The error was a memory access of a freed object. In ME_AddUndoItem I<br>checked the top of the undo stack to end a coalescing undo transaction,<br>assuming that this should be either a valid undo item, or NULL, instead<br>
it was already freed.<br><br>The undo item being added was actually being added to the redo stack by<br>ME_Undo, and before this was done the top of the undo stack was<br>destroyed by not set to NULL, thus causing the valgrind error.<br>
<br>I fixed this in two places. First of all I moved my code to<br>conditionally turn a coalescing end transaction into an actual end<br>transaction, since it doesn't need to be done when adding to the redo<br>stack. Second of all, I made sure the undo and redo stack are in<br>
valid states for ME_Undo and ME_Redo before calling ME_AddUndoItem or<br>ME_PlayItem since I could see someone else making the same assumption.<br>This should fix the error and make it harder for a regression to occur.<br>
<br>Could you verify that Valgrind tests pass with the patch I attached.<br><br>I'll try to get started on using Valgrind, but for now I don't have it set up.<br><br><div class="gmail_quote">On Fri, Jun 27, 2008 at 11:08 PM, Dan Kegel <<a href="mailto:dank@kegel.com">dank@kegel.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Seem to be four or so new valgrind warnings in riched20 today,<br>
probably due to Dylan's changes (though my cat may have been<br>
sufing to <a href="http://friskies.com" target="_blank">friskies.com</a> and affected the results, who knows):<br>
<a href="http://kegel.com/wine/valgrind/logs-2008-06-27/vg-riched20_editor-diff.txt" target="_blank">http://kegel.com/wine/valgrind/logs-2008-06-27/vg-riched20_editor-diff.txt</a><br>
<br>
+ Invalid read of size 4<br>
+ at ME_AddUndoItem (undo.c:59)<br>
+ by ME_SetParaFormat (para.c:362)<br>
+ by ME_PlayUndoItem (undo.c:288)<br>
+ by ME_Undo (undo.c:360)<br>
+ by RichEditWndProc_common (editor.c:2067)<br>
+ by RichEditWndProcA (editor.c:3386)<br>
+ by ??? (library.h:163)<br>
+ by call_window_proc (winproc.c:457)<br>
+ by WINPROC_call_window (winproc.c:2207)<br>
+ by call_window_proc (message.c:1639)<br>
+ by send_message (message.c:2463)<br>
+ by SendMessageA (message.c:2608)<br>
+ by test_EM_SETUNDOLIMIT (editor.c:2238)<br>
+ by func_editor (editor.c:4581)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
<br>
...<br>
<br>
+ Conditional jump or move depends on uninitialised value(s)<br>
+ at test_EM_AUTOURLDETECT (editor.c:1719)<br>
+ by func_editor (editor.c:4600)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
+ Uninitialised value was created by a client request<br>
+ at mark_block_uninitialized (heap.c:164)<br>
+ by RtlAllocateHeap (heap.c:1239)<br>
+ by heap_alloc (editor.h:28)<br>
+ by RichEditWndProc_common (editor.c:2573)<br>
+ by RichEditWndProcA (editor.c:3386)<br>
+ by ??? (library.h:163)<br>
+ by call_window_proc (winproc.c:457)<br>
+ by WINPROC_call_window (winproc.c:2207)<br>
+ by call_window_proc (message.c:1639)<br>
+ by send_message (message.c:2463)<br>
+ by SendMessageA (message.c:2608)<br>
+ by test_EM_AUTOURLDETECT (editor.c:1705)<br>
+ by func_editor (editor.c:4600)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
<br>
...<br>
<br>
+ Invalid write of size 4<br>
+ at ME_AddUndoItem (undo.c:62)<br>
+ by ME_InternalDeleteText (caret.c:322)<br>
+ by ME_PlayUndoItem (undo.c:308)<br>
+ by ME_Undo (undo.c:360)<br>
+ by RichEditWndProc_common (editor.c:2067)<br>
+ by RichEditWndProcW (editor.c:3381)<br>
+ by ??? (library.h:163)<br>
+ by call_window_proc (winproc.c:457)<br>
+ by WINPROC_CallProcAtoW (winproc.c:1011)<br>
+ by WINPROC_call_window (winproc.c:2209)<br>
+ by call_window_proc (message.c:1639)<br>
+ by send_message (message.c:2463)<br>
+ by SendMessageA (message.c:2608)<br>
+ by test_undo_coalescing (editor.c:4398)<br>
+ by func_editor (editor.c:4602)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
<br>
...<br>
<br>
+ Conditional jump or move depends on uninitialised value(s)<br>
+ at ME_AddUndoItem (undo.c:59)<br>
+ by ME_InternalDeleteText (caret.c:322)<br>
+ by ME_PlayUndoItem (undo.c:308)<br>
+ by ME_Undo (undo.c:360)<br>
+ by RichEditWndProc_common (editor.c:2067)<br>
+ by RichEditWndProcW (editor.c:3381)<br>
+ by ??? (library.h:163)<br>
+ by call_window_proc (winproc.c:457)<br>
+ by WINPROC_CallProcAtoW (winproc.c:1011)<br>
+ by WINPROC_call_window (winproc.c:2209)<br>
+ by call_window_proc (message.c:1639)<br>
+ by send_message (message.c:2463)<br>
+ by SendMessageA (message.c:2608)<br>
+ by test_undo_coalescing (editor.c:4398)<br>
+ by func_editor (editor.c:4602)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
+ Uninitialised value was created by a client request<br>
+ at mark_block_uninitialized (heap.c:164)<br>
+ by RtlAllocateHeap (heap.c:1239)<br>
+ by heap_alloc (editor.h:28)<br>
+ by ME_MakeStringN (string.c:46)<br>
+ by ME_InternalDeleteText (caret.c:326)<br>
+ by ME_PlayUndoItem (undo.c:308)<br>
+ by ME_Undo (undo.c:360)<br>
+ by RichEditWndProc_common (editor.c:2067)<br>
+ by RichEditWndProcW (editor.c:3381)<br>
+ by ??? (library.h:163)<br>
+ by call_window_proc (winproc.c:457)<br>
+ by WINPROC_CallProcAtoW (winproc.c:1011)<br>
+ by WINPROC_call_window (winproc.c:2209)<br>
+ by call_window_proc (message.c:1639)<br>
+ by send_message (message.c:2463)<br>
+ by SendMessageA (message.c:2608)<br>
+ by test_undo_coalescing (editor.c:4398)<br>
+ by func_editor (editor.c:4602)<br>
+ by run_test (test.h:449)<br>
+ by main (test.h:498)<br>
</blockquote></div><br>