msi trouble; crashes on patchwatcher, valgrind warnings

Dan Kegel dank at kegel.com
Tue Oct 7 08:06:00 CDT 2008 

Lately I've been seeing a failure of
../../../tools/runtest -q -P wine -M msi.dll -T ../../.. -p
msi_test.exe.so db.c
on patchwatcher on lots of runs.
e.g. http://kegel.com/wine/patchwatcher/results/2598.log

It kind of looks like a memory corruption:

wine: Unhandled page fault on read access to 0x00000018 at address
0x60432d58 (thread 0016), starting debugger...
Backtrace:
=>1 0x60432d58 CompareStringW+0xe8(lcid=1033, style=0, str1=0x12e0f8,
len1=10, str2=0x18, len2=0) [include/wine/unicode.h:212] in kernel32
(0x0032f048)
  2 0x60432eb5 lstrcmpW+0x75(str1=?, str2=0x18)
[dlls/kernel32/locale.c:2830] in kernel32 (0x0032f078)
  3 0x606b47bf find_cached_table+0x3f(db=?, name=0x12e0f8)
[dlls/msi/table.c:571] in msi (0x0032f098)
  4 0x606b8821 get_table+0x21(db=0x12b200, name=?, table_ret=0x12da80)
[dlls/msi/table.c:770] in msi (0x0032f108)
  6 0x606b8e9b TABLE_CreateView+0xdb(db=0x12b200, name=?,
view=0x32f9a8) [dlls/msi/table.c:2143] in msi (0x0032f148)
  6 0x606bfebc sql_parse+0x6bc(info=0x32f9f8) [dlls/msi/sql.y:481] in
msi (0x0032f9c8)
  7 0x606c08da MSI_ParseSQL+0x4a(db=0x12b200, command=0x12e7e8,
phview=0x12e330, mem=0x12e33c) [dlls/msi/sql.y:915] in msi
(0x0032fa18)
  8 0x60699b3d MSI_DatabaseOpenViewW+0x9d(db=0x12b200,
szQuery=0x12e7e8, pView=0x32fa78) [dlls/msi/msiquery.c:135] in msi
(0x0032fa48)
  9 0x60699cf3 MsiDatabaseOpenViewW+0x133(hdb=1, szQuery=?,
phView=0x32faec) [dlls/msi/msiquery.c:277] in msi (0x0032fa88)
  10 0x6069b07a MsiDatabaseOpenViewA+0xda(hdb=1, szQuery="SELECT *
FROM `IDontExist`", phView=0x32faec) [dlls/msi/msiquery.c:105] in msi
(0x0032fac8)
  11 0x6052f5bf do_query+0x2f(hdb=?, query=?, phrec=?)
[dlls/msi/tests/db.c:148] in msi_test (0x0032faf8)
  12 0x6052f94a test_droptable+0x31a() [dlls/msi/tests/db.c:6371] in
msi_test (0x0032fb38)
  13 0x6054bb1a func_db+0x459a() [dlls/msi/tests/db.c:6444] in
msi_test (0x0032fdd8)
  14 0x605f07ca run_test+0x14a(name="db.c")
[dlls/msi/tests/../../../include/wine/test.h:454] in msi_test
(0x0032fe18)
  15 0x605f1029 main+0x149(argc=?, argv=0x1103c0)
[dlls/msi/tests/../../../include/wine/test.h:503] in msi_test
(0x0032fed8)
  16 0x605f118b __wine_spec_exe_entry+0x5b(peb=0x7ffdf000)
[dlls/winecrt0/exe_entry.c:36] in msi_test (0x0032ff08)
  17 0x60449b37 start_process+0xc7(arg=(nil))
[dlls/kernel32/process.c:904] in kernel32 (0x0032ffe8)
0x60432d58 CompareStringW+0xe8
[dlls/kernel32/../../include/wine/unicode.h:212] in kernel32:
cmpw	$0,0x0(%eax)
212	    while (*s) s++;

The problem isn't particularly repeatable by hand,
so I ran that test under valgrind.  It seems to have a few warnings,
and sure enough, they seem to be in the same function (test_droptable):

 Invalid read of size 4
    at 0x4ABF0AE: msi_table_get_row_size (table.c:492)
    by 0x4AC1609: msi_update_table_columns (table.c:1037)
    by 0x4AC3515: TABLE_remove_column (table.c:1813)
    by 0x4AC3592: TABLE_drop (table.c:2064)
    by 0x4A8913E: DROP_execute (drop.c:60)
    by 0x4AA1F0D: MSI_ViewExecute (msiquery.c:456)
    by 0x4AA2423: MsiViewExecute (msiquery.c:482)
    by 0x49388A5: test_droptable (db.c:6359)
    by 0x4954B19: func_db (db.c:6443)
    by 0x49F97C9: run_test (test.h:452)
    by 0x49FA028: main (test.h:502)
  Address 0x7f01ccc0 is not stack'd, malloc'd or (recently) free'd

 Invalid read of size 4
    at 0x4ABF0B4: msi_table_get_row_size (table.c:127)
    by 0x4AC1609: msi_update_table_columns (table.c:1037)
    by 0x4AC3515: TABLE_remove_column (table.c:1813)
    by 0x4AC3592: TABLE_drop (table.c:2064)
    by 0x4A8913E: DROP_execute (drop.c:60)
    by 0x4AA1F0D: MSI_ViewExecute (msiquery.c:456)
    by 0x4AA2423: MsiViewExecute (msiquery.c:482)
    by 0x49388A5: test_droptable (db.c:6359)
    by 0x4954B19: func_db (db.c:6443)
    by 0x49F97C9: run_test (test.h:452)
    by 0x49FA028: main (test.h:502)
  Address 0x7f01ccbc is not stack'd, malloc'd or (recently) free'd

 Invalid read of size 4
    at 0x4AC1614: msi_update_table_columns (table.c:1038)
    by 0x4AC3515: TABLE_remove_column (table.c:1813)
    by 0x4AC3592: TABLE_drop (table.c:2064)
    by 0x4A8913E: DROP_execute (drop.c:60)
    by 0x4AA1F0D: MSI_ViewExecute (msiquery.c:456)
    by 0x4AA2423: MsiViewExecute (msiquery.c:482)
    by 0x49388A5: test_droptable (db.c:6359)
    by 0x4954B19: func_db (db.c:6443)
    by 0x49F97C9: run_test (test.h:452)
    by 0x49FA028: main (test.h:502)
  Address 0x7f01ccc0 is not stack'd, malloc'd or (recently) free'd

 Invalid free() / delete / delete[]
    at 0x471C5CF: RtlFreeHeap (heap.c:1315)
    by 0x4ABEEC2: msi_free_colinfo (msipriv.h:1074)
    by 0x4ABEFED: free_table (table.c:481)
    by 0x4AC36A9: TABLE_drop (table.c:2089)
    by 0x4A8913E: DROP_execute (drop.c:60)
    by 0x4AA1F0D: MSI_ViewExecute (msiquery.c:456)
    by 0x4AA2423: MsiViewExecute (msiquery.c:482)
    by 0x49388A5: test_droptable (db.c:6359)
    by 0x4954B19: func_db (db.c:6443)
    by 0x49F97C9: run_test (test.h:452)
    by 0x49FA028: main (test.h:502)
  Address 0x4d434923 is not stack'd, malloc'd or (recently) free'd

 Invalid read of size 4
    at 0x4A8E415: msiobj_release (handle.c:247)
    by 0x4AC3613: TABLE_drop (table.c:2093)
    by 0x4A8913E: DROP_execute (drop.c:60)
    by 0x4AA1F0D: MSI_ViewExecute (msiquery.c:456)
    by 0x4AA2423: MsiViewExecute (msiquery.c:482)
    by 0x49388A5: test_droptable (db.c:6359)
    by 0x4954B19: func_db (db.c:6443)
    by 0x49F97C9: run_test (test.h:452)
    by 0x49FA028: main (test.h:502)
  Address 0x7f01ccb0 is not stack'd, malloc'd or (recently) free'd

Could you have a look?  (BTW this is valgrind from svn.  valgrind-3.3.0
didn't give me stack dumps for some reason.)
- Dan

More information about the wine-devel mailing list