[Bug 11766] New: Heap corruption in crypt32 during Sandra benchmark?
http://bugs.winehq.org/show_bug.cgi?id=11766 Summary: Heap corruption in crypt32 during Sandra benchmark? Product: Wine Version: CVS/GIT Platform: Other URL: http://www.sisoftware.net/?dir=dload&location=sware_dl_a ll OS/Version: other Status: NEW Keywords: download Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com Created an attachment (id=11026) --> (http://bugs.winehq.org/attachment.cgi?id=11026) rzip'd log of WINEDEBUG=+crypt /usr/local/valgrind-svn/bin/valgrind --suppressions=$HOME/wine-git/tools/valgrind-suppressions --trace-children=yes ~/wine-git/wine sandra.exe I strolled down memory lane a bit, and revisited the Sandra benchmark today, see http://www.winehq.org/pipermail/wine-devel/2006-December/052821.html Now the win2k version gets a lot farther. To install, first do sh winetricks vcrun2005sp1 gdiplus (Without native gdiplus, the installer complains you don't have it; without vcrun2005sp1, you get a few errors like fixme:actctx:parse_assembly_elem wrong version for assembly manifest.) The installer claims to be happy, but one sees err:module:import_dll Library CRYPTUI.dll (which is needed by L"C:\\windows\\temp\\is-KH13O.tmp\\certmgr.exe") not found err:module:LdrInitializeThunk Main exe initialization for L"C:\\windows\\temp\\is-KH13O.tmp\\certmgr.exe" failed, status c0000135 Could not get handle to service. on the console. Worse, when the app starts up, you get a heap error: err:heap:HEAP_ValidateInUseArena Heap 0x7f000000: in-use arena 0x7f02e2e0 next block has PREV_FREE flag err:heap:HEAP_ValidateInUseArena Heap 0x7f000000: bad back ptr 0x1c9ba51e for arena 0x7f02e798 I suppose that could be a result of cryptui being missing, but I ran it under valgrind anyway. This turned up interesting items like ==20325== Invalid read of size 1 ==20325== at 0x46F5E49: HEAP_CreateFreeBlock (heap.c:486) ==20325== by 0x46F621D: HEAP_ShrinkBlock (heap.c:575) ==20325== by 0x46F7979: RtlAllocateHeap (heap.c:1228) ==20325== by 0x5C60B74: new_object (handle.c:441) ==20325== by 0x5C6B1CD: new_key (rsaenh.c:830) ==20325== by 0x5C6C9DB: RSAENH_CPImportKey (rsaenh.c:2464) ==20325== by 0x4B4324A: CryptImportKey (crypt.c:1767) ==20325== by 0x4F2DCDC: CRYPT_ImportRsaPublicKeyInfoEx (encode.c:3923) ==20325== by 0x4F2DA3B: CryptImportPublicKeyInfoEx (encode.c:3955) ==20325== by 0x4F183FA: CRYPT_VerifyCertSignatureFromPublicKeyInfo (cert.c:1641) ==20325== by 0x4F1B069: CryptVerifyCertificateSignatureEx (cert.c:1723) ==20325== by 0x4F1EDCD: CRYPT_CheckSimpleChain (chain.c:744) ==20325== Address 0x7f02ecf8 is not stack'd, malloc'd or (recently) free'd quite early in the run (well before the heap errs). I'll attach a combined valgrind +crypt log ( might be slightly out of sync ). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang(a)yahoo.com --- Comment #1 from Juan Lang <juan_lang(a)yahoo.com> 2008-08-18 18:01:46 --- I've tracked down some memory corruption errors in crypt32. I sent some patches today and will send more tomorrow. I tried to test whether these fixes affect this bug, but the app doesn't start for me. Instead I get a dialog with the error: "Access violation at address 00409942. Write of address 00400000" I'm trying version 14.24 if Sandra. Which version was this reported with? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 --- Comment #2 from Juan Lang <juan_lang(a)yahoo.com> 2008-08-20 16:05:45 --- With today's git, I get a deadlock at startup: err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1 err:ntdll:RtlpWaitForCriticalSection section 0x7bc8f764 "loader.c: loader_section" wait timed out in thread 0009, blocked by 002a, retrying (60 sec) err:ntdll:RtlpWaitForCriticalSection section 0x110048 "heap.c: main process heap section" wait timed out in thread 002a, blocked by 0009, retrying (60 sec) I don't see any heap errors though. I'm tempted to say this is "fixed," or at least that the crypt32 errors are fixed. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #3 from Juan Lang <juan_lang(a)yahoo.com> 2008-08-20 16:29:58 --- Okay, I tried it again with a clean .wine. Using version 1.1.2 (of Wine), I see some heap errors like: fixme:reg:GetNativeSystemInfo (0x33ea8c) using GetSystemInfo() err:heap:HEAP_ValidateInUseArena Heap 0x110000: in-use arena 0x16dc70 next block has PREV_FREE flag err:heap:HEAP_ValidateInUseArena Heap 0x110000: prev arena 0x16e128 invalid for in-use 0x16ed28 err:heap:HEAP_ValidateInUseArena Heap 0x110000: bad back ptr 0x5e300ff8 for arena 0x16e128 (I know the GetNativeSystemInfo fixme is not a heap error, I'm using it as a marker.) Using today's git, I don't see the heap error. The program still crashes a few times and ultimately fails to run, but the crypt32 heap errors are gone, so I'm calling this fixed. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> 2008-08-22 10:45:58 --- Closing bugs fixed in 1.1.3. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | Target Milestone|--- |1.0.1 --- Comment #5 from Juan Lang <juan_lang(a)yahoo.com> 2008-09-27 13:53:39 --- Not sure how to nominate bugs for 1.0.1: should I reopen it with the target milestone? If not, let me know the preferred method. The patches that fixed this are: http://www.winehq.org/pipermail/wine-patches/2008-August/059580.html http://www.winehq.org/pipermail/wine-patches/2008-August/059581.html http://www.winehq.org/pipermail/wine-patches/2008-August/059582.html -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #6 from Austin English <austinenglish(a)gmail.com> 2008-09-29 13:19:55 --- (In reply to comment #5)
Not sure how to nominate bugs for 1.0.1: should I reopen it with the target milestone? If not, let me know the preferred method.
No need to reopen. Leave it closed/fixed, but set the milestone. When Alexandre goes to make the stable release, he'll cherry pick those commits. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 --- Comment #7 from Austin English <austinenglish(a)gmail.com> 2008-09-29 13:20:04 --- Closing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #8 from Austin English <austinenglish(a)gmail.com> 2008-09-29 13:20:12 --- Closing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org