https://bugs.winehq.org/show_bug.cgi?id=54267
Bug ID: 54267 Summary: regression: free() invalid pointer error then crash in WoW Product: Wine Version: 8.0-rc2 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: blocker Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: kdt3rd@gmail.com Distribution: ---
Created attachment 73831 --> https://bugs.winehq.org/attachment.cgi?id=73831 tail snippet of +seh,+unwind surrounding the free(): invalid pointer error
This worked fine in 7.22, but with 8.0-rc2 I am seeing a behavior where World of Warcraft will run fine for a while (as short as 5 minutes, up to 30 minutes), then eventually hard abort with
0454:err:seh:dispatch_exception unknown exception (code=c0000420) raised 0454:err:seh:dispatch_exception unknown exception (code=c0000420) raised 0454:fixme:sync:NtQueryDirectoryObject multiple entries not implemented 0454:fixme:sync:NtQueryDirectoryObject multiple entries not implemented free(): invalid pointer 0560:err:seh:call_stack_handlers invalid frame 000000000418E330 (0000000003F92000-0000000004090000) 0560:err:seh:NtRaiseException Exception frame is not in stack limits => unable to dispatch exception. 0588:fixme:wtsapi:WTSUnRegisterSessionNotification Stub 0000000000020082 0588:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFFFFFFFFFFFFFA, 000000000011FD70
There may be two issues here, I am not sure. I do not know how to find where that free() invalid pointer is happening (I tried setting the normal environment variable MALLOC_CHECK_=3 to see if I could get a unix-side stack trace to no avail), so not sure how to pursue that.
Seeing the stack frame invalid and some recent patches to convert to a new assembly-based implementation of the call handlers, I also have run (and attached) the tail of a log with +seh,+unwind surrounding the crash (stackfail.log). Although seeing that the "usual" stream of exceptions (WoW has always had this c0000420 unknown error / assertion failure stream) are in a separate thread (0454 vs 0560 above), I suspect that the free() invalid pointer issue is the real problem.
This is against a wine compiled w/ mingw gcc 12.2 in wow64 dual-build.
If it helps, Wow.exe is a 64-bit (PE32+) executable
Unfortunately, I am unable to test this with only vanilla wine to bisect, as the game does not run with vanilla as far as I know.
Please let me know any suggestions how to find out where something is free'd not malloc'ed, bisect with staging stuff still applied, or how I can help debug further.