[Bug 35041] Multiple applications crash with heap corruption or live-lock in libX11 (EA Origin, Garmin Express Fit v2.0, 64-bit SMPlayer 0.8.6)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun May 31 11:45:55 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=35041

--- Comment #23 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

also encountered with Xfire 2.0 on Fedora 22 x64

The variant with the crash:

--- snip ---
...
*** Error in `./Xfire.exe': double free or corruption (!prev): 0x7d50b2e8 ***
======= Backtrace: =========
/lib/libc.so.6(+0x46a6d716)[0xf73de716]
/lib/libc.so.6(+0x46a7614a)[0xf73e714a]
/lib/libc.so.6(cfree+0x50)[0xf73ea930]
/lib/libX11.so.6(_XlcDestroyLocaleDataBase+0x94)[0x7d91e5e4]
/lib/libX11.so.6(+0x4137b451)[0x7d923451]
/lib/libX11.so.6(_XCloseLC+0x78)[0x7d92b2d8]
/lib/libX11.so.6(_XlcCurrentLC+0x31)[0x7d92b321]
/lib/libX11.so.6(_Xlcmbstowcs+0xfd)[0x7d923afd]
/lib/libX11.so.6(_Xmbstowcs+0x34)[0x7d923c14]
/lib/libX11.so.6(+0x413924b0)[0x7d93a4b0]
/lib/libX11.so.6(_XimLocalOpenIM+0x41c)[0x7d93880c]
/lib/libX11.so.6(_XimOpenIM+0xfd)[0x7d936bbd]
/lib/libX11.so.6(XOpenIM+0x48)[0x7d91a588]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(+0x74b7e)[0x7dac6b7e]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(+0x753d4)[0x7dac73d4]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(+0x716c0)[0x7dac36c0]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(+0x64ad7)[0x7dab6ad7]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(+0x6982e)[0x7dabb82e]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/winex11.drv.so(X11DRV_WindowPosChanging+0x5c)[0x7dabc6e2]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/user32.dll.so(+0xd2fa2)[0x7eccafa2]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/user32.dll.so(+0xc7e28)[0x7ecbfe28]
/home/focht/projects/wine/wine.repo/install/bin/../lib/wine/user32.dll.so(CreateWindowExW+0x83)[0x7ecc06ca]
[0x67121600]
--- snip ---

The variant with the live-lock:

--- snip ---
Wine-dbg>info process

 pid      threads  executable (all id:s are in hex)
>0000002d 5        'Xfire.exe'
 0000002f 4        \_ 'explorer.exe'
 0000000e 5        'services.exe'
 00000019 3        \_ 'plugplay.exe'
 00000012 4        \_ 'winedevice.exe'

Wine-dbg>info thread

process  tid      prio (all id:s are in hex)
...
0000002d (D) C:\Program Files\Xfire2\Xfire.exe
    00000039    0
    00000038    0
    00000037    0
    00000034    0
    0000002e    0 <==

Wine-dbg>bt 0x2e

Backtrace:
=>0 0x7d91a938 in libx11.so.6 (+0x4d938) (0x7cf47780)
  1 0x7d91ad3f _XlcOpenConverter+0x3e() in libx11.so.6 (0x7d9862a4)
  2 0x7d922225 in libx11.so.6 (+0x55224) (0x00000000)
  3 0x7d929569 XmbTextListToTextProperty+0x48() in libx11.so.6 (0x0033eca8)
  4 0x7dab5922 sync_window_text+0x1ef(display=0x7cf89640, win=0x3600004,
text="")
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:443] in
winex11 (0x0033eca8)
  5 0x7dab8ab8 create_whole_window+0x3ab(data=0x1443c8)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:1470] in
winex11 (0x0033f578)
  6 0x7dab98cc X11DRV_create_win_data+0x132(hwnd=0x20064, window_rect=0x33f8e0,
client_rect=0x33f8e0)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:1805] in
winex11 (0x0033f5d8)
  7 0x7daba6e2 X11DRV_WindowPosChanging+0x5b(hwnd=<couldn't compute location>,
insert_after=<couldn't compute location>, swp_flags=<couldn't compute
location>, window_rect=<couldn't compute location>, client_rect=<couldn't
compute location>, visible_rect=<couldn't compute location>, surface=<couldn't
compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:2155] in
winex11 (0x0033f648)
  8 0x7eccafa2 set_window_pos+0xa8(hwnd=0x20064, insert_after=(nil),
swp_flags=0x14, window_rect=0x33f8e0, client_rect=0x33f8e0, valid_rects=(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winpos.c:2062] in user32
(0x0033f768)
  9 0x7ecbfe28 WIN_CreateWindowEx+0xd96(cs=0x33f9b0, className="Xfire IPC
Window Class", module=0x400000, unicode=0x1)
[/home/focht/projects/wine/wine.repo/src/dlls/user32/win.c:1580] in user32
(0x0033f998)
  10 0x7ecc06ca CreateWindowExW+0x7d(exStyle=0, className="Xfire IPC Window
Class", windowName="XFire DLL IPC Window", style=0x80000, x=0, y=0, width=0x5,
height=0x5, parent=(nil), menu=(nil), instance=0x400000, data=0x0(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/user32/win.c:1750] in user32
(0x0033f9e8)
  11 0x0057daaf in xfire (+0x17daae) (0x0033fc64)
  12 0x0057d9e4 in xfire (+0x17d9e3) (0x0033fc78)
  13 0x00531086 in xfire (+0x131085) (0x0033fca0)
  14 0x005316dc in xfire (+0x1316db) (0x0033fccc)
  15 0x0048de2f in xfire (+0x8de2e) (0x0033fd74)
  16 0x005d348b in xfire (+0x1d348a) (0x0033fe30)
  17 0x7b86db64 call_process_entry+0xb() in kernel32 (0x0033fe48)
...

Wine-dbg>bt 0x37

Backtrace:
=>0 0x7d91a938 in libx11.so.6 (+0x4d938) (0x7cf48148)
  1 0x7d91ae18 _XlcOpenConverter+0x117() in libx11.so.6 (0x7cb0e188)
  2 0x7d921f34 _Xlcmbstoutf8+0x53() in libx11.so.6 (0x7cb10dd1)
  3 0x7d922034 _Xmbstoutf8+0x33() in libx11.so.6 (0x7ca76008)
  4 0x7d9385b8 in libx11.so.6 (+0x6b5b7) (0x7ca76008)
  5 0x7d93680c _XimLocalOpenIM+0x41b() in libx11.so.6 (0x7cb0db68)
  6 0x7d934bbd _XimOpenIM+0xfc() in libx11.so.6 (0x7cb0db68)
  7 0x7d918588 XOpenIM+0x47() in libx11.so.6 (0x00cdc5c8)
  8 0x7dac4b7e open_xim+0x3f(display=0x7cb00468)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/xim.c:343] in winex11
(0x00cdc5c8)
  9 0x7dac53d4 X11DRV_SetupXIM+0x18()
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/xim.c:462] in winex11
(0x00cdc608)
  10 0x7dac16c0 x11drv_init_thread_data+0x1e8()
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/x11drv_main.c:676] in
winex11 (0x00cdc658)
  11 0x7dab4ad7 thread_init_display+0xa()
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/x11drv.h:347] in
winex11 (0x00cdc668)
  12 0x7dab982e X11DRV_create_win_data+0x94(hwnd=0x2004c, window_rect=0xcdc9d0,
client_rect=0xcdc9d0)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:1796] in
winex11 (0x00cdc6c8)
  13 0x7daba6e2 X11DRV_WindowPosChanging+0x5b(hwnd=<couldn't compute location>,
insert_after=<couldn't compute location>, swp_flags=<couldn't compute
location>, window_rect=<couldn't compute location>, client_rect=<couldn't
compute location>, visible_rect=<couldn't compute location>, surface=<couldn't
compute location>)
[/home/focht/projects/wine/wine.repo/src/dlls/winex11.drv/window.c:2155] in
winex11 (0x00cdc738)
  14 0x7eccafa2 set_window_pos+0xa8(hwnd=0x2004c, insert_after=(nil),
swp_flags=0x14, window_rect=0xcdc9d0, client_rect=0xcdc9d0, valid_rects=(nil))
[/home/focht/projects/wine/wine.repo/src/dlls/user32/winpos.c:2062] in user32
(0x00cdc858)
  15 0x7ecbfe28 WIN_CreateWindowEx+0xd96(cs=0xcdcaa0,
className="QEventDispatcherWin32_Internal_Widget1729237776", module=0x400000,
unicode=0x1) [/home/focht/projects/wine/wine.repo/src/dlls/user32/win.c:1580]
in user32 (0x00cdca88)
  16 0x7ecc06ca CreateWindowExW+0x7d(exStyle=0,
className="QEventDispatcherWin32_Internal_Widget1729237776",
windowName="QEventDispatcherWin32_Internal_Widget1729237776", style=0, x=0,
y=0, width=0, height=0, parent=(nil), menu=(nil), instance=0x400000,
data=0x0(nil)) [/home/focht/projects/wine/wine.repo/src/dlls/user32/win.c:1750]
in user32 (0x00cdcad8)
  17 0x67121600 in qtcore4 (+0x1215ff) (0x008e64c0)
  18 0x008e64d8 (0x671ec994)
  19 0x6714b330 in qtcore4 (+0x14b32f) (0x6714b3a0)
  20 0xc0851840 (0x8b04418b)
...

Wine-dbg>bt 0x38

<same backtrace as tid 0x37>

Wine-dbg>bt 0x39

<same backtrace as tid 0x37>
...
--- snip ---

$ sha1sum xfire_setup.exe 
f980bd8c2b825c0152dbea56bedb9f2751ef6e3b  xfire_setup.exe

$ du -sh xfire_setup.exe 
16M    xfire_setup.exe

$ wine --version
wine-1.7.44

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list