new valgrind errors in riched20

Dylan Smith dylan.ah.smith at gmail.com
Sat Jun 28 01:53:23 CDT 2008 

The error was a memory access of a freed object.  In ME_AddUndoItem I
checked the top of the undo stack to end a coalescing undo transaction,
assuming that this should be either a valid undo item, or NULL, instead
it was already freed.

The undo item being added was actually being added to the redo stack by
ME_Undo, and before this was done the top of the undo stack was
destroyed by not set to NULL, thus causing the valgrind error.

I fixed this in two places. First of all I moved my code to
conditionally turn a coalescing end transaction into an actual end
transaction, since it doesn't need to be done when adding to the redo
stack.  Second of all, I made sure the undo and redo stack are in
valid states for ME_Undo and ME_Redo before calling ME_AddUndoItem or
ME_PlayItem since I could see someone else making the same assumption.
This should fix the error and make it harder for a regression to occur.

Could you verify that Valgrind tests pass with the patch I attached.

I'll try to get started on using Valgrind, but for now I don't have it set
up.

On Fri, Jun 27, 2008 at 11:08 PM, Dan Kegel <dank at kegel.com> wrote:

> Seem to be four or so new valgrind warnings in riched20 today,
> probably due to Dylan's changes (though my cat may have been
> sufing to friskies.com and affected the results, who knows):
> http://kegel.com/wine/valgrind/logs-2008-06-27/vg-riched20_editor-diff.txt
>
> + Invalid read of size 4
> +    at  ME_AddUndoItem (undo.c:59)
> +    by  ME_SetParaFormat (para.c:362)
> +    by  ME_PlayUndoItem (undo.c:288)
> +    by  ME_Undo (undo.c:360)
> +    by  RichEditWndProc_common (editor.c:2067)
> +    by  RichEditWndProcA (editor.c:3386)
> +    by  ??? (library.h:163)
> +    by  call_window_proc (winproc.c:457)
> +    by  WINPROC_call_window (winproc.c:2207)
> +    by  call_window_proc (message.c:1639)
> +    by  send_message (message.c:2463)
> +    by  SendMessageA (message.c:2608)
> +    by  test_EM_SETUNDOLIMIT (editor.c:2238)
> +    by  func_editor (editor.c:4581)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
>
> ...
>
> + Conditional jump or move depends on uninitialised value(s)
> +    at  test_EM_AUTOURLDETECT (editor.c:1719)
> +    by  func_editor (editor.c:4600)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
> +  Uninitialised value was created by a client request
> +    at  mark_block_uninitialized (heap.c:164)
> +    by  RtlAllocateHeap (heap.c:1239)
> +    by  heap_alloc (editor.h:28)
> +    by  RichEditWndProc_common (editor.c:2573)
> +    by  RichEditWndProcA (editor.c:3386)
> +    by  ??? (library.h:163)
> +    by  call_window_proc (winproc.c:457)
> +    by  WINPROC_call_window (winproc.c:2207)
> +    by  call_window_proc (message.c:1639)
> +    by  send_message (message.c:2463)
> +    by  SendMessageA (message.c:2608)
> +    by  test_EM_AUTOURLDETECT (editor.c:1705)
> +    by  func_editor (editor.c:4600)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
>
> ...
>
> + Invalid write of size 4
> +    at  ME_AddUndoItem (undo.c:62)
> +    by  ME_InternalDeleteText (caret.c:322)
> +    by  ME_PlayUndoItem (undo.c:308)
> +    by  ME_Undo (undo.c:360)
> +    by  RichEditWndProc_common (editor.c:2067)
> +    by  RichEditWndProcW (editor.c:3381)
> +    by  ??? (library.h:163)
> +    by  call_window_proc (winproc.c:457)
> +    by  WINPROC_CallProcAtoW (winproc.c:1011)
> +    by  WINPROC_call_window (winproc.c:2209)
> +    by  call_window_proc (message.c:1639)
> +    by  send_message (message.c:2463)
> +    by  SendMessageA (message.c:2608)
> +    by  test_undo_coalescing (editor.c:4398)
> +    by  func_editor (editor.c:4602)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
>
> ...
>
> + Conditional jump or move depends on uninitialised value(s)
> +    at  ME_AddUndoItem (undo.c:59)
> +    by  ME_InternalDeleteText (caret.c:322)
> +    by  ME_PlayUndoItem (undo.c:308)
> +    by  ME_Undo (undo.c:360)
> +    by  RichEditWndProc_common (editor.c:2067)
> +    by  RichEditWndProcW (editor.c:3381)
> +    by  ??? (library.h:163)
> +    by  call_window_proc (winproc.c:457)
> +    by  WINPROC_CallProcAtoW (winproc.c:1011)
> +    by  WINPROC_call_window (winproc.c:2209)
> +    by  call_window_proc (message.c:1639)
> +    by  send_message (message.c:2463)
> +    by  SendMessageA (message.c:2608)
> +    by  test_undo_coalescing (editor.c:4398)
> +    by  func_editor (editor.c:4602)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
> +  Uninitialised value was created by a client request
> +    at  mark_block_uninitialized (heap.c:164)
> +    by  RtlAllocateHeap (heap.c:1239)
> +    by  heap_alloc (editor.h:28)
> +    by  ME_MakeStringN (string.c:46)
> +    by  ME_InternalDeleteText (caret.c:326)
> +    by  ME_PlayUndoItem (undo.c:308)
> +    by  ME_Undo (undo.c:360)
> +    by  RichEditWndProc_common (editor.c:2067)
> +    by  RichEditWndProcW (editor.c:3381)
> +    by  ??? (library.h:163)
> +    by  call_window_proc (winproc.c:457)
> +    by  WINPROC_CallProcAtoW (winproc.c:1011)
> +    by  WINPROC_call_window (winproc.c:2209)
> +    by  call_window_proc (message.c:1639)
> +    by  send_message (message.c:2463)
> +    by  SendMessageA (message.c:2608)
> +    by  test_undo_coalescing (editor.c:4398)
> +    by  func_editor (editor.c:4602)
> +    by  run_test (test.h:449)
> +    by  main (test.h:498)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20080628/07fbc8f0/attachment.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-richedit-Fixed-Valgrind-error-related-to-undoing.diff.txt
Url: http://www.winehq.org/pipermail/wine-devel/attachments/20080628/07fbc8f0/attachment.txt

More information about the wine-devel mailing list