http://bugs.winehq.org/show_bug.cgi?id=24882
Summary: Read after free to do with D3D9 Product: Wine Version: 1.2.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: jseward@acm.org
I don't know whether this is a Wine bug, or an X bug, or a /usr/lib32/dri/i915_dri.so bug, so this may be noise, in which case apologies. Anyway, when running Firefox crashtests on Wine-1.2.1 on Valgrind:
Invalid read of size 4 at 0x1CCBF91F: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCEF860: _mesa_test_framebuffer_completeness (in /usr/lib32/dri/i915_dri.so) by 0x1CCF39DB: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCF3A16: _mesa_update_framebuffer (in /usr/lib32/dri/i915_dri.so) by 0x1CC70FD7: intel_draw_buffer (in /usr/lib32/dri/i915_dri.so) by 0x1CCC0090: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFD54: _mesa_set_texture_attachment (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFF80: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCF02EF: _mesa_FramebufferTexture2DEXT (in /usr/lib32/dri/i915_dri.so) by 0x1AF6E331: initPixelFormats (utils.c:965) by 0x1AEDF2CA: InitAdapters (directx.c:5126) by 0x1AEEA2C9: wined3d_init (directx.c:5369) Address 0x8f2152c is 28 bytes inside a block of size 132 free'd at 0x48EDC1A: free (vg_replace_malloc.c:366) by 0x1CD08BEC: _mesa_free (in /usr/lib32/dri/i915_dri.so) by 0x1CCBFCD7: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CD1C3B3: _mesa_reference_renderbuffer (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFB1A: _mesa_remove_attachment (in /usr/lib32/dri/i915_dri.so) by 0x1CD31ECE: _mesa_DeleteTextures (in /usr/lib32/dri/i915_dri.so) by 0x1AF6E3CB: initPixelFormats (utils.c:1059) by 0x1AEDF2CA: InitAdapters (directx.c:5126) by 0x1AEEA2C9: wined3d_init (directx.c:5369) by 0x1AF72659: WineDirect3DCreate (wined3d_main.c:91) by 0x180A4D2C: Direct3DCreate9 (d3d9_main.c:43) by 0x180A4DFD: Direct3DCreate9Ex (d3d9_main.c:61)
and I also saw two others which are clearly the same thing.