Latent memory corruption bug in widl, with workaround

[Dan Kegel]

I ran into the error
   Oops, segment violation
while running make to build wine from cvs.
It failed on the command
../tools/widl/widl -I../../wine/include -I. -I../../wine/include -I../include    -h -H ocidl.h ../../wine/include/ocidl.idl

Turning on logging showed that it happened while processing an import
statement.

Running under valgrind yielded output like this:
==10699== Invalid read of size 1
==10699==    at 0x4002273E: strlen (mac_replace_strmem.c:164)
==10699==    by 0x805E0D1: pp_xstrdup (../../../wine/libs/wpp/preproc.c:108)
==10699==    by 0x805E7B2: pp_add_define (../../../wine/libs/wpp/preproc.c:231)
==10699==    by 0x805FB21: add_cmdline_defines (../../../wine/libs/wpp/wpp.c:48)
==10699==    Address 0x41233334 is 0 bytes inside a block of size 29 free'd
==10699==    at 0x40029961: free (vg_replace_malloc.c:231)
==10699==    by 0x805B9B6: yylex (../../../wine/tools/widl/parser.l:126)
==10699==    by 0x80548B3: yyparse (/usr/share/bison/bison.simple:573)
==10699==    by 0x8054295: main (../../../wine/tools/widl/widl.c:265)

Commenting out the free on line 126 of widl/parser.l solved the problem.

Uncommenting it and building again, I couldn't reproduce the
original crash, but running under valgrind revealed the problem
was still there, just hidden.

I tried tracing through why the free on line 126 of widl/parser.l was
bad, but it was too late, and I was too tired.

Can somebody else have a look?  It was quite annoying to be dead
in the water, unable to build wine...

Thanks,
Dan

-- 
Trying to get a job as a c++ developer?  See http://kegel.com/academy/getting-hired.html