http://bugs.winehq.org/show_bug.cgi?id=21504
Summary: Valgrind warnings in HEAP_ValidateInUseArena when checking adjacent blocks Product: Wine Version: 1.1.37 Platform: x86 OS/Version: Linux Status: NEW Keywords: source Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
After applying the patches for bug 21502 and 21503, the next valgrind warning one sees with +heap,+relay is
trace:heap:RtlFreeHeap (0x7f000000,70000062,0x7f000130): returning TRUE Invalid read of size 4 at HEAP_ValidateInUseArena (heap.c:1217) by HEAP_IsRealArena (heap.c:1330) by HEAP_GetPtr (heap.c:438) by RtlAllocateHeap (heap.c:1543) by RtlFormatCurrentUserKeyPath (reg.c:848) by RtlOpenCurrentUser (reg.c:887) by init_debug_lists (relay.c:192) ... Address 0x7f000144 is 12 bytes before a block of size 84 alloc'd at notify_alloc (heap.c:252) by RtlAllocateHeap (heap.c:1599) by alloc_module (loader.c:768) by load_builtin_callback (loader.c:1420) by wine_dll_set_callback (loader.c:535) by __wine_process_init (loader.c:2859)
This appears to happen after the very first call to RtlFreeHeap on the next call to RtlAllocateHeap. line 1217 of heap.c is
const ARENA_FREE *pPrev = *((const ARENA_FREE * const*)pArena - 1); /* Check prev pointer */
Without +relay, a similar error is seen on the second RtlAllocHeap after the first RtlFreeHeap.
Presumably the code should grant itself access to the prev pointer with mark_block_initialized before reading it, and revoke access with mark_block_noaccess after reading it. Similarly for the "Check next arena PREV_FREE flag" section.