http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #2 from rankincj(a)yahoo.com 2012-09-12 18:30:13 CDT --- Definitely heap corruption: 0009:Call KERNEL32.MulDiv(01312d00,00001f40,00989680) ret=7f66cf035bdc 0009:Ret KERNEL32.MulDiv() retval=00003e80 ret=7f66cf035bdc 0009:Call KERNEL32.MulDiv(00001f40,00009c40,00989680) ret=7f66cf035c06 0009:Ret KERNEL32.MulDiv() retval=00000020 ret=7f66cf035c06 0009:Call ntdll.RtlAllocateHeap(00010000,00000000,00007d00) ret=7f66cf035ca7 0009:Ret ntdll.RtlAllocateHeap() retval=039b4cc0 ret=7f66cf035ca7 ... 0009:Call ntdll.RtlFreeHeap(00010000,00000000,039b4cc0) ret=7f66cf031e2c err:heap:HEAP_ValidateInUseArena Heap 0x10000: block 0x39b4cc0 tail overwritten at 0x39bc9c0 (byte 0/24 == 0x00) I generated this from the WoW login screen without even logging in. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #4 from rankincj(a)yahoo.com 2012-09-12 18:48:27 CDT --- (In reply to comment #3)

Please, attach the compressed warn+heap,+relay so other developers can take a look.

I've tried, but the compressed output is too big to be attached. Is there an email address I can send it to instead, please? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 Jerome Leclanche <adys.wh(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adys.wh(a)gmail.com --- Comment #6 from Jerome Leclanche <adys.wh(a)gmail.com> 2012-09-12 19:58:09 CDT --- Does it happen with the 32-bit client? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #8 from rankincj(a)yahoo.com 2012-09-13 17:15:34 CDT --- Created attachment 41666 --> http://bugs.winehq.org/attachment.cgi?id=41666 WINEDEBUG=warn+heap,+relay Wow.exe Confirmed, the exact same problem happens with the 32 bit Wow.exe client as well. I've had to chop the top and bottom off this log output to get it below 1 MB, but hopefully the "interesting bit" is still all there. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 Bruno Jesus <00cpxxx(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aeikum(a)codeweavers.com --- Comment #10 from Bruno Jesus <00cpxxx(a)gmail.com> 2012-09-17 16:58:15 CDT --- Andrew, can you please take a look at the previous comment? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #12 from rankincj(a)yahoo.com 2012-09-18 07:58:29 CDT --- (In reply to comment #11)

I checked through how local_buffer is used and didn't find any obvious problems with it. So it's probably a memory corruption bug, as comment 2 suggests. Could you attach another log with the channels from <http://wiki.winehq.org/Sound>?

OK, I'll do that tonight (although I'll have to trim the compressed log down to < 1 MB). For what it's worth, I've already tried hacking a few calls to RtlValidateHeap(This->local_buffer, ...) into the code. The first hint of heap corruption appeared when snd_pcm_readi() seemed to overflow This->local_buffer, except that then I checked the offsets and sizes and they all seemed to be within range. Is it possible that the original This->local_buffer is somehow freed and a smaller chunk of memory reallocated at the same address? And then snd_pm_readi() continues to write to it via a stale pointer? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #14 from rankincj(a)yahoo.com 2012-09-18 15:15:12 CDT --- (In reply to comment #13)

You could try adding TRACEs near where local_buffer is used to see if/when its value changes.

The value of This->local_buffer looks the same both before and after. But on at least one occasion, the first Heap warning looked like this: err:heap:HEAP_ValidateInUseArena Heap 0x110000: in-use arena 0x1ed328 next block 0x1f5038 has PREV_FREE flag 5e -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 Michael Stefaniuc <mstefani(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mstefani(a)redhat.com --- Comment #16 from Michael Stefaniuc <mstefani(a)redhat.com> 2012-09-26 16:31:49 CDT --- Can you please try with today's Wine wine-1.5.13-402-gcd9451c or later? I have fixed (4e06eead8f446f0167e6c92f0cc09f943122a7cd) a memory issue in DirectSoundDevice_RemoveBuffer() which is called prior to AudioClient_Release(). The code was doing a HeapReAlloc() with size 0 when removing the last secondary buffer. Valgrind didn't like it at all. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #18 from rankincj(a)yahoo.com 2012-10-25 15:13:55 CDT --- Created attachment 42254 --> http://bugs.winehq.org/attachment.cgi?id=42254 Valgrind output of WoW Fedora 17 upgraded Valgrind to 3.8.1 today, so here's the output for WoW. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #20 from rankincj(a)yahoo.com 2012-10-31 07:36:26 CDT --- Created attachment 42349 --> http://bugs.winehq.org/attachment.cgi?id=42349 Valgrind output from WoW with ALSA mmdevdrv.c patch The patch to Wine's ALSA driver does not fix the memory corruption. Valgrind output attached. (This is against Wine 1.5.16). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 Jörg Höhle <hoehle(a)users.sourceforge.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hoehle(a)users.sourceforge.ne | |t --- Comment #22 from Jörg Höhle <hoehle(a)users.sourceforge.net> 2012-11-09 10:25:24 CST ---

The timer callback patch for NTDLL does not fix the heap corruption. Not really surprising, I'm sorry. It fixes intermittent misbehaviour, whereas what you observe is systematic.

The first hint of heap corruption appeared when snd_pcm_readi() seemed to overflow This->local_buffer The capture overrun is what attracted me to this bug report. Could you please give a stab at my lockless ALSA driver attached to bug #29531, comment #10 It changes overrun behaviour, which is currently buggy, see bug #30147, comment #5 Be aware that my patch likely applies to wine-1.4

-- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #24 from rankincj(a)yahoo.com 2013-05-26 07:55:33 CDT --- (In reply to comment #23)

There's a patch in today's Wine that fixes a memory corruption bug. I don't know if it will help this crash, but it's worth a test.

commit 508b0c9c44349a5d980e0f1ee0ba4fca871bd2cb Author: Andrew Eikum <aeikum(a)codeweavers.com> Date: Thu May 16 09:24:31 2013 -0500

dsound: Don't overrun capture buffer.

Interesting - I think it might have helped, but it's too early to be sure just yet. But even more interesting is that this bug seems to be fixed now too: http://bugs.winehq.org/show_bug.cgi?id=32620 Although I'm baffled who no-one else seemed to experience the "Voice Capture" bug, if that's the case. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

http://bugs.winehq.org/show_bug.cgi?id=31684 --- Comment #26 from rankincj(a)yahoo.com 2013-05-28 17:56:17 CDT --- Is the Sound Capture code "32 bit vs 64 bit" clean? I'm seeing a crash with Wow-64.exe when the microphone is enabled, but Wow.exe seems OK. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=31684 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Abandoned? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=31684 Bruno Jesus <00cpxxx(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #29 from Bruno Jesus <00cpxxx(a)gmail.com> --- (In reply to Chris Rankin from comment #28)

This bug does appear to be fixed now, although I cannot pinpoint the specific commit that fixed it. Warcraft's "Voice Chat" is working now too - which may or may not be related.

Resolving fixed, thanks for testing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=31684 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|Abandoned? | CC| |focht(a)gmx.net -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.