Bug in the heap management code?

Mike Hearn mike at theoretic.com
Thu Sep 18 07:43:23 CDT 2003 

This is very much like a problem I am having with InstallShield.
Something, somewhere, is trashing the heap data structures, which causes
a crash some time later, often yards away from the original bug. As far
as I know, there is no good way to spot this problem, it's just C/C++
sucking.... maybe valgrind might help?

On Wed, 2003-09-17 at 18:00, Michael Günnewig wrote:
> Hallo.
> 
> When I try to play "The Elder Scroll III: Tribunal" version 1.4.1313
> german under wine I get a page fault after some time. The time span
> differs and so the calling point of the heap management but it always
> occurs in HEAP_CreateFreeBlock in line 415.
> 
> Generating of a full "-debugmsg +heap" log is nearly impossible
> because it takes too long to start the game and start playing
> (after > 200 min. it still wasn't finished with initializing). 
> 
> ,-----
> | err:ntdll:RtlpWaitForCriticalSection section 0x4046001c "?" wait timed out in thread 0010, blocked by 000c, retrying (60 sec)
> | err:ntdll:RtlpWaitForCriticalSection section 0x7d63d8 "?" wait timed out in thread 0009, blocked by 000c, retrying (60 sec)
> | Unhandled exception: page fault on write access to 0x53acae7c in 32-bit code (0x400826d1).
> | In 32-bit mode.
> | 0x400826d1 (HEAP_CreateFreeBlock+0x11 [heap.c:415] in libntdll.dll.so): movl   $0x45455246,0x4(%esi)
> | 419         pEnd = (char *)ptr + size;
> | Wine-dbg>bt
> | Backtrace:
> | =>0 0x400826d1 (HEAP_CreateFreeBlock+0x11(subheap=0x539a0000, ptr=0x53acae78, size=0x3f6ebd18) [heap.c:415] in libntdll.dll.so) (ebp=4c031d80)
> |   1 0x400829be (HEAP_ShrinkBlock+0x4e(subheap=0x539a0000, pArena=0x53aaae70, size=0x20000) [heap.c:521] in libntdll.dll.so) (ebp=4c031d9c)
> |   2 0x400838c7 (RtlAllocateHeap+0xa7(heap=0x40460000, flags=0xa, size=0x20000) [heap.c:1159] in libntdll.dll.so) (ebp=4c031dc8)
> |   3 0x40aac68e (IDirect3DDevice8Impl_CreateImageSurface+0x9e(iface=0x4052fca8, Width=0x100, Height=0x80, Format=0x31545844, ppSurface=0x53a81dd0) [device.c:1987] in d3d8.dll.so) (ebp=4c031dec)
> |   4 0x40aaba39 (IDirect3DDevice8Impl_CreateTexture+0x119(iface=0x4052fca8, Width=0x100, Height=0x80, Levels=0x5, Usage=0x0, Format=0x31545844, Pool=0x1, ppTexture=0x52c58170) [device.c:539] in d3d8.dll.so) (ebp=4c031e20)
> |   5 0x006b9766 (Morrowind.exe..text+0x2b8766 in Morrowind.exe) (ebp=535bb5c0)
> |   6 0x00000001 (ebp=00748e84)
> |   7 0x006cf2a0 (Morrowind.exe..text+0x2ce2a0 in Morrowind.exe) (ebp=006ce690)
> |   8 0x00000478 (ebp=e8f18b56)
> | *** Invalid address 0xe8f18b56 (MSVCP60.DLL..reloc+0x70dfab56)
> `-----
> ,-----
> | err:ntdll:RtlpWaitForCriticalSection section 0x4046001c "?" wait timed out in thread 0010, blocked by 000c, retrying (60 sec)
> | err:ntdll:RtlpWaitForCriticalSection section 0x4046001c "?" wait timed out in thread 0009, blocked by 000c, retrying (60 sec)
> | Unhandled exception: page fault on write access to 0x537c0064 in 32-bit code (0x400826d1).
> | In 32-bit mode.
> | 0x400826d1 (HEAP_CreateFreeBlock+0x11 [heap.c:415] in libntdll.dll.so): movl   $0x45455246,0x4(%esi)
> | 419         pEnd = (char *)ptr + size;
> | Wine-dbg>bt
> | Backtrace:
> | =>0 0x400826d1 (HEAP_CreateFreeBlock+0x11(subheap=0x536b0000, ptr=0x537c0060, size=0x3f6f4c38) [heap.c:415] in libntdll.dll.so) (ebp=4c032518)
> |   1 0x400829be (HEAP_ShrinkBlock+0x4e(subheap=0x536b0000, pArena=0x537bff90, size=0xc8) [heap.c:521] in libntdll.dll.so) (ebp=4c032534)
> |   2 0x400838c7 (RtlAllocateHeap+0xa7(heap=0x40460000, flags=0x2, size=0xc8) [heap.c:1159] in libntdll.dll.so) (ebp=4c032560)
> |   3 0x412befe7 (MSVCRT.DLL.??_U at YAPAXI@Z+0x27 in msvcrt.dll.so) (ebp=4c032580)
> |   4 0x00412b03 (Morrowind.exe..text+0x11b03 in Morrowind.exe) (ebp=4c03261c)
> |   5 0x00412dcb (Morrowind.exe..text+0x11dcb in Morrowind.exe) (ebp=4af5fce8)
> |   6 0x5376b8e0 (_end+0x832c1f0) (ebp=4cbe2238)
> |   7 0x444e414c (_end+0x2ebf630) (ebp=007428b0)
> |   8 0x004c8620 (Morrowind.exe..text+0xc7620 in Morrowind.exe) (ebp=004c7b90)
> |   9 0x00000018 (ebp=e8f18b56)
> | *** Invalid address 0xe8f18b56 (MSVCP60.DLL..reloc+0x70dfab56)
> `-----
> 
> 
>   Michael
> 
>

More information about the wine-devel mailing list