http://bugs.winehq.org/show_bug.cgi?id=24241
Summary: Open file dialog triggers "Invalid free" Valgrind warning Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: shell32 AssignedTo: wine-bugs@winehq.org ReportedBy: bart.vanassche@gmail.com
Occurred with a clone of the Wine git repository last updated on Monday August 30, 2010 + a patch that informs Valgrind about heap tail zones. The Valgrind complaint below was triggered by the open file dialog (MFC CFileDialog) and shows that Wine tries to free static memory (a static variable called emptyW):
Invalid free() / delete / delete[] at 0x476F851: do_VALGRIND_FREELIKE_BLOCK (wine.git/dlls/ntdll/heap.c:231) by 0x47727A5: RtlFreeHeap (wine.git/dlls/ntdll/heap.c:1778) by 0x509BB83: IMalloc_fnFree (wine.git/dlls/ole32/ifs.c:262) by 0x509C1D6: CoTaskMemFree (wine.git/dlls/ole32/ifs.c:411) by 0x4DEC027: StrRetToStrNW (wine.git/dlls/shell32/shellstring.c:99) by 0x4E0E67E: ShellView_OnNotify (wine.git/dlls/shell32/shlview.c:1432) by 0x4E0F735: ShellView_WndProc (wine.git/dlls/shell32/shlview.c:1684) by 0x4CB21E9: ??? (in /usr/lib/wine/user32.dll.so) by 0x4CB2873: call_window_proc (wine.git/dlls/user32/winproc.c:242) by 0x4CB4C2B: WINPROC_call_window (wine.git/dlls/user32/winproc.c:899) by 0x4C7B35C: call_window_proc (wine.git/dlls/user32/message.c:2201) by 0x4C80B42: send_message (wine.git/dlls/user32/message.c:3041) by 0x4C81063: SendMessageW (wine.git/dlls/user32/message.c:3164) by 0x4FABB7B: notify_hdr (wine.git/dlls/comctl32/listview.c:839) by 0x4FAD06C: notify_dispinfoT (wine.git/dlls/comctl32/listview.c:984) by 0x4FADD5C: LISTVIEW_GetItemT (wine.git/dlls/comctl32/listview.c:6613) by 0x4FADFA8: LISTVIEW_GetItemW (wine.git/dlls/comctl32/listview.c:1601) by 0x4FAF48C: LISTVIEW_DrawItem (wine.git/dlls/comctl32/listview.c:4459) by 0x4FB63D4: LISTVIEW_RefreshReport (wine.git/dlls/comctl32/listview.c:4751) by 0x4FBAFDA: LISTVIEW_Refresh (wine.git/dlls/comctl32/listview.c:4998) by 0x4FBDB68: LISTVIEW_Paint (wine.git/dlls/comctl32/listview.c:10392) by 0x4FBDCC6: LISTVIEW_WMPaint (wine.git/dlls/comctl32/listview.c:10417) by 0x4FBF4CC: LISTVIEW_WindowProc (wine.git/dlls/comctl32/listview.c:11452) by 0x4CB21E9: ??? (in /usr/lib/wine/user32.dll.so) by 0x4CB2873: call_window_proc (wine.git/dlls/user32/winproc.c:242) by 0x4CB4C2B: WINPROC_call_window (wine.git/dlls/user32/winproc.c:899) by 0x4C7C0FD: DispatchMessageW (wine.git/dlls/user32/message.c:3709) by 0x4C4EAE1: IsDialogMessageW (wine.git/dlls/user32/dialog.c:1258) by 0x4C4EC43: DIALOG_DoDialogBox (wine.git/dlls/user32/dialog.c:812) by 0x4C509BD: DialogBoxIndirectParamAorW (wine.git/dlls/user32/dialog.c:877) by 0x4C50A51: DialogBoxIndirectParamA (wine.git/dlls/user32/dialog.c:887) by 0x92CDCD8: GetFileName95 (wine.git/dlls/comdlg32/filedlg.c:317) Address 0x4f7116c is 0 bytes inside data symbol "emptyW.55484"
http://bugs.winehq.org/show_bug.cgi?id=24241
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|shell32 |-unknown Version|unspecified |1.3.1
--- Comment #1 from Dmitry Timoshkov dmitry@codeweavers.com 2010-09-02 04:36:16 CDT --- Please always specify the Wine version you are using (in the Version field above).
http://bugs.winehq.org/show_bug.cgi?id=24241
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #2 from Dan Kegel dank@kegel.com 2010-09-02 09:36:32 CDT --- (Please attach stack traces instead of pasting, else the bugs get hard to look at.)
Can you run again with --track-origins=yes on? And can you provide a download link for an app that reproduces the problem?
Finally, can you add a note to http://wiki.winehq.org/Wine_and_Valgrind about your patch? I was under the impression that Wine+valgrind already knew about heap tail zones. What trick did we miss?
http://bugs.winehq.org/show_bug.cgi?id=24241
--- Comment #3 from Bart Van Assche bart.vanassche@gmail.com 2010-09-03 13:15:38 CDT --- (In reply to comment #2)
Can you run again with --track-origins=yes on?
Do you think that would provide additional information ? I might have missed something, but as far as I know --track-origins=yes only provides additional information for uninitialized memory accesses and not for invalid free()'s.
And can you provide a download link for an app that reproduces the problem?
I will try to minimize the source code of the application that allows to trigger the above Valgrind complaint. Is MSVC 2005 SP1 source code acceptable instead of an .exe file ?
Finally, can you add a note to http://wiki.winehq.org/Wine_and_Valgrind about your patch? I was under the impression that Wine+valgrind already knew about heap tail zones. What trick did we miss?
You are right, the Wine code in heap.c already informs Valgrind about heap tail zones. Julian and I are looking at preserving heap bits when RtlReAllocateHeap() reallocates memory in-place. The patch that realizes this will be made available as soon as it is ready and underwent sufficient testing. Note: that patch doesn't affect reports about invalid frees.
http://bugs.winehq.org/show_bug.cgi?id=24241
--- Comment #4 from Dan Kegel dank@kegel.com 2010-09-03 13:43:10 CDT --- D'oh, right, forgot that there's no origin to speak of here.
Yes, source would be fine.
Looking forward to that patch.
http://bugs.winehq.org/show_bug.cgi?id=24241
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #5 from Bruno Jesus 00cpxxx@gmail.com 2012-10-10 19:41:27 CDT --- Is this still an issue in the latest development version of wine?
https://bugs.winehq.org/show_bug.cgi?id=24241
--- Comment #6 from Austin English austinenglish@gmail.com --- Please retest in current (1.7.17 or newer) wine.
https://bugs.winehq.org/show_bug.cgi?id=24241
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |ABANDONED
--- Comment #7 from Austin English austinenglish@gmail.com --- (In reply to Austin English from comment #6)
Please retest in current (1.7.17 or newer) wine.
Abandoned.
https://bugs.winehq.org/show_bug.cgi?id=24241
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #8 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org