http://bugs.winehq.org/show_bug.cgi?id=11766
Summary: Heap corruption in crypt32 during Sandra benchmark? Product: Wine Version: CVS/GIT Platform: Other URL: http://www.sisoftware.net/?dir=dload&location=sware_dl_a ll OS/Version: other Status: NEW Keywords: download Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
Created an attachment (id=11026) --> (http://bugs.winehq.org/attachment.cgi?id=11026) rzip'd log of WINEDEBUG=+crypt /usr/local/valgrind-svn/bin/valgrind --suppressions=$HOME/wine-git/tools/valgrind-suppressions --trace-children=yes ~/wine-git/wine sandra.exe
I strolled down memory lane a bit, and revisited the Sandra benchmark today, see http://www.winehq.org/pipermail/wine-devel/2006-December/052821.html
Now the win2k version gets a lot farther. To install, first do sh winetricks vcrun2005sp1 gdiplus (Without native gdiplus, the installer complains you don't have it; without vcrun2005sp1, you get a few errors like fixme:actctx:parse_assembly_elem wrong version for assembly manifest.)
The installer claims to be happy, but one sees
err:module:import_dll Library CRYPTUI.dll (which is needed by L"C:\windows\temp\is-KH13O.tmp\certmgr.exe") not found err:module:LdrInitializeThunk Main exe initialization for L"C:\windows\temp\is-KH13O.tmp\certmgr.exe" failed, status c0000135 Could not get handle to service.
on the console. Worse, when the app starts up, you get a heap error:
err:heap:HEAP_ValidateInUseArena Heap 0x7f000000: in-use arena 0x7f02e2e0 next block has PREV_FREE flag err:heap:HEAP_ValidateInUseArena Heap 0x7f000000: bad back ptr 0x1c9ba51e for arena 0x7f02e798
I suppose that could be a result of cryptui being missing, but I ran it under valgrind anyway. This turned up interesting items like
==20325== Invalid read of size 1 ==20325== at 0x46F5E49: HEAP_CreateFreeBlock (heap.c:486) ==20325== by 0x46F621D: HEAP_ShrinkBlock (heap.c:575) ==20325== by 0x46F7979: RtlAllocateHeap (heap.c:1228) ==20325== by 0x5C60B74: new_object (handle.c:441) ==20325== by 0x5C6B1CD: new_key (rsaenh.c:830) ==20325== by 0x5C6C9DB: RSAENH_CPImportKey (rsaenh.c:2464) ==20325== by 0x4B4324A: CryptImportKey (crypt.c:1767) ==20325== by 0x4F2DCDC: CRYPT_ImportRsaPublicKeyInfoEx (encode.c:3923) ==20325== by 0x4F2DA3B: CryptImportPublicKeyInfoEx (encode.c:3955) ==20325== by 0x4F183FA: CRYPT_VerifyCertSignatureFromPublicKeyInfo (cert.c:1641) ==20325== by 0x4F1B069: CryptVerifyCertificateSignatureEx (cert.c:1723) ==20325== by 0x4F1EDCD: CRYPT_CheckSimpleChain (chain.c:744) ==20325== Address 0x7f02ecf8 is not stack'd, malloc'd or (recently) free'd
quite early in the run (well before the heap errs). I'll attach a combined valgrind +crypt log ( might be slightly out of sync ).
http://bugs.winehq.org/show_bug.cgi?id=11766
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang@yahoo.com
--- Comment #1 from Juan Lang juan_lang@yahoo.com 2008-08-18 18:01:46 --- I've tracked down some memory corruption errors in crypt32. I sent some patches today and will send more tomorrow.
I tried to test whether these fixes affect this bug, but the app doesn't start for me. Instead I get a dialog with the error: "Access violation at address 00409942. Write of address 00400000"
I'm trying version 14.24 if Sandra. Which version was this reported with?
http://bugs.winehq.org/show_bug.cgi?id=11766
--- Comment #2 from Juan Lang juan_lang@yahoo.com 2008-08-20 16:05:45 --- With today's git, I get a deadlock at startup:
err:ole:CoGetClassObject class {6c736db1-bd94-11d0-8a23-00aa00b58e10} not registered err:ole:CoGetClassObject no class object {6c736db1-bd94-11d0-8a23-00aa00b58e10} could be created for context 0x1 err:ntdll:RtlpWaitForCriticalSection section 0x7bc8f764 "loader.c: loader_section" wait timed out in thread 0009, blocked by 002a, retrying (60 sec) err:ntdll:RtlpWaitForCriticalSection section 0x110048 "heap.c: main process heap section" wait timed out in thread 002a, blocked by 0009, retrying (60 sec)
I don't see any heap errors though. I'm tempted to say this is "fixed," or at least that the crypt32 errors are fixed.
http://bugs.winehq.org/show_bug.cgi?id=11766
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #3 from Juan Lang juan_lang@yahoo.com 2008-08-20 16:29:58 --- Okay, I tried it again with a clean .wine. Using version 1.1.2 (of Wine), I see some heap errors like:
fixme:reg:GetNativeSystemInfo (0x33ea8c) using GetSystemInfo() err:heap:HEAP_ValidateInUseArena Heap 0x110000: in-use arena 0x16dc70 next block has PREV_FREE flag err:heap:HEAP_ValidateInUseArena Heap 0x110000: prev arena 0x16e128 invalid for in-use 0x16ed28 err:heap:HEAP_ValidateInUseArena Heap 0x110000: bad back ptr 0x5e300ff8 for arena 0x16e128
(I know the GetNativeSystemInfo fixme is not a heap error, I'm using it as a marker.) Using today's git, I don't see the heap error. The program still crashes a few times and ultimately fails to run, but the crypt32 heap errors are gone, so I'm calling this fixed.
http://bugs.winehq.org/show_bug.cgi?id=11766
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org 2008-08-22 10:45:58 --- Closing bugs fixed in 1.1.3.
http://bugs.winehq.org/show_bug.cgi?id=11766
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | Target Milestone|--- |1.0.1
--- Comment #5 from Juan Lang juan_lang@yahoo.com 2008-09-27 13:53:39 --- Not sure how to nominate bugs for 1.0.1: should I reopen it with the target milestone? If not, let me know the preferred method.
The patches that fixed this are: http://www.winehq.org/pipermail/wine-patches/2008-August/059580.html http://www.winehq.org/pipermail/wine-patches/2008-August/059581.html http://www.winehq.org/pipermail/wine-patches/2008-August/059582.html
http://bugs.winehq.org/show_bug.cgi?id=11766
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED
--- Comment #6 from Austin English austinenglish@gmail.com 2008-09-29 13:19:55 --- (In reply to comment #5)
Not sure how to nominate bugs for 1.0.1: should I reopen it with the target milestone? If not, let me know the preferred method.
No need to reopen. Leave it closed/fixed, but set the milestone. When Alexandre goes to make the stable release, he'll cherry pick those commits.
http://bugs.winehq.org/show_bug.cgi?id=11766
--- Comment #7 from Austin English austinenglish@gmail.com 2008-09-29 13:20:04 --- Closing.
http://bugs.winehq.org/show_bug.cgi?id=11766
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Austin English austinenglish@gmail.com 2008-09-29 13:20:12 --- Closing.
http://bugs.winehq.org/show_bug.cgi?id=11766
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
-
wine-bugs@winehq.org