http://bugs.winehq.org/show_bug.cgi?id=10521
Summary: make test crashes msvcrt/tests/heap.c... Product: Wine Version: CVS/GIT Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-msvcrt AssignedTo: wine-bugs@winehq.org ReportedBy: lionel_debroux@yahoo.fr
The msvcrt heap test has been consistently crashing on my computer since the following commit: commit a1e4758f076190dbef7d06f9e10241d0aabe3788 Author: Dan Kegel dank@kegel.com Date: Tue Nov 6 16:52:19 2007 -0800 It crashes with WINEDEBUG="" (access to 0x04030205) and WINEDEBUG="warn+heap" (access to 0x55555559), and an assertion aborts the program with WINEDEBUG="+heap". It crashes when compiling (GCC 4.1.1 from Debian stable) the whole Wine DLLs, programs and executables with -O0, -O2 and -O3, so that is probably not due to a compiler optimization screwup.
I've been discussing the issue for a while with Dan, and he is able to reproduce the problem. However, all commit a1e4758f... does is fixing two memory leaks. Therefore, neither of us feels that the change in this commit should cause a crash. There may be a problem somewhere else. Since it touches the heap subsystem, I'm putting severity to major.
While commenting tests in order to reduce the testcase, by looking at the traces, I found that a crash can be triggered (but not reproducably...) with the single: test_aligned_realloc(256, 512, 16); (everything before and after this line being commented). Strange.
Attached is a tarball I sent to Dan, which contains: * a script to run the test in various situations. Compilation is not part of the script; if you want to run Valgrind, you have to edit the location of valgrind to match the location of Wine-improved Valgrind ( http://wiki.winehq.org/Wine_and_Valgrind ); * traces created by the script; * I noticed that a 'invalid arena magic' warning is triggered by warn+heap before the crash occurs, so I made a trivial patch that adds printing of the invalid arena magic values. I think it helps debugging the issue, by showing the exact kind of overwrite that occurred: 1-byte, 2-byte, 4-byte; which bytes of the arena are affected; etc. With warn+heap (crash), the arena magic is 0x00555555. With +heap (assert failed), the arena magic is 0x55555555.