[Bug 41230] New: Startup crash in FAR Manager v2.0 if wineconsole size is too large

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Aug 28 20:46:43 CDT 2016 

https://bugs.winehq.org/show_bug.cgi?id=41230

            Bug ID: 41230
           Summary: Startup crash in FAR Manager v2.0 if wineconsole size
                    is too large
           Product: Wine
           Version: unspecified
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: winex11.drv
          Assignee: wine-bugs at winehq.org
          Reporter: ctruta at gmail.com
      Distribution: ---

This crash occurs inconsistently, perhaps because it's caused by a race
condition. Sometimes, it prints the following trace:
*** Error in `far': double free or corruption (!prev): 0xNNNNNNNN ***

For diagnostics, use FAR Manager v2.0 (e.g. latest build 1807). Do not use the
newer version FAR v3.0, which crashes in a different place and for a different
reason.
http://www.farmanager.com/history/far2.x86.msi

I git-bisect'ed it and found it to be a regression of the following commit:

commit ea07c310ecfee6b301e7af8413760eb446e6f184
Author: Alexandre Julliard <julliard at winehq.org>
AuthorDate: 2012-09-04 13:34:15 +0200
Subject: winex11: Create the whole window at window creation time.

It only occurs under X11. On Mac, using the native Mac driver, everything runs
well.

I have found it easier to reproduce under Ubuntu 14.04 / Linux Mint 17.x than
under Ubuntu 16.04 / Linux Mint 18.x, although it does crash under the later
Linux OS, also. (Just less frequently so.)

Moreover, I have found it easier to reproduce if the wineconsole height is
larger. It works ok most of the time if the height is 40 characters, but it
crashes much more frequently if the height is, say, 60 characters.

The behavior is roughly the same at the time of regression
(wine-1.5.12-36-gea07c310ec) and as of latest version (wine-1.9.17).

I noticed two types of crashes: one that has __clone() calling itself until the
stack runs out, and the other that doesn't have any __clone() calls at all. See
the attachments.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list