http://bugs.winehq.org/show_bug.cgi?id=27393
Summary: mmdevapi uninitialiased memory access and crash past rendering Product: Wine Version: 1.3.21 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: mmdevapi AssignedTo: wine-bugs@winehq.org ReportedBy: hoehle@users.sourceforge.net
Created an attachment (id=35024) --> (http://bugs.winehq.org/attachment.cgi?id=35024) patch to mmdevapi/tests/render.c to play silence
Hi,
I've attached one version of the patch to mmdevapi/tests/render.c that works well with testbot and seems to work well with Ubuntu Intrepid with PulseAudio, but produces random crashes within a critical section when used with dmix.
mmdevdrv.d:837 NULL pointer access when looking for a GUID, called from test_session i.e. after my changes in test_clock!
I found that very suspicious and thus ran the test in Ubuntu Lucid with Valgrind (and PulseAudio), and it shows:
wine: Unhandled page fault on read access to 0xdededef6 at address 0x7bc34880 (thread 0020), starting debugger... DEDEDE comes from a read after free() provoked by running
VALGRIND_OPTS="--trace-children=yes --log-file=/dev/shm/v%p.log --leak-check=full --malloc-fill=A5 --free-fill=DE --track-origins=yes --vex-iropt-precise-memory-exns=yes" WINETEST_WRAPPER=valgrind make render.ok
Thread 2: Invalid read of size 4 at 0x7BC34876: RtlpWaitForCriticalSection (critsection.c:434) by 0x7BC34F64: RtlEnterCriticalSection (critsection.c:546) by 0x541672A: alsa_push_buffer_data (mmdevdrv.c:1429) by 0x7BC7C53A: timer_callback_wrapper (threadpool.c:601) by 0x7BC7DA59: timer_queue_thread_proc (threadpool.c:670) by 0x7BC71737: ??? (in /wine-lucid/dlls/ntdll/ntdll.dll.so) by 0x7BC7190D: call_thread_entry_point (signal_i386.c:2499) by 0x7BC7B524: start_thread (thread.c:404) by 0x418296D: start_thread (pthread_create.c:300) by 0x4263A4D: clone (clone.S:130) Address 0x7f037dcc is not stack'd, malloc'd or (recently) free'd
Invalid read of size 4 at 0x7BC34880: RtlpWaitForCriticalSection (critsection.c:434) by 0x7BC34F64: RtlEnterCriticalSection (critsection.c:546) by 0x541672A: alsa_push_buffer_data (mmdevdrv.c:1429) by 0x7BC7C53A: timer_callback_wrapper (threadpool.c:601) by 0x7BC7DA59: timer_queue_thread_proc (threadpool.c:670) by 0x7BC71737: ??? (in /wine-lucid/dlls/ntdll/ntdll.dll.so) by 0x7BC7190D: call_thread_entry_point (signal_i386.c:2499) by 0x7BC7B524: start_thread (thread.c:404) by 0x418296D: start_thread (pthread_create.c:300) by 0x4263A4D: clone (clone.S:130) Address 0xdededef6 is not stack'd, malloc'd or (recently) free'd
My render loop may not be bug free - please check - but I believe the illegal access to be in mmdevapi. I recommend adding a player loop to the tests.
There really is a timing issue. Sometimes, even with Valgrind, there's no illegal access during the test run. In that case I typically see: err:ntdll:RtlpWaitForCriticalSection section 0x7f41a704 "?" wait timed out in thread 0022, blocked by 0023, retrying (60 sec) Perhaps the critical section was destroyed, somewhat too early?
BTW, the CoTaskMemFree within the patch are part of a bug fix that I'll submit this Monday.