[Bug 26016] New: xmllite installer crashes about 1 in 30 runs

http://bugs.winehq.org/show_bug.cgi?id=26016

Summary: xmllite installer crashes about 1 in 30 runs Product: Wine Version: 1.3.13 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com

While running the regression test for winetricks-alpha, I noticed that installing xmllite crashed like this:

fixme:wintrust:CryptCATGetCatAttrInfo 0x13e700, L"SPLevel" wine: Unhandled page fault on read access to 0xffffffff at address 0x68a4875f (thread 0013), starting debugger... Backtrace: =>0 0x68a4875f SetupCommitFileQueueW+0x3cf(owner=(nil), handle=0x1414f0, handler=0x68a49040, context=0x33bcdc) [include/wine/unicode.h:200] in setupapi (0x0033bcec) 1 0x68a49031 SetupCommitFileQueueA+0x40(owner=(nil), queue=0x1414f0, handler=0x103be4b, context=0x33c228) [dlls/setupapi/queue.c:879] in setupapi (0x0033f384) 0x68a4875f SetupCommitFileQueueW+0x3cf [include/wine/unicode.h:200] in setupapi: cmpw $0,0x0(%edx)

I ran the installer in a loop to try to reproduce, and on the 34th run, I got a different crash at about the same place:

fixme:wintrust:CryptCATGetCatAttrInfo 0x1c8ba8, L"SPLevel" err:setupapi:SetupDefaultQueueCallbackA copy error 3 "c:\e64013c352a7bbb4a28da0908ecc09\SP2QFE\xmllite.dll" -> "c:\windows\$hf_mig$\KB915865\SP2QFE\xmllite.dll" fixme:setupapi:pSetupGetGlobalFlags stub fixme:setupapi:pSetupGetGlobalFlags stub wine: Unhandled page fault on read access to 0xffffffff at address 0x68c72252 (thread 003f), starting debugger... Backtrace: =>0 0x68c72252 StringTableDestroy+0x42(hStringTable=0x13ed98) [dlls/setupapi/stringtable.c:177] in setupapi (0x0033f384) 0x68c72252 StringTableDestroy+0x42 [dlls/setupapi/stringtable.c:177] in setupapi: movl 0x0(%edx,%edi,1),%edx

I ran it again in a loop with WINEDEBUG=warn+heap,+setupapi, and on the 28th, 111th, and 114th runs, saw the error:

... fixme:advapi:RegisterEventSourceW (L"",L"NtServicePack"): stub fixme:advapi:ReportEventA (0xcafe4242,0x0004,0x0000,0x400e1119,0x120df8,0x0002,0x00000000,0x34bcb8,(nil)): stub fixme:advapi:ReportEventW (0xcafe4242,0x0004,0x0000,0x400e1119,0x120df8,0x0002,0x00000000,0x118f90,(nil)): stub fixme:advapi:DeregisterEventSource (0xcafe4242) stub err:heap:HEAP_ValidateInUseArena Heap 0x110000: block 0x137420 tail overwritten at 0x137430 (byte 0/32 == 0xff) 28