap.c:438)
   by RtlAllocateHeap (heap.c:1543)
   by RtlFormatCurrentUserKeyPath (reg.c:848)
   by RtlOpenCurrentUser (reg.c:887)
   by init_debug_lists (relay.c:192)
   ...
 Address 0x7f000144 is 12 bytes before a block of size 84 alloc'd
   at notify_alloc (heap.c:252)
   by RtlAllocateHeap (heap.c:1599)
   by alloc_module (loader.c:768)
   by load_builtin_callback (loader.c:1420)
   by wine_dll_set_callback (loader.c:535)
   by __wine_process_init (loader.c:2859)

This appears to happen after the very first call to RtlFreeHeap
on the next call to RtlAllocateHeap.  
line 1217 of heap.c is

        const ARENA_FREE *pPrev = *((const ARENA_FREE * const*)pArena - 1);
        /* Check prev pointer */

Without +relay, a similar error is seen on the second RtlAllocHeap
after the first RtlFreeHeap.

Presumably the code should grant itself access to the prev pointer
with mark_block_initialized before reading it, and revoke access
with mark_block_noaccess after reading it.  Similarly for the
"Check next arena PREV_FREE flag" section.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list