[Bug 19555] New: Crash in mountmgr early during Jumpstart 1st Grade Classic install; use-after-free bug
http://bugs.winehq.org/show_bug.cgi?id=19555 Summary: Crash in mountmgr early during Jumpstart 1st Grade Classic install; use-after-free bug Product: Wine Version: 1.1.23 Platform: PC OS/Version: Linux Status: NEW Keywords: Installer Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com Just updated to git, tried installing Jumpstart 1st Grade classic. Crashed as follows: =>0 0x7eb29ace add_dos_device+0x1de(letter=-1, udi="/org/freedesktop/Hal/devices/volume_label_1stGrade________", device="/dev/sr0", mount_point="/media/cdrom0", type=DEVICE_CDROM, guid=(nil)) [dlls/mountmgr.sys/device.c:753] in mountmgr.sys (0x0074e878) 1 0x7eb2ad68 new_device+0x408(ctx=0x7d54ce58, udi="/org/freedesktop/Hal/devices/volume_label_1stGrade________") [dlls/mountmgr.sys/hal.c:175] in mountmgr.sys (0x0074e968) 2 0x7eb2afc8 hal_thread+0x1a8(arg=(nil)) [dlls/mountmgr.sys/hal.c:249] in mountmgr.sys (0x0074ea88) After rooting around a while, it seems this is a use-after-free bug; when add_dos_device() calls delete_dos_device(drive), it should also set volume to NULL, since deleting that drive also frees the volume. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 --- Comment #1 from Dan Kegel <dank(a)kegel.com> 2009-08-03 00:48:17 --- Created an attachment (id=22789) --> (http://bugs.winehq.org/attachment.cgi?id=22789) patch to print error message when we're about to crash because of this bug The code's complicated, so all I can do tonight is show where the problem is, hopefully the author can fix. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 --- Comment #2 from Austin English <austinenglish(a)gmail.com> 2009-08-03 00:54:08 --- (In reply to comment #1)
Created an attachment (id=22789) --> (http://bugs.winehq.org/attachment.cgi?id=22789) [details] patch to print error message when we're about to crash because of this bug
The code's complicated, so all I can do tonight is show where the problem is, hopefully the author can fix.
Is this a regression? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression --- Comment #3 from Dan Kegel <dank(a)kegel.com> 2009-08-03 00:56:17 --- Yes, it's a regression; 1.0.1 didn't crash. Alexandre rewrote this code on July 22nd, perhaps it regressed then. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 --- Comment #4 from Andrew Nguyen <arethusa26(a)gmail.com> 2009-08-03 00:59:19 --- Isn't this a duplicate of bug 19456? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 --- Comment #5 from Jeff Zaroyko <jeffz(a)jeffz.name> 2009-08-03 02:50:15 --- (In reply to comment #4)
Isn't this a duplicate of bug 19456?
Looks like it. Someone has also sent a patch already. http://www.winehq.org/pipermail/wine-patches/2009-July/076489.html -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 Jeff Zaroyko <jeffz(a)jeffz.name> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #6 from Jeff Zaroyko <jeffz(a)jeffz.name> 2009-08-03 02:50:43 --- marking duplicate *** This bug has been marked as a duplicate of bug 19456 *** -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19555 Jeff Zaroyko <jeffz(a)jeffz.name> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Jeff Zaroyko <jeffz(a)jeffz.name> 2009-08-03 02:52:01 --- closing dup -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org