New subject: [Bug 31723] Heap corruption crash on exit from notepad under WINEDEBUG=warn+heap

17 Sep 2012


      http://bugs.winehq.org/show_bug.cgi?id=31723
Bug #: 31723
           Summary: Heap corruption crash on exit from notepad under
                    WINEDEBUG=warn+heap
           Product: Wine
           Version: 1.5.12
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: user32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: dank@kegel.com
    Classification: Unclassified
Found while looking at bug 31353.
In wine-1.5.13, if I do
   echo x > foo.txt
   WINEDEBUG=warn+heap wine notepad foo.txt
and then exit notepad, it crashes with the following stack trace:
Unhandled exception: page fault on read access to 0xfeeefef6 in 32-bit code
(0x7db24356).
Backtrace:
=>0 ScriptStringFree+0x36(pssa=0x161bcc) [dlls/usp10/usp10.c:2320]
  1 EditWndProc_common+0x1119(hwnd=<?>, msg=<?>, wParam=<?>, lParam=<?>,
unicode=<?>) [dlls/user32/edit.c:375]
  2 EditWndProcW+0x3a(hwnd=0x10076, msg=0x82, wParam=0, lParam=0)
[dlls/user32/winproc.c:1081]
'winetricks usp10' does not work around it.
wine-1.4 does not have the problem.
git log on edit.c shows the most recent commit is
user32: Release uniscribe data on Edit control destruction (valgrind).
author    Nikolay Sivov nsivov@codeweavers.com    
Tue, 4 Sep 2012 19:06:17 +0000 (23:06 +0400)
commit    6b1946154831c4537b9fffc4994cb0273db55918
user32: Release uniscribe data on Edit control destruction (valgrind).
Reverting that gets rid of the crash.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 31723] New: Heap corruption crash on exit from notepad under WINEDEBUG=warn+heap