[Bug 38685] New: valgrind shows an invalid read in d3d9/tests/d3d9ex.c

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Jun 4 00:30:49 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=38685

            Bug ID: 38685
           Summary: valgrind shows an invalid read in d3d9/tests/d3d9ex.c
           Product: Wine
           Version: 1.7.44
          Hardware: x86
                OS: Linux
            Status: NEW
          Keywords: download, source, testcase, valgrind
          Severity: normal
          Priority: P2
         Component: directx-d3d
          Assignee: wine-bugs at winehq.org
          Reporter: austinenglish at gmail.com
      Distribution: ---

../../../tools/runtest -q -P wine -T ../../.. -M d3d9.dll -p d3d9_test.exe.so
d3d9ex && touch d3d9ex.ok
==28064== Invalid read of size 2
==28064==    at 0x4F67EB5: check_gamma_ramps (dc.c:1335)
==28064==    by 0x4F6831B: SetDeviceGammaRamp (dc.c:1405)
==28064==    by 0x4ABEE02: wined3d_swapchain_set_gamma_ramp (swapchain.c:255)
==28064==    by 0x4ABE091: swapchain_cleanup (swapchain.c:37)
==28064==    by 0x4ABE4DB: wined3d_swapchain_decref (swapchain.c:108)
==28064==    by 0x4A17BB7: wined3d_device_uninit_3d (device.c:1135)
==28064==    by 0x499A3F0: d3d9_device_Release (device.c:307)
==28064==    by 0x47A167F: test_user_memory_getdc (d3d9ex.c:1398)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==  Address 0x4720000 is 392 bytes inside a block of size 1,712 alloc'd
==28064==    at 0x7BC4A9F1: notify_alloc (heap.c:254)
==28064==    by 0x7BC4EC94: RtlAllocateHeap (heap.c:1715)
==28064==    by 0x4AC1763: wined3d_swapchain_create (swapchain.c:1064)
==28064==    by 0x49AA370: swapchain_init (swapchain.c:337)
==28064==    by 0x49AA44D: d3d9_swapchain_create (swapchain.c:362)
==28064==    by 0x49A3DA1: device_parent_create_swapchain (device.c:3578)
==28064==    by 0x4A17107: wined3d_device_init_3d (device.c:911)
==28064==    by 0x49A41D0: device_init (device.c:3696)
==28064==    by 0x49A609F: d3d9_CreateDeviceEx (directx.c:573)
==28064==    by 0x479AE2A: create_device (d3d9ex.c:183)
==28064==    by 0x47A13F5: test_user_memory_getdc (d3d9ex.c:1373)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==

==28064== Invalid read of size 2
==28064==    at 0x4F67ECB: check_gamma_ramps (dc.c:1335)
==28064==    by 0x4F6831B: SetDeviceGammaRamp (dc.c:1405)
==28064==    by 0x4ABEE02: wined3d_swapchain_set_gamma_ramp (swapchain.c:255)
==28064==    by 0x4ABE091: swapchain_cleanup (swapchain.c:37)
==28064==    by 0x4ABE4DB: wined3d_swapchain_decref (swapchain.c:108)
==28064==    by 0x4A17BB7: wined3d_device_uninit_3d (device.c:1135)
==28064==    by 0x499A3F0: d3d9_device_Release (device.c:307)
==28064==    by 0x47A167F: test_user_memory_getdc (d3d9ex.c:1398)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==  Address 0x4720000 is 392 bytes inside a block of size 1,712 alloc'd
==28064==    at 0x7BC4A9F1: notify_alloc (heap.c:254)
==28064==    by 0x7BC4EC94: RtlAllocateHeap (heap.c:1715)
==28064==    by 0x4AC1763: wined3d_swapchain_create (swapchain.c:1064)
==28064==    by 0x49AA370: swapchain_init (swapchain.c:337)
==28064==    by 0x49AA44D: d3d9_swapchain_create (swapchain.c:362)
==28064==    by 0x49A3DA1: device_parent_create_swapchain (device.c:3578)
==28064==    by 0x4A17107: wined3d_device_init_3d (device.c:911)
==28064==    by 0x49A41D0: device_init (device.c:3696)
==28064==    by 0x49A609F: d3d9_CreateDeviceEx (directx.c:573)
==28064==    by 0x479AE2A: create_device (d3d9ex.c:183)
==28064==    by 0x47A13F5: test_user_memory_getdc (d3d9ex.c:1373)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==

==28064== Invalid read of size 2
==28064==    at 0x4F67F45: check_gamma_ramps (dc.c:1340)
==28064==    by 0x4F6831B: SetDeviceGammaRamp (dc.c:1405)
==28064==    by 0x4ABEE02: wined3d_swapchain_set_gamma_ramp (swapchain.c:255)
==28064==    by 0x4ABE091: swapchain_cleanup (swapchain.c:37)
==28064==    by 0x4ABE4DB: wined3d_swapchain_decref (swapchain.c:108)
==28064==    by 0x4A17BB7: wined3d_device_uninit_3d (device.c:1135)
==28064==    by 0x499A3F0: d3d9_device_Release (device.c:307)
==28064==    by 0x47A167F: test_user_memory_getdc (d3d9ex.c:1398)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==  Address 0x4720000 is 392 bytes inside a block of size 1,712 alloc'd
==28064==    at 0x7BC4A9F1: notify_alloc (heap.c:254)
==28064==    by 0x7BC4EC94: RtlAllocateHeap (heap.c:1715)
==28064==    by 0x4AC1763: wined3d_swapchain_create (swapchain.c:1064)
==28064==    by 0x49AA370: swapchain_init (swapchain.c:337)
==28064==    by 0x49AA44D: d3d9_swapchain_create (swapchain.c:362)
==28064==    by 0x49A3DA1: device_parent_create_swapchain (device.c:3578)
==28064==    by 0x4A17107: wined3d_device_init_3d (device.c:911)
==28064==    by 0x49A41D0: device_init (device.c:3696)
==28064==    by 0x49A609F: d3d9_CreateDeviceEx (directx.c:573)
==28064==    by 0x479AE2A: create_device (d3d9ex.c:183)
==28064==    by 0x47A13F5: test_user_memory_getdc (d3d9ex.c:1373)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)
==28064==

Potentially causing a valgrind crash:
Memcheck: mc_main.c:1000 (get_sec_vbits8): Assertion 'n' failed.
Memcheck: get_sec_vbits8: no node for address 0x4720000 (0x472000D)


host stacktrace:
==28064==    at 0x38030875: show_sched_status_wrk (m_libcassert.c:341)
==28064==    by 0x38030981: report_and_quit (m_libcassert.c:413)
==28064==    by 0x38030A63: vgPlain_assert_fail (m_libcassert.c:479)
==28064==    by 0x3800AF24: get_sec_vbits8 (mc_main.c:1000)
==28064==    by 0x3800B2FE: get_vbits8 (mc_main.c:812)
==28064==    by 0x3800B2FE: mc_LOADVn_slow (mc_main.c:1368)
==28064==    by 0x3800D9FF: mc_LOADV16 (mc_main.c:4601)
==28064==    by 0x3800D9FF: vgMemCheck_helperc_LOADV16le (mc_main.c:4634)
==28064==    by 0xBB643E1: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 28064)
==28064==    at 0x4F67EB5: check_gamma_ramps (dc.c:1335)
==28064==    by 0x4F6831B: SetDeviceGammaRamp (dc.c:1405)
==28064==    by 0x4ABEE02: wined3d_swapchain_set_gamma_ramp (swapchain.c:255)
==28064==    by 0x4ABE091: swapchain_cleanup (swapchain.c:37)
==28064==    by 0x4ABE4DB: wined3d_swapchain_decref (swapchain.c:108)
==28064==    by 0x4A17BB7: wined3d_device_uninit_3d (device.c:1135)
==28064==    by 0x499A3F0: d3d9_device_Release (device.c:307)
==28064==    by 0x47A167F: test_user_memory_getdc (d3d9ex.c:1398)
==28064==    by 0x47A7338: func_d3d9ex (d3d9ex.c:2927)
==28064==    by 0x4833E19: run_test (test.h:584)
==28064==    by 0x4834261: main (test.h:666)

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list