http://bugs.winehq.org/show_bug.cgi?id=21355
Summary: Need heap overrun detection Product: Wine Version: 1.1.36 Platform: x86 OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
Microsoft Windows XP obeys a number of flags that turn on additional heap sanity checks which detect write-past-end and write-after-free of heap allocations.
Wine should implement similar overrun detection; apps that overrun their heap buffers should either get an error from the heap call, or optionally be terminated aggressively, if we're feeling really strict (I think Windows 7 does this).
Furthermore, Wine's heap code should contain Valgrind annotations to let Valgrind produce good error messages even on read-after-free or read overrun errors.
Patches to implement most of this are in use today in the wine valgrind bot at http://kegel.com/wine/valgrind/logs and in the chromium continuous build and test bot.
Here are the latest version of these patches:
(basic check-whether-unused-bytes-were-modified) http://www.winehq.org/pipermail/wine-patches/2010-January/083609.html http://www.winehq.org/pipermail/wine-patches/2010-January/083610.html http://www.winehq.org/pipermail/wine-patches/2010-January/083611.html
(add 8 byte redzone to each allocation; can be increased, as sometimes 32 byte redzones catch more bugs.) http://www.winehq.org/pipermail/wine-patches/2009-November/081804.html
(use-after-free check) http://www.winehq.org/pipermail/wine-patches/2009-November/081855.html
I've been trying to get these committed, but so far without much luck.