https://bugs.winehq.org/show_bug.cgi?id=54562 Bug ID: 54562 Summary: The 64-bit oleaut32:usrmarshal crashes in Wine Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: oleaut32 Assignee: wine-bugs(a)winehq.org Reporter: fgouget(a)codeweavers.com Distribution: --- The 64-bit oleaut32:usrmarshal crashes in Wine: usrmarshal.c:572: Test marked todo: Unexpected refcount 4 Unhandled exception: page fault on read access to 0xffffffffffffffff in 64-bit code (0x00000062138b51). [...] Backtrace: =>0 0x00000062138b51 LPSAFEARRAY_UserUnmarshal+0xa1(pFlags=00000000009AFA10, Buffer=0000000000ABA614, ppsa=0000000000AE24A0) [Z:\home\winetest\tools\testbot\var\wine\dlls\oleaut32\usrmarshal.c:1073] in oleaut32 (0x00000000000014) 1 0x000000621394c4 VARIANT_UserUnmarshal+0x454(pFlags=00000000009AFA10, Buffer=0000000000ABA5D0, pvar=<internal error>) [Z:\home\winetest\tools\testbot\var\wine\dlls\oleaut32\usrmarshal.c:575] in oleaut32 (0x000000009af9b0) 2 0x0000000044f9e0 in oleaut32_test (+0x4f9e0) (0x000000009af928) 3 0x0000000045110b in oleaut32_test (+0x5110b) (0x00000000ab44b5) 4 0x0000000050d92b in oleaut32_test (+0x10d92b) (0x00000000ab44b5) 5 0x0000000050d187 in oleaut32_test (+0x10d187) (0000000000000000) 6 0x0000007b6293d9 BaseThreadInitThunk+0x9(unknown=<internal error>, entry=<internal error>, arg=<internal error>) [Z:\home\winetest\tools\testbot\var\wine\dlls\kernel32\thread.c:61] in kernel32 (0000000000000000) 7 0x00000170061143 __wine_pop_frame(entry=000000000050D120, arg=00000000003F0000) [Z:\home\winetest\tools\testbot\var\wine\include\wine\exception.h:277] in ntdll (0000000000000000) 8 0x00000170061143 RtlUserThreadStart+0x83(entry=[<register RSP not accessible in this frame>, arg=[<register RSP not accessible in this frame>) [Z:\home\winetest\tools\testbot\var\wine\dlls\ntdll\thread.c:295] in ntdll (0000000000000000) 0x00000062138b51 LPSAFEARRAY_UserUnmarshal+0xa1 [Z:\home\winetest\tools\testbot\var\wine\dlls\oleaut32\usrmarshal.c:1073] in oleaut32: cmpw (%rcx),%ax 1073 if(*ppsa && (*ppsa)->cDims==wiresa->cDims) See https://test.winehq.org/data/patterns.html#oleaut32:usrmarshal A bisect shows that this crash started with the commit below: commit 27665f35e4da13bac1e4dd8948a65f484c9dadfa Author: Rémi Bernon <rbernon(a)codeweavers.com> Date: Sat Feb 11 09:43:30 2023 +0100 ntdll: Implement Low Fragmentation Heap frontend. This implements the reduced fragmentation from the heap frontend, by carving smaller blocks out of larger allocated blocks. The super block and each sub-block are all flagged with BLOCK_FLAG_LFH. The super-block (struct group) uses a standard struct block header, as well as a list entry to be linked in free list, and a free bit map to track free sub-blocks. Sub-blocks reference their super block through the base_offset, instead of the subheap, using the block size as radix. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.