Problem with ValidateInUseArena

Diego A. Degese ddegeselists at gmail.com
Wed Aug 2 22:08:59 CDT 2006


The problem is:
    when in directx.c (Line 787, into the loop) try to Call function 
HeapAlloc in the first iteration, it crash with the error invalid in-use 
arena magic.

    I found this errors:
        stateLookup isn't allocated.  It is a dword * [].
        minLookup and maxLookup isn't initialized.

     I copy the code for more information.

--- CUT HERE ---
    /* Load all the lookup tables
    TODO: It may be a good idea to make minLookup and maxLookup const 
and populate them in wined3d_private.h where they are declared */
    minLookup[WINELOOKUP_WARPPARAM] = D3DTADDRESS_WRAP;
    maxLookup[WINELOOKUP_WARPPARAM] = D3DTADDRESS_MIRRORONCE;

    minLookup[WINELOOKUP_MAGFILTER] = WINED3DTEXF_NONE;
    maxLookup[WINELOOKUP_MAGFILTER] = WINED3DTEXF_ANISOTROPIC;

    for (i = 0; i < MAX_LOOKUPS; i++) {
// THIS IS THE LINE
        stateLookup[i] = HeapAlloc(GetProcessHeap(), 0, 
sizeof(*stateLookup[i]) * (1 + maxLookup[i] - minLookup[i]) );
// THIS IS THE LINE
    }
--- CUT HERE ---

Regards
Diego

Diego A. Degese wrote:
> Ok.... this is the complete trace....
> I try to find more information about it
>
> Diego
>
> Andreas Mohr wrote:
>> Hi,
>>
>> On Tue, Aug 01, 2006 at 05:40:24PM -0300, Diego A. Degese wrote:
>>  
>>> 0009:Call ntdll.RtlAllocateHeap(00110000,00000000,00000014) 
>>> ret=7ec142bc
>>> 0009:err:heap:HEAP_ValidateInUseArena Heap 0x110000: invalid in-use 
>>> arena magic for 0x17c228
>>> Heap: 0x110000
>>> Next: 0x3e30000  Sub-heaps: 0x110000
>>> Free lists:
>>> Block   Stat   Size    Id
>>> 0x110038 free 00000010 prev=0x17c228 next=0x110048
>>> 0x110048 free 00000020 prev=0x110038 next=0x110058
>>> 0x110058 free 00000030 prev=0x110048 next=0x110068
>>> 0x110068 free 00000040 prev=0x110058 next=0x110078
>>> 0x110078 free 00000060 prev=0x110068 next=0x110088
>>> 0x110088 free 00000080 prev=0x110078 next=0x110098
>>> 0x110098 free 00000100 prev=0x110088 next=0x1100a8
>>> 0x1100a8 free 00000200 prev=0x110098 next=0x1100b8
>>> 0x1100b8 free 00000400 prev=0x1100a8 next=0x17aa60
>>> 0x1100c8 free 00001000 prev=0x17aa60 next=0x1100d8
>>> 0x1100d8 free ffffffff prev=0x1100c8 next=0x17c228
>>>     
>>
>> This probably means that either the block directly before the 
>> 0x17c228 block
>> or the block right at 0x17c228 got corrupted (overwritten with excessive
>> length or maybe some random access to the arena flags area by a
>> rogue pointer).
>> Try to figure out via wine debug channels or additional manually 
>> inserted
>> source traces, which pointer variable the previous block gets 
>> allocated for
>> and where it's being written to (most likely incorrectly).
>> You could also figure out which address the arena magic for 0x17c228
>> resides at and do a character/hex dump of the surrounding area to 
>> find out
>> what kind of data is corrupting this area... (maybe a text string or
>> characteristic numbers?).
>>
>> Andreas
>>
>>   



More information about the wine-devel mailing list