https://bugs.winehq.org/show_bug.cgi?id=41230
Bug ID: 41230 Summary: Startup crash in FAR Manager v2.0 if wineconsole size is too large Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winex11.drv Assignee: wine-bugs@winehq.org Reporter: ctruta@gmail.com Distribution: ---
This crash occurs inconsistently, perhaps because it's caused by a race condition. Sometimes, it prints the following trace: *** Error in `far': double free or corruption (!prev): 0xNNNNNNNN ***
For diagnostics, use FAR Manager v2.0 (e.g. latest build 1807). Do not use the newer version FAR v3.0, which crashes in a different place and for a different reason. http://www.farmanager.com/history/far2.x86.msi
I git-bisect'ed it and found it to be a regression of the following commit:
commit ea07c310ecfee6b301e7af8413760eb446e6f184 Author: Alexandre Julliard julliard@winehq.org AuthorDate: 2012-09-04 13:34:15 +0200 Subject: winex11: Create the whole window at window creation time.
It only occurs under X11. On Mac, using the native Mac driver, everything runs well.
I have found it easier to reproduce under Ubuntu 14.04 / Linux Mint 17.x than under Ubuntu 16.04 / Linux Mint 18.x, although it does crash under the later Linux OS, also. (Just less frequently so.)
Moreover, I have found it easier to reproduce if the wineconsole height is larger. It works ok most of the time if the height is 40 characters, but it crashes much more frequently if the height is, say, 60 characters.
The behavior is roughly the same at the time of regression (wine-1.5.12-36-gea07c310ec) and as of latest version (wine-1.9.17).
I noticed two types of crashes: one that has __clone() calling itself until the stack runs out, and the other that doesn't have any __clone() calls at all. See the attachments.