https://bugs.winehq.org/show_bug.cgi?id=41230
Bug ID: 41230 Summary: Startup crash in FAR Manager v2.0 if wineconsole size is too large Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winex11.drv Assignee: wine-bugs@winehq.org Reporter: ctruta@gmail.com Distribution: ---
This crash occurs inconsistently, perhaps because it's caused by a race condition. Sometimes, it prints the following trace: *** Error in `far': double free or corruption (!prev): 0xNNNNNNNN ***
For diagnostics, use FAR Manager v2.0 (e.g. latest build 1807). Do not use the newer version FAR v3.0, which crashes in a different place and for a different reason. http://www.farmanager.com/history/far2.x86.msi
I git-bisect'ed it and found it to be a regression of the following commit:
commit ea07c310ecfee6b301e7af8413760eb446e6f184 Author: Alexandre Julliard julliard@winehq.org AuthorDate: 2012-09-04 13:34:15 +0200 Subject: winex11: Create the whole window at window creation time.
It only occurs under X11. On Mac, using the native Mac driver, everything runs well.
I have found it easier to reproduce under Ubuntu 14.04 / Linux Mint 17.x than under Ubuntu 16.04 / Linux Mint 18.x, although it does crash under the later Linux OS, also. (Just less frequently so.)
Moreover, I have found it easier to reproduce if the wineconsole height is larger. It works ok most of the time if the height is 40 characters, but it crashes much more frequently if the height is, say, 60 characters.
The behavior is roughly the same at the time of regression (wine-1.5.12-36-gea07c310ec) and as of latest version (wine-1.9.17).
I noticed two types of crashes: one that has __clone() calling itself until the stack runs out, and the other that doesn't have any __clone() calls at all. See the attachments.
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #1 from Cosmin Truta ctruta@gmail.com --- Created attachment 55508 --> https://bugs.winehq.org/attachment.cgi?id=55508 Crash dump under wine-1.5.12-36-gea07c310ec
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #2 from Cosmin Truta ctruta@gmail.com --- Created attachment 55509 --> https://bugs.winehq.org/attachment.cgi?id=55509 Crash dump under wine-1.9.17
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #3 from Cosmin Truta ctruta@gmail.com --- Created attachment 55510 --> https://bugs.winehq.org/attachment.cgi?id=55510 Another crash dump under wine-1.9.17
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #4 from Cosmin Truta ctruta@gmail.com --- Created attachment 55511 --> https://bugs.winehq.org/attachment.cgi?id=55511 Yet another crash dump under wine-1.9.17
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #5 from Cosmin Truta ctruta@gmail.com --- Created attachment 55512 --> https://bugs.winehq.org/attachment.cgi?id=55512 Assertion failure under wine-1.5.12-36-gea07c310ec
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #6 from Cosmin Truta ctruta@gmail.com --- Created attachment 55513 --> https://bugs.winehq.org/attachment.cgi?id=55513 Assertion failure under wine-1.5.12-36-gea07c310ec
https://bugs.winehq.org/show_bug.cgi?id=41230
Cosmin Truta ctruta@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #55513|0 |1 is obsolete| |
--- Comment #7 from Cosmin Truta ctruta@gmail.com --- Created attachment 55514 --> https://bugs.winehq.org/attachment.cgi?id=55514 Assertion failure under wine-1.9.17
https://bugs.winehq.org/show_bug.cgi?id=41230
Cosmin Truta ctruta@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Regression SHA1| |ea07c310ecfee6b301e7af84137 | |60eb446e6f184
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #8 from Cosmin Truta ctruta@gmail.com --- I wonder if this could possibly be related to bug 36788, although this is a console application crashing.
https://bugs.winehq.org/show_bug.cgi?id=41230
--- Comment #9 from Cosmin Truta ctruta@gmail.com --- Here is an extra note, which may or may not be relevant:
I obtained the crash dump at 1.5.12-36-gea07c310ec by cherry-picking 7457f37e4a69ce7c778c41559e0d39246b12d812 "ntdll: Set SO_PASSCRED before connecting to eliminate a race condition in obtaining server_pid."
I couldn't have obtained it otherwise.
On the other hand, I got the crash dump at present-day version 1.9.17 without any source modification.
https://bugs.winehq.org/show_bug.cgi?id=41230
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #10 from winetest@luukku.com --- I just tried this wine 2.0rc4 and staging 2.0rc3. Both crash.
https://bugs.winehq.org/show_bug.cgi?id=41230
Henri Verbeet hverbeet@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression
https://bugs.winehq.org/show_bug.cgi?id=41230
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE
--- Comment #11 from Alexandre Julliard julliard@winehq.org --- Duplicate.
*** This bug has been marked as a duplicate of bug 35041 ***
https://bugs.winehq.org/show_bug.cgi?id=41230
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED CC| |nerv@dawncrow.de
--- Comment #12 from André H. nerv@dawncrow.de --- closing dup