Regression : tools/wineinstall fails with an X Error

Robert Shearman rob at codeweavers.com
Thu Jan 20 11:21:36 CST 2005


Paul Vriens wrote:

>On Thu, 2005-01-20 at 11:47, Paul Vriens wrote:
>  
>
>>On Wed, 2005-01-19 at 20:32, Alexandre Julliard wrote:
>>    
>>
>>>Paul Vriens <Paul.Vriens at xs4all.nl> writes:
>>>
>>>      
>>>
>>>>and part of a trace:
>>>>
>>>>0009:trace:ole:COM_ApartmentRelease destroying apartment 0x77e64460,
>>>>oxid 800000009
>>>>        
>>>>
>>>Looks like some sort of heap corruption, the apartment pointer is
>>>suspiciously similar to the bad contents of the x11drv window
>>>structure.
>>>
>>>      
>>>
>>>>If you want a better trace, let me know.
>>>>        
>>>>
>>>Yes I'd be interested to see the whole trace.
>>>      
>>>
>>All seems to point to patch http://cvs.winehq.org/patch.py?id=15392
>>
>>I'm not a 100% convinced as I have some trouble with the regression
>>testing. I started with a clean installed Wine upto this patch and I get
>>the XError. If I go one patch back I don't see the problem.
>>
>>Paul.
>>    
>>
>Ok, I'm convinced that the mentioned patch gives the X Error. But while
>I was investigating the following happened:
>
>I ran "wine rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall
>128 wine.inf" from within the tools directory. This gives the X Error.
>
>I did this several times after each other with the same result.
>
>I than ran "WINEDEBUG=+ole wine rundll32.exe
>setupapi.dll,InstallHinfSection DefaultInstall 128 wine.inf" and the
>error is gone !?!?
>
>The registry is now filled with all the default data.
>
>Any ideas how to proceed ? Is there a timing issue ?
>  
>

If it's heap corruption then it could well depend on the order of 
allocations, so it could be timing dependent.
I've attached a patch that poisons the apartment structure after when it 
is freed so that hopefully any use-after-free will become more obvious. 
Could you apply it and see what the results are? Does the X Error stop? 
Do we now get warnings about accessing a handle of 0xcccccccc (run with 
warn+all for this)?

Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compobj_debug.diff
Type: text/x-patch
Size: 643 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20050120/8df3acec/compobj_debug.bin


More information about the wine-devel mailing list