[Bug 19555] New: Crash in mountmgr early during Jumpstart 1st Grade Classic install; use-after-free bug

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=19555

           Summary: Crash in mountmgr early during Jumpstart 1st Grade
                    Classic install; use-after-free bug
           Product: Wine
           Version: 1.1.23
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: Installer
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com


Just updated to git, tried installing Jumpstart 1st Grade classic.
Crashed as follows:

=>0 0x7eb29ace add_dos_device+0x1de(letter=-1,
udi="/org/freedesktop/Hal/devices/volume_label_1stGrade________",
device="/dev/sr0", mount_point="/media/cdrom0", type=DEVICE_CDROM, guid=(nil))
[dlls/mountmgr.sys/device.c:753] in mountmgr.sys (0x0074e878)
  1 0x7eb2ad68 new_device+0x408(ctx=0x7d54ce58,
udi="/org/freedesktop/Hal/devices/volume_label_1stGrade________")
[dlls/mountmgr.sys/hal.c:175] in mountmgr.sys (0x0074e968)
  2 0x7eb2afc8 hal_thread+0x1a8(arg=(nil)) [dlls/mountmgr.sys/hal.c:249] in
mountmgr.sys (0x0074ea88)

After rooting around a while, it seems this is a
use-after-free bug; when add_dos_device() calls
delete_dos_device(drive), it should also set volume to NULL,
since deleting that drive also frees the volume.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.