[Bug 28769] New: shell32/shellpath tests: test_knownFolders() triggers use-after-free and invalid free in foldermanager
http://bugs.winehq.org/show_bug.cgi?id=28769 Bug #: 28769 Summary: shell32/shellpath tests: test_knownFolders() triggers use-after-free and invalid free in foldermanager Product: Wine Version: 1.3.30 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: shell32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com Classification: Unclassified Running "make shellpath.ok" in shell32/tests, Valgrind complains: Invalid read of size 1 at foldermanager_GetFolder (shellpath.c:3764) by test_knownFolders (shellpath.c:2199) by func_shellpath (shellpath.c:2517) by run_test (test.h:556) by main (test.h:624) Address 0x7f041870 is 472 bytes inside a block of size 1,024 free'd at RtlFreeHeap (heap.c:262) by add_with_alpha (imagelist.c:237) by ImageList_ReplaceIcon (imagelist.c:2508) by SIC_IconAppend (iconcache.c:284) by SIC_Initialize (iconcache.c:428) by DllMain (shell32_main.c:1200) Invalid read of size 1 at foldermanager_GetFolder (shellpath.c:3764) by test_knownFolders (shellpath.c:2233) by func_shellpath (shellpath.c:2517) by run_test (test.h:556) by main (test.h:624) Address 0x7f041870 is 472 bytes inside a block of size 1,024 free'd at RtlFreeHeap (heap.c:262) by add_with_alpha (imagelist.c:237) by ImageList_ReplaceIcon (imagelist.c:2508) by SIC_IconAppend (iconcache.c:284) by SIC_Initialize (iconcache.c:428) by DllMain (shell32_main.c:1200) Invalid free() / delete / delete[] at RtlFreeHeap (heap.c:262) by foldermanager_Release (shellpath.c:3684) by test_knownFolders (shellpath.c:2485) by func_shellpath (shellpath.c:2517) by run_test (test.h:556) by main (test.h:624) Address 0x7f041870 is 472 bytes inside a block of size 1,024 free'd at RtlFreeHeap (heap.c:262) by add_with_alpha (imagelist.c:237) by ImageList_ReplaceIcon (imagelist.c:2508) by SIC_IconAppend (iconcache.c:284) by SIC_Initialize (iconcache.c:428) by DllMain (shell32_main.c:1200) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28769 --- Comment #1 from Austin English <austinenglish(a)gmail.com> --- Invalid read of size 1 at bcmp (mc_replace_strmem.c:935) by is_knownfolder (shellpath.c:3790) by foldermanager_GetFolder (shellpath.c:3819) by test_knownFolders (shobjidl.h:16490) by func_shellpath (shellpath.c:2660) by run_test (test.h:584) by main (test.h:654) Address 0x4abbe28 is 18 bytes after a block of size 254 free'd at notify_free (heap.c:263) by RtlFreeHeap (heap.c:1762) by HeapFree (heap.c:276) by load_library (module.c:940) by LoadLibraryExW (module.c:990) by COMPOBJ_DllList_Add (compobj.c:495) by apartment_getclassobject (compobj.c:1335) by get_inproc_class_object (compobj.c:2894) by CoGetClassObject (compobj.c:3032) by CoCreateInstance (compobj.c:3197) by test_knownFolders (shellpath.c:2077) by func_shellpath (shellpath.c:2660) by run_test (test.h:584) by main (test.h:654) still present. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28769 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source, testcase, | |valgrind -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28769 Andrew Eikum <aeikum(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aeikum(a)codeweavers.com --- Comment #2 from Andrew Eikum <aeikum(a)codeweavers.com> --- I think this should be fixed by: commit e4868d563574853d40ca04adfc28db1c19ca9dbf Author: Andrew Eikum <aeikum(a)codeweavers.com> Date: Wed Apr 8 10:59:33 2015 -0500 shell32: Allocate returned array in IKnownFolderManager::GetFolderIds. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28769 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |e4868d563574853d40ca04adfc2 | |8db1c19ca9dbf Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Austin English <austinenglish(a)gmail.com> --- (In reply to Andrew Eikum from comment #2)
I think this should be fixed by:
commit e4868d563574853d40ca04adfc28db1c19ca9dbf Author: Andrew Eikum <aeikum(a)codeweavers.com> Date: Wed Apr 8 10:59:33 2015 -0500
shell32: Allocate returned array in IKnownFolderManager::GetFolderIds.
Yep, thanks. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28769 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 1.7.41. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org