https://bugs.winehq.org/show_bug.cgi?id=39256
Bug ID: 39256 Summary: msxml3/tests/domdoc.c crashes under valgrind Product: Wine Version: 1.7.51 Hardware: x86 OS: Linux Status: NEW Keywords: download, source, testcase, valgrind Severity: normal Priority: P2 Component: msxml3 Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com Distribution: ---
Created attachment 52323 --> https://bugs.winehq.org/attachment.cgi?id=52323 backtrace
Backtrace: =>0 0x05cceb06 free_properties+0x2e(properties=0x4653450) [/home/austin/wine-valgrind/dlls/msxml3/../../include/msxml6.h:4032] in msxml3 (0x0492f9c8) 1 0x05ccf37e xmldoc_release_refs+0x17e(doc=0x9cc6358, refs=0x1) [/home/austin/wine-valgrind/dlls/msxml3/domdoc.c:615] in msxml3 (0x0492fa28) 2 0x05ccf3c5 xmldoc_release+0x1c(doc=0x9cc6358) [/home/austin/wine-valgrind/dlls/msxml3/domdoc.c:626] in msxml3 (0x0492fa48) 3 0x05cf7df3 destroy_xmlnode+0x3a(This=0x46677a0) [/home/austin/wine-valgrind/dlls/msxml3/node.c:1413] in msxml3 (0x0492fa68) 4 0x05cd01f0 domdoc_Release+0xd9(iface=<couldn't compute location>) [/home/austin/wine-valgrind/dlls/msxml3/domdoc.c:957] in msxml3 (0x0492fab8) 5 0x0478c404 test_get_ownerDocument+0xe75() [/home/austin/wine-valgrind/dlls/msxml3/tests/../../../include/msxml2.h:5224] in msxml3_test (0x0492fcd8) 6 0x047acede func_domdoc+0x161() [/home/austin/wine-valgrind/dlls/msxml3/tests/domdoc.c:12050] in msxml3_test (0x0492fcf8) 7 0x047e3108 run_test+0x9f(name="domdoc") [/home/austin/wine-valgrind/dlls/msxml3/tests/../../../include/wine/test.h:584] in msxml3_test (0x0492fd38) 8 0x047e3550 main+0x222(argc=<couldn't compute location>, argv=<couldn't compute location>) [/home/austin/wine-valgrind/dlls/msxml3/tests/../../../include/wine/test.h:666] in msxml3_test (0x0492fde8)
https://bugs.winehq.org/show_bug.cgi?id=39256
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Distribution|--- |Fedora
https://bugs.winehq.org/show_bug.cgi?id=39256
Thomas Faller tfaller1@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tfaller1@gmx.de
--- Comment #1 from Thomas Faller tfaller1@gmx.de --- If I run the test, valgrind does not crash. But there is an invalid free error (more or less the same callstack):
==31818== Invalid free() / delete / delete[] / realloc() ==31818== at 0x7BC4FDAD: RtlFreeHeap (heap.c:1764) ==31818== by 0x63FF408: heap_free (msxml_private.h:189) ==31818== by 0x63FF408: free_properties (???:0) ==31818== by 0x6406B06: xmldoc_release_refs (domdoc.c:615) ==31818== by 0x6407E3F: xmldoc_release (domdoc.c:626) ==31818== by 0x63FF2C3: domdoc_Release (domdoc.c:957) ==31818== by 0x4EA47B6: IXMLDOMDocument2_Release (msxml2.h:5224) ==31818== by 0x4EA47B6: test_get_ownerDocument (???:0) ==31818== by 0x4EA5710: func_domdoc (domdoc.c:12050) ==31818== by 0x4E74F35: main (test.h:584) ==31818== Address 0x48e5fd8 is 4 bytes after a block of size 92 free'd ==31818== at 0x7BC4FDAD: RtlFreeHeap (heap.c:1764) ==31818== by 0x59B289C: FONT_DeleteObject (font.c:778) ==31818== by 0x59D0BD0: DeleteObject (gdiobj.c:944) ==31818== by 0x578121F: get_text_metr_size (sysparams.c:483) ==31818== by 0x57849CE: normalize_nonclientmetrics (sysparams.c:648) ==31818== by 0x57849CE: SystemParametersInfoW (???:0) ==31818== by 0x578306B: GetSystemMetrics (sysparams.c:2434) ==31818== by 0x5782D79: GetSystemMetrics (sysparams.c:2453) ==31818== by 0x5798F11: WINPOS_GetMinMaxInfo (winpos.c:774) ==31818== by 0x579554A: WIN_CreateWindowEx (win.c:1567) ==31818== by 0x578F2F4: CreateWindowExW (win.c:1750) ==31818== by 0x6C75FAF: get_notif_hwnd (bindprot.c:130) ==31818== by 0x6C72660: start_binding (binding.c:1412) ==31818== ==31818== Invalid free() / delete / delete[] / realloc() ==31818== at 0x7BC4FDAD: RtlFreeHeap (heap.c:1764) ==31818== by 0x63FF427: heap_free (msxml_private.h:189) ==31818== by 0x63FF427: free_properties (???:0) ==31818== by 0x6406B06: xmldoc_release_refs (domdoc.c:615) ==31818== by 0x6407E3F: xmldoc_release (domdoc.c:626) ==31818== by 0x63FF2C3: domdoc_Release (domdoc.c:957) ==31818== by 0x4EA47B6: IXMLDOMDocument2_Release (msxml2.h:5224) ==31818== by 0x4EA47B6: test_get_ownerDocument (???:0) ==31818== by 0x4EA5710: func_domdoc (domdoc.c:12050) ==31818== by 0x4E74F35: main (test.h:584) ==31818== Address 0x48e66f0 is 24 bytes inside a block of size 98 free'd ==31818== at 0x7BC4FDAD: RtlFreeHeap (heap.c:1764) ==31818== by 0x7BC7352E: RtlFreeUnicodeString (rtlstr.c:319) ==31818== by 0x7B83E442: CreateFileW (file.c:1592) ==31818== by 0x6C78161: FileProtocol_StartEx (file.c:278) ==31818== by 0x6C763E1: BindProtocol_StartEx (urlmon.h:8029) ==31818== by 0x6C72CEC: start_binding (urlmon.h:8029) ==31818== by 0x6C730CE: bind_to_storage (binding.c:1569) ==31818== by 0x6C8AD5C: URLMoniker_BindToStorage (umon.c:280) ==31818== by 0x63E7A34: IMoniker_BindToStorage (objidl.h:3772) ==31818== by 0x63E7A34: bind_url (???:0) ==31818== by 0x64074B5: domdoc_load_moniker (domdoc.c:2093) ==31818== by 0x64074B5: domdoc_load (???:0) ==31818== by 0x4E77130: test_domdoc (msxml.h:2051) ==31818== by 0x4EA4ABF: func_domdoc (domdoc.c:12019) ==31818==
https://bugs.winehq.org/show_bug.cgi?id=39256
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #2 from Austin English austinenglish@gmail.com --- (In reply to Thomas Faller from comment #1)
If I run the test, valgrind does not crash. But there is an invalid free error (more or less the same callstack):
No crash here either.
https://bugs.winehq.org/show_bug.cgi?id=39256
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.52.
-
wine-bugs@winehq.org