http://bugs.winehq.com/show_bug.cgi?id=1127
------- Additional Comments From z_god@wanadoo.nl 2003-28-06 07:48 ------- Bug comments restored from Gmane.org:
Winhlp32 crashes when cancelling from the full text search setup window. How to reproduce: 1. run winedbg winhlp32 (Windows 2000 native version) 2. select a .hlp file (I selected any from msoe.hlp msoeacct.hlp wab.hlp) 3. click on "Help Topics" toolbar item 4. click cancel in "Find Setup Wizard" window
Depending on where it crashes it gives either a page fault on a null pointer (HEAP_FindFreeBlock) or a page fault on 0xC (RtlAllocateHeap) It seems to be random where it crashes. HEAP_FindFreeBlock [heap.c:608] DWORD arena_size = (pArena->size & ARENA_SIZE_MASK) +
0 0x400ce8f4 HEAP_FindFreeBlock(heap=0x40370000, size=0x80, ppSubHeap=0x406925f8) 1 0x400cf318 RtlAllocateHeap(heap=0x40370000, flags=0x2, size=0x80) 2 0x408e6293 list_window_children(hwnd=0x11005e, atom=0x0, tid=0x0) 3 0x408ea5d0 WIN_ListChildren 4 0x408dbd7b RDW_UpdateRgns 5 0x408dc5ca RedrawWindow 6 0x40a7ee4e expose_window 7 0x50a7f0c7 X11DRV_Expose 8 0x40a75b6b EVENT_ProcessEvent ... 13 0x40904de7 GetMessageA 14 0x0102b892 winhlp32.exe..text+0x2a892
Another crash trace: RtlAllocateHeap+0xe6 [heap.c:1039] pArena->prev->next = pArena->next;
0 0x400cf386 RtlAllocateHeap(heap=0x4037, flags=0x2, size=0x20) 1 0x4081b293 REGION_AllocWineRegion(n=0x2) 2 0x4081b31c REGION_CreateRegion(n=0x2) 3 0x4081b5d4 CreateRectRgn(left=0x32, top=0x43, right=0x158, bottom=0x45) 4 0x4081b647 CreateRectRgnIndirect 5 0x408dc4e3 RedrawWindow 6 0x40a7ee4e expose_window 7 0x40a7f0c7 X11DRV_Expose ... 13 0x40904de7 GetMessageA 14 0x0102b892 winhlp32.exe..text+0x2a892
Nothing out of the ordinary appears at the console
------- Additional Comments From R.J.Shearman <at> warwick.ac.uk 2003-05-16 08:07 ------- I've discovered the reason it corrupts the heap is because it destroys the dialog in WM_INITDIALOG (patch on the way) but the reason it does this is still unknown to me.