[Bug 28766] New: DIB engine multiple invalid memory accesses
http://bugs.winehq.org/show_bug.cgi?id=28766 Bug #: 28766 Summary: DIB engine multiple invalid memory accesses Product: Wine Version: 1.3.30 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: gdi32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com Classification: Unclassified In gdi32/tests, running "make bitmap.ok dib.ok font.ok pen.ok" makes Valgrind go bonkers. Huw asked for a bug to track these, and said one big bug would suffice. I'll attach the initial log, and will do more valgrind runs on request. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=28766 --- Comment #1 from Dan Kegel <dank(a)kegel.com> 2011-10-17 09:48:29 CDT --- Created attachment 36948 --> http://bugs.winehq.org/attachment.cgi?id=36948 Valgrind log of bitmap.ok, dib.ok, pen.ok -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=28766 --- Comment #2 from Bruno Jesus <00cpxxx(a)gmail.com> --- Is this still an issue in the latest development version of wine? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 --- Comment #3 from Austin English <austinenglish(a)gmail.com> --- (In reply to Bruno Jesus from comment #2)
Is this still an issue in the latest development version of wine?
Definitely. ==10523== Conditional jump or move depends on uninitialised value(s) ==10523== at 0x530FA72: GetDIBits (dib.c:1248) ==10523== by 0x496AFE6: test_dibsections (bitmap.c:542) ==10523== by 0x4990928: func_bitmap (bitmap.c:5629) ==10523== by 0x49EBCE4: run_test (test.h:584) ==10523== by 0x49EC0D3: main (test.h:654) ==10523== Uninitialised value was created by a stack allocation ==10523== at 0x496A45A: test_dibsections (bitmap.c:415) ==10523== ==10523== Source and destination overlap in memcpy(0x5aa0000, 0x5aa0000, 16) ==10523== at 0x400ACD3: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==10523== by 0x532C6FD: convert_to_8 (primitives.c:3264) ==10523== by 0x5314F32: convert_bitmapinfo (dc.c:227) ==10523== by 0x5310131: GetDIBits (dib.c:1395) ==10523== by 0x496D3B4: test_dibsections (bitmap.c:841) ==10523== by 0x4990928: func_bitmap (bitmap.c:5629) ==10523== by 0x49EBCE4: run_test (test.h:584) ==10523== by 0x49EC0D3: main (test.h:654) ==10523== wine-1.7.17-92-ge2bf516 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 --- Comment #4 from Austin English <austinenglish(a)gmail.com> --- Another one: ==30078== Invalid read of size 4 ==30078== at 0x53EF595: CreatePolyPolygonRgn (region.c:2672) ==30078== by 0x53E79DA: PATH_PathToRegion (path.c:412) ==30078== by 0x53E7A69: PATH_FillPath (path.c:677) ==30078== by 0x53E98CB: nulldrv_FillPath (path.c:2149) ==30078== by 0x53E91B2: FillPath (path.c:746) ==30078== by 0x4DB0765: test_path_state (path.c:230) ==30078== by 0x4DB0FB8: func_path (path.c:740) ==30078== by 0x4D57467: main (test.h:584) ==30078== Address 0x4823a08 is 16 bytes after a block of size 16 alloc'd ==30078== at 0x7BC4D7D7: RtlAllocateHeap (heap.c:233) ==30078== by 0x53E770B: alloc_gdi_path (path.c:122) ==30078== by 0x53E7784: PATH_FlattenPath (path.c:339) ==30078== by 0x53E790B: PATH_PathToRegion (path.c:377) ==30078== by 0x53E7A69: PATH_FillPath (path.c:677) ==30078== by 0x53E98CB: nulldrv_FillPath (path.c:2149) ==30078== by 0x53E91B2: FillPath (path.c:746) ==30078== by 0x4DB0765: test_path_state (path.c:230) ==30078== by 0x4DB0FB8: func_path (path.c:740) ==30078== by 0x4D57467: main (test.h:584) ==30078== { -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source, testcase, | |valgrind -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |huw(a)codeweavers.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 marc.bessieres(a)gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marc.bessieres(a)gmail.com --- Comment #5 from marc.bessieres(a)gmail.com --- Hello, For the reported: ==10523== Conditional jump or move depends on uninitialised value(s) ==10523== at 0x530FA72: GetDIBits (dib.c:1248) ==10523== by 0x496AFE6: test_dibsections (bitmap.c:542) ==10523== by 0x4990928: func_bitmap (bitmap.c:5629) ==10523== by 0x49EBCE4: run_test (test.h:584) ==10523== by 0x49EC0D3: main (test.h:654) ==10523== Uninitialised value was created by a stack allocation ==10523== at 0x496A45A: test_dibsections (bitmap.c:415) I've just sent the patch: http://source.winehq.org/patches/data/108226 Cheers; Marc PS: the line in GetDIBits has changed, it is now: ==32731== Conditional jump or move depends on uninitialised value(s) ==32731== at 0x55D1E5E: GetDIBits (dib.c:1256) ==32731== by 0x506F202: test_dibsections (bitmap.c:542) ==32731== by 0x5094CF2: func_bitmap (bitmap.c:5643) ==32731== by 0x50F08CE: run_test (test.h:584) ==32731== by 0x50F0CBC: main (test.h:654) ==32731== Uninitialised value was created by a stack allocation ==32731== at 0x506E676: test_dibsections (bitmap.c:415) ==32731== -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 joaopa <jeremielapuree(a)yahoo.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree(a)yahoo.fr --- Comment #6 from joaopa <jeremielapuree(a)yahoo.fr> --- Does the bug still occur with current wine(4.0-rc1)? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #7 from Austin English <austinenglish(a)gmail.com> --- (In reply to joaopa from comment #6)
Does the bug still occur with current wine(4.0-rc1)?
Looks good in 4.0-rc2, aside from a couple test failures: dc.c:639: Test failed: expected ret2 > 0, got 0 dc.c:654: Test failed: expected desc.nSize == sizeof(descr), got 0 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=28766 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #8 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 4.0-rc3. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org