[Bug 47311] New: Heap debugging (WINEDEBUG=+heap) broken since wine-4.6-132-g948fc85186

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 2 09:39:10 CDT 2019 

https://bugs.winehq.org/show_bug.cgi?id=47311

            Bug ID: 47311
           Summary: Heap debugging (WINEDEBUG=+heap) broken since
                    wine-4.6-132-g948fc85186
           Product: Wine
           Version: 4.6
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntdll
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

apparently no one does bugs with heap corruption these days ;-)

Seems that recent Wine regressed when +heap debug channel is turned on,
immediately causing abort/assert due to heap corruption.

--- snip ---
$ WINEDEBUG=+heap,+server,+relay,+seh wine notepad >>log.txt 2>&1

sock_init: shutdown() causes EOF
wineserver: starting (pid=28314)
0008: *fd* 0244 -> 21
0009: *fd* 6 <- 21
0009: init_thread( unix_pid=28311, unix_tid=28311, debug_level=1, teb=7ffd8000,
entry=7ffdf000, reply_fd=6, wait_fd=8, cpu=x86 )
0009: *fd* 8 <- 22
0009: init_thread() = 0 { pid=0008, tid=0009, server_start=1d519472be65c78
(-0.0001850), info_size=0, version=580, all_cpus=00000003, suspend=0 }
0009:trace:heap:RtlAllocateHeap (0x110000,7000006a,00000498): returning
0x1102a8
0009: *fd* 1 <- 23
0009: alloc_file_handle( access=40100000, attributes=00000002, fd=1 )
0009: alloc_file_handle() = 0 { handle=0004 }
0009: *fd* 2 <- 24
0009: alloc_file_handle( access=40100000, attributes=00000002, fd=2 )
0009: alloc_file_handle() = 0 { handle=0008 }
0009: create_keyed_event( access=c0000000, objattr={} )
0009: create_keyed_event() = 0 { handle=000c }
0009: open_key( parent=0000, access=00000001, attributes=00000040,
name=L"Machine\\System\\CurrentControlSet\\Control\\Session Manager" )
0009: open_key() = 0 { hkey=0010 }
0009: get_key_value( hkey=0010, name=L"GlobalFlag" )
0009: get_key_value() = 0 { type=4, total=4, data={00,00,00,00} }
0009: get_key_value( hkey=0010, name=L"CriticalSectionTimeout" )
0009: get_key_value() = 0 { type=4, total=4, data={00,8d,27,00} }
0009: get_key_value( hkey=0010, name=L"HeapSegmentReserve" )
0009: get_key_value() = 0 { type=4, total=4, data={00,00,00,00} }
0009: get_key_value( hkey=0010, name=L"HeapSegmentCommit" )
0009: get_key_value() = 0 { type=4, total=4, data={00,00,00,00} }
0009: get_key_value( hkey=0010, name=L"HeapDeCommitTotalFreeThreshold" )
0009: get_key_value() = 0 { type=4, total=4, data={00,00,00,00} }
0009: get_key_value( hkey=0010, name=L"HeapDeCommitFreeBlockThreshold" )
0009: get_key_value() = 0 { type=4, total=4, data={00,00,00,00} }
0009: close_handle( handle=0010 )
0009: close_handle() = 0
0009:trace:heap:RtlAllocateHeap (0x110000,70000062,00000044): returning
0x110750
0009:trace:heap:RtlAllocateHeap (0x110000,7000006a,00000068): returning
0x1107a8
0009:trace:heap:RtlAllocateHeap (0x110000,70000062,0000003c): returning
0x110820
0009:trace:heap:RtlFreeHeap (0x110000,70000062,0x110750): returning TRUE
0009: load_dll( dbg_offset=0, base=7bc10000, name=001107d0, dbg_size=0,
filename=L"C:\\windows\\system32\\ntdll.dll" )
0009: load_dll() = 0
0009: get_token_sid( handle=fffffffa, which_sid=00000001 )
0009: get_token_sid() = 0 { sid_len=28, sid={S-1-5-21-0-0-0-1000} }
0009:trace:heap:RtlAllocateHeap (0x110000,70000062,00000046): returning
0x110870
0009:trace:heap:RtlAllocateHeap (0x110000,7000006a,00000054): returning
0x1108c8
0009: create_key( access=000f003f, options=00000000,
objattr={rootdir=0000,attributes=00000040,sd={},name=L"\\Registry\\User\\S-1-5-21-0-0-0-1000"},
class=L"" )
0009: create_key() = 0 { hkey=0010, created=0 }
0009:trace:heap:RtlFreeHeap (0x110000,70000062,0x1108c8): returning TRUE
0009:trace:heap:RtlFreeHeap (0x110000,70000062,0x110870): returning TRUE
0009: open_key( parent=0010, access=000f003f, attributes=00000000,
name=L"Software\\Wine\\Debug" )
0009: open_key() = 0 { hkey=0014 }
0009: close_handle( handle=0010 )
0009: close_handle() = 0
0009: get_key_value( hkey=0014, name=L"RelayInclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"RelayExclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"SnoopInclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"SnoopExclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"RelayFromInclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"RelayFromExclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"SnoopFromInclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: get_key_value( hkey=0014, name=L"SnoopFromExclude" )
0009: get_key_value() = OBJECT_NAME_NOT_FOUND { type=-1, total=0, data={} }
0009: close_handle( handle=0014 )
0009: close_handle() = 0
0009:trace:heap:RtlAllocateHeap (0x110000,7000006a,000027c0): returning
0x110930
0009:trace:heap:RtlAllocateHeap (0x110000,70000062,00000055): returning
0x113100
0009:err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x113100 tail
overwritten at 0x113131 (byte 0/47 == 0x5f)
0009:trace:heap:HEAP_Dump Heap: 0x110000
0009:trace:heap:HEAP_Dump Next: 0x110000  Sub-heaps: 0x110014
Free lists:
 Block   Stat   Size    Id
0009:trace:heap:HEAP_Dump 0x110080 free 00000018 prev=0x113160 next=0x110090
0009:trace:heap:HEAP_Dump 0x110090 free 00000020 prev=0x110080 next=0x1100a0
...
0009:trace:heap:HEAP_Dump 0x110280 free 00001000 prev=0x110270 next=0x110290
0009:trace:heap:HEAP_Dump 0x110290 free ffffffff prev=0x110280 next=0x113160
0009:trace:heap:HEAP_Dump 

Sub-heap 0x110014: base=0x110000 size=00110000 committed=00010000
0009:trace:heap:HEAP_Dump 
 Block    Arena   Stat   Size    Id
0009:trace:heap:HEAP_Dump 0x1102a0 00455355 used 000004a0
0009:trace:heap:HEAP_Dump 0x110748 00bedead pend 00000050
0009:trace:heap:HEAP_Dump 0x1107a0 00455355 used 00000070
0009:trace:heap:HEAP_Dump 0x110818 00455355 used 00000048
0009:trace:heap:HEAP_Dump 0x110868 00bedead pend 00000050
0009:trace:heap:HEAP_Dump 0x1108c0 00bedead pend 00000060
0009:trace:heap:HEAP_Dump 0x110928 00455355 used 000027c8
0009:trace:heap:HEAP_Dump 0x1130f8 00455355 used 00000060
0009:trace:heap:HEAP_Dump 0x113160 45455246 free 0010ce90 prev=0x110290
next=0x110080
0009:trace:heap:HEAP_Dump 
Total: Size=00110000 Committed=00010000 Free=0010ce90 Used=00002e80
Arenas=000002f0 (0%)

wine: /home/focht/projects/wine/mainline-src-4.7/dlls/ntdll/heap.c:465:
HEAP_GetPtr: Assertion `FALSE' failed.
0009: *killed* exit_code=0
0008: *process killed*
wineserver: exiting (pid=28314) 
--- snip ---

Offending commit:
https://source.winehq.org/git/wine.git/commitdiff/948fc851867da01f09c84ad83df6f4eddc74fdf3
("ntdll: Add support for loading PE builtin dlls.")

$ wine --version
wine-4.6-132-g948fc85186

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list