https://bugs.winehq.org/show_bug.cgi?id=52386
--- Comment #7 from Eric Pouech eric.pouech@orange.fr --- Created attachment 71626 --> https://bugs.winehq.org/attachment.cgi?id=71626 patch against llvm-mingw32
the attached patch to llvm-mingw allows the use case to be run partial result
[eric:~/work/llvm-mingw/target/i686-w64-mingw32/bin]$ ~/work/output-wine/wine/wine ~/work/output-wine/wine/bugzilla/52386/use-after-free-i386.exe ================================================================= ==32==ERROR: AddressSanitizer: heap-use-after-free on address 0x00f03e44 at pc 0x00401492 bp 0x0021fe8c sp 0x0021fe88 READ of size 4 at 0x00f03e44 thread T0 0024:fixme:dbghelp_dwarf:dwarf2_read_range no entry found 0024:fixme:dbghelp_dwarf:dwarf2_read_range no entry found #0 0x401491 in main+0x81 (H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401491) #1 0x401396 in __tmainCRTStartup H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321 #2 0x7b62dd4f in BaseThreadInitThunk+0xf (C:\windows\system32\kernel32.dll+0x7b62dd4f) #3 0x7bc57856 in RtlUserThreadStart+0x26 (C:\windows\system32\ntdll.dll+0x7bc57856) #4 0x7bc57f0f in call_thread_func+0xaf (C:\windows\system32\ntdll.dll+0x7bc57f0f)
0x00f03e44 is located 4 bytes inside of 400-byte region [0x00f03e40,0x00f03fd0) freed by thread T0 here: #0 0x10042c4b in operator delete[]+0x7b (H:\work\llvm-mingw\target\i686-w64-mingw32\bin\libclang_rt.asan_dynamic-i386.dll+0x10042c4b) #1 0x401450 in main+0x40 (H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401450) #2 0x401396 in __tmainCRTStartup H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321 #3 0x7b62dd4f in BaseThreadInitThunk+0xf (C:\windows\system32\kernel32.dll+0x7b62dd4f) #4 0x7bc57856 in RtlUserThreadStart+0x26 (C:\windows\system32\ntdll.dll+0x7bc57856) #5 0x7bc57f0f in call_thread_func+0xaf (C:\windows\system32\ntdll.dll+0x7bc57f0f)
previously allocated by thread T0 here: #0 0x100424eb in operator new[]+0x7b (H:\work\llvm-mingw\target\i686-w64-mingw32\bin\libclang_rt.asan_dynamic-i386.dll+0x100424eb) #1 0x401433 in main+0x23 (H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401433) #2 0x401396 in __tmainCRTStartup H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321 #3 0x7b62dd4f in BaseThreadInitThunk+0xf (C:\windows\system32\kernel32.dll+0x7b62dd4f) #4 0x7bc57856 in RtlUserThreadStart+0x26 (C:\windows\system32\ntdll.dll+0x7bc57856) #5 0x7bc57f0f in call_thread_func+0xaf (C:\windows\system32\ntdll.dll+0x7bc57f0f)
SUMMARY: AddressSanitizer: heap-use-after-free (H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401491) in main+0x81 Shadow bytes around the buggy address: 0x301e0770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x301e0780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x301e0790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x301e07a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x301e07b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x301e07c0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd 0x301e07d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x301e07e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x301e07f0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa 0x301e0800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x301e0810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==32==ABORTING