http://bugs.winehq.org/show_bug.cgi?id=26066

Summary: use after free in X11DRV_GetKeyboardLayout? Product: Wine Version: 1.3.13 Platform: x86 OS/Version: Linux Status: NEW Keywords: download, source, testcase Severity: minor Priority: P2 Component: winex11.drv AssignedTo: wine-bugs@winehq.org ReportedBy: austinenglish@gmail.com

Created an attachment (id=33245) --> (http://bugs.winehq.org/attachment.cgi?id=33245) valgrind log

Several of the valgrind tests show something like: Invalid read of size 4 at X11DRV_GetKeyboardLayout (keyboard.c:1992) by GetKeyboardLayout (input.c:693) by IMM_DestroyContext (imm.c:679) by IMM_FreeThreadData (imm.c:239) by DllMain (imm.c:389) by __wine_spec_dll_entry (dll_entry.c:40) by ??? (loader.c:139) by MODULE_InitDLL (loader.c:978) by LdrShutdownThread (loader.c:2342) by exit_thread (thread.c:345) by ??? (signal_i386.c:2473) by call_thread_entry_point (signal_i386.c:2499) by start_thread (thread.c:404) by start_thread (in /lib/libpthread-2.11.2.so) by clone (in /lib/libc-2.11.2.so) Address 0x7f017e08 is 192 bytes inside a block of size 200 free'd at notify_free (heap.c:262) by RtlFreeHeap (heap.c:1747) by HeapFree (heap.c:272) by GetPrivateProfileStringA (profile.c:1189) by GetProfileStringA (profile.c:1199) by SYSPARAMS_Init (sysparams.c:941) by process_attach (user_main.c:276) by DllMain (user_main.c:332) by __wine_spec_dll_entry (dll_entry.c:40) by ??? (loader.c:139) by MODULE_InitDLL (loader.c:978) by process_attach (loader.c:1067) by process_attach (loader.c:1059) by attach_process_dlls (loader.c:2535) by ??? (port.c:60)

appears in the user32 menu, msg, and win tests.

I'll attach the log from the win test.