http://bugs.winehq.org/show_bug.cgi?id=17518
Summary: winmm/mci tests fail with +heap enabled Product: Wine Version: 1.1.15 Platform: PC URL: http://test.winehq.org/data/86f79e3a558ca1fb5d596e9f6240 3ca89178d3cf/wine_xp_ae-ub-904-heap/winmm:mci.html OS/Version: Linux Status: NEW Keywords: download, source, testcase Severity: enhancement Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: austinenglish@gmail.com
Unhandled exception: page fault on read access to 0x00140000 in 32-bit code (0x7ee4a0e3).
Backtrace: =>0 0x7ee4a0e3 WideCharToMultiByte+0x203(page=0, flags=0, src=0x140000, srclen=1, dst="", dstlen=1024, defchar=0x0, used=(nil)) [/home/austin/wine-git/dlls/kernel32/../../include/wine/unicode.h:216] in kernel32 (0x0061f8a8) 1 0x7e9d46d8 mciSendStringA+0x138(lpstrCommand="close all notify", lpstrRet="", uRetLen=1024, hwndCallback=0x1ad005c) [/home/austin/wine-git/dlls/winmm/mci.c:1510] in winmm (0x0061f8e8) 2 0x00403a4a in winmm_test (+0x3a4a) (0x0061fde8) 3 0x0040f31d in winmm_test (+0xf31d) (0x0061fe08) 4 0x0040f507 in winmm_test (+0xf507) (0x0061feb8) 5 0x004011d9 in winmm_test (+0x11d9) (0x0061fee8) 6 0x00401223 in winmm_test (+0x1223) (0x0061ff08) 7 0x7ee614e8 start_process+0x98(arg=(nil)) [/home/austin/wine-git/dlls/kernel32/process.c:907] in kernel32 (0x0061ffe8) 0x7ee4a0e3 WideCharToMultiByte+0x203 [/home/austin/wine-git/dlls/kernel32/../../include/wine/unicode.h:216] in kernel32: cmpw $0,0x0(%eax) 216 while (*s) s++;
http://bugs.winehq.org/show_bug.cgi?id=17518
--- Comment #1 from Rico kgbricola@web.de 2009-03-02 06:26:17 --- Created an attachment (id=19744) --> (http://bugs.winehq.org/attachment.cgi?id=19744) Zero lpwstrRet, before trying to do anything with it.
Austin, could you try this patch? Another solution is to check the return value ( if (lpwstrRet && ret==0) ), but that assumes that in failure case there is never written anything useful to the lpwstrRet.
http://bugs.winehq.org/show_bug.cgi?id=17518
--- Comment #2 from Austin English austinenglish@gmail.com 2009-03-02 14:12:51 --- (In reply to comment #1)
Created an attachment (id=19744)
--> (http://bugs.winehq.org/attachment.cgi?id=19744) [details]
Zero lpwstrRet, before trying to do anything with it.
Austin, could you try this patch? Another solution is to check the return value ( if (lpwstrRet && ret==0) ), but that assumes that in failure case there is never written anything useful to the lpwstrRet.
I tried it on my work machine, no dice. Didn't try checking the return value though...bit busy atm.
http://bugs.winehq.org/show_bug.cgi?id=17518
--- Comment #3 from Austin English austinenglish@gmail.com 2009-03-02 18:33:59 --- (In reply to comment #1)
Created an attachment (id=19744)
--> (http://bugs.winehq.org/attachment.cgi?id=19744) [details]
Zero lpwstrRet, before trying to do anything with it.
Austin, could you try this patch? Another solution is to check the return value ( if (lpwstrRet && ret==0) ), but that assumes that in failure case there is never written anything useful to the lpwstrRet.
Works fine. Problem was that I was piping the output away and checking the exit status. The crash is gone, but a new 'failure' is introduced:
mci.c:56: Test succeeded inside todo block: mciSendString(close all notify, buf, sizeof(buf) , NULL) changed output buffer:
Remove that todo and the test passes with/without +heap :-).
http://bugs.winehq.org/show_bug.cgi?id=17518
--- Comment #4 from Austin English austinenglish@gmail.com 2009-03-23 14:15:49 --- Doesn't seem to be showing up when run from winetest.exe, but still shows up if run directly in tree.
http://bugs.winehq.org/show_bug.cgi?id=17518
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #5 from Dan Kegel dank@kegel.com 2009-07-03 23:53:33 --- Improved patch sent, http://www.winehq.org/pipermail/wine-patches/2009-July/075371.html
http://bugs.winehq.org/show_bug.cgi?id=17518
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |9916
Jörg Höhle hoehle@users.sourceforge.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hoehle@users.sourceforge.ne | |t
--- Comment #6 from Jörg Höhle hoehle@users.sourceforge.net 2010-05-28 16:10:01 --- Dan's patch became commit ea5a6f2db5e6f05acf38f9257278cbcad58ab898 There's no more crash.
Let's keep this bug open as a remainder that not all relevant places are patched.
1. TRACE(... "%s", debugstr_w(lpstrRet)) seems just as problematic. http://www.winehq.org/pipermail/wine-devel/2010-May/083747.html
2. MCI_HandleReturnValues is called even in case of error, which is at least inconsistent with Dan's commit (the buffer is left as Wchars, not 8bit). E.g. winmm logs of MCI_OPEN show that a MCI device id is placed in the buffer even when open fails.
Actually, we'd IMHO first need more than that one test formerly marked todo_wine to analyse if/how the supplied buffer ever gets modified in case of error (actually mciSendStringW sets *lpstrRet = '\0' -- quite late in the code, i.e. not always, bug #3?). The question is whether some apps can expect particular contents in some error situations (e.g. partially filled buffer with MCIERR_PARAM_OVERFLOW?).
http://bugs.winehq.org/show_bug.cgi?id=17518
--- Comment #7 from Jörg Höhle hoehle@users.sourceforge.net 2010-11-02 16:31:03 CDT --- The remaining issues from comment #6 are fixed by commit 88a8d211fb6ad131b4eb6ee35701b573116327cf See the set of 3 commits for details about output buffer contents.
Admins, please close this issue.
http://bugs.winehq.org/show_bug.cgi?id=17518
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #8 from Austin English austinenglish@gmail.com 2010-11-02 16:33:50 CDT --- (In reply to comment #7)
The remaining issues from comment #6 are fixed by commit 88a8d211fb6ad131b4eb6ee35701b573116327cf See the set of 3 commits for details about output buffer contents.
Admins, please close this issue.
My heap test today didn't fail http://test.winehq.org/data/f38cc9318bb287a40ab7ae77c1964259339cac99/index_W..., so assuming fixed.
http://bugs.winehq.org/show_bug.cgi?id=17518
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org 2010-11-12 13:33:58 CST --- Closing bugs fixed in 1.3.7.
-
wine-bugs@winehq.org