[Bug 36261] New: valgrind shows a use after free in ddraw/tests/ddraw4.c

List overview All Threads

newer

older

[Bug 38021] New: ntdll:load_dll...

[Bug 46617] New: Far Cry v1.40...

wine-bugs＠winehq.org

3 May 2014 3 May '14

11:01 p.m.

https://bugs.winehq.org/show_bug.cgi?id=36261

Bug ID: 36261 Summary: valgrind shows a use after free in ddraw/tests/ddraw4.c Product: Wine Version: 1.7.18 Hardware: x86 OS: Linux Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: directx-d3d Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com

==29500== Invalid write of size 4 ==29500== at 0x498B288: d3d_device_inner_Release (device.c:319) ==29500== by 0x498B45B: d3d_device3_Release (device.c:345) ==29500== by 0x4C6844D: test_process_vertices (ddraw4.c:624) ==29500== by 0x4C8C1E0: func_ddraw4 (ddraw4.c:7299) ==29500== by 0x4CDE890: run_test (test.h:584) ==29500== by 0x4CDEC7F: main (test.h:654) ==29500== Address 0x47a4dc8 is 112 bytes inside a block of size 160 free'd ==29500== at 0x7BC4C782: notify_free (heap.c:263) ==29500== by 0x7BC510C7: RtlFreeHeap (heap.c:1762) ==29500== by 0x497D9F9: ddraw_destroy (ddraw.c:441) ==29500== by 0x497DC0C: ddraw4_Release (ddraw.c:472) ==29500== by 0x49A3B99: ddraw_surface_release_iface (surface.c:552) ==29500== by 0x49A3D41: ddraw_surface4_Release (surface.c:611) ==29500== by 0x498B229: d3d_device_inner_Release (device.c:316) ==29500== by 0x498B45B: d3d_device3_Release (device.c:345) ==29500== by 0x4C6844D: test_process_vertices (ddraw4.c:624) ==29500== by 0x4C8C1E0: func_ddraw4 (ddraw4.c:7299) ==29500== by 0x4CDE890: run_test (test.h:584) ==29500== by 0x4CDEC7F: main (test.h:654) ==29500==

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

31 May 31 May

8:23 p.m.

New subject: [Bug 36261] valgrind shows a use after free in ddraw/tests/ddraw4.c

https://bugs.winehq.org/show_bug.cgi?id=36261

--- Comment #1 from Austin English austinenglish@gmail.com --- Also: ==26415== Invalid write of size 4 ==26415== at 0x4B962A8: d3d_device_inner_Release (device.c:319) ==26415== by 0x4B9647B: d3d_device3_Release (device.c:345) ==26415== by 0x4AAFA09: test_coop_level_d3d_state (ddraw4.c:994) ==26415== by 0x4AD1B87: func_ddraw4 (ddraw4.c:7455) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415== Address 0x482ea30 is 112 bytes inside a block of size 160 free'd ==26415== at 0x7BC4C7AA: notify_free (heap.c:263) ==26415== by 0x7BC510EF: RtlFreeHeap (heap.c:1762) ==26415== by 0x4B889F9: ddraw_destroy (ddraw.c:441) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4BAEC45: ddraw_surface_release_iface (surface.c:558) ==26415== by 0x4BAEDED: ddraw_surface4_Release (surface.c:617) ==26415== by 0x4B96249: d3d_device_inner_Release (device.c:316) ==26415== by 0x4B9647B: d3d_device3_Release (device.c:345) ==26415== by 0x4AAFA09: test_coop_level_d3d_state (ddraw4.c:994) ==26415== by 0x4AD1B87: func_ddraw4 (ddraw4.c:7455) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415==

==26415== Warning: client syscall munmap tried to modify addresses 0x81d30000-0x81d30fff ==26415== Invalid read of size 4 ==26415== at 0x400B950: memcpy (vg_replace_strmem.c:908) ==26415== by 0x4EABBB8: wined3d_device_set_ps_consts_f (device.c:2496) ==26415== by 0x4F37473: wined3d_stateblock_apply (stateblock.c:984) ==26415== by 0x4B8A1ED: ddraw_set_cooperative_level (ddraw.c:951) ==26415== by 0x4B8A5E2: ddraw7_SetCooperativeLevel (ddraw.c:1010) ==26415== by 0x4B888F3: ddraw_destroy (ddraw.c:420) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4AB0162: test_surface_interface_mismatch (ddraw4.c:1088) ==26415== by 0x4AD1B8C: func_ddraw4 (ddraw4.c:7456) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415== Address 0xa174000 is 880 bytes inside a block of size 65,536 alloc'd ==26415== at 0x7BC4C75D: notify_alloc (heap.c:255) ==26415== by 0x7BC50FA1: RtlAllocateHeap (heap.c:1716) ==26415== by 0x4F38C30: state_init (stateblock.c:1324) ==26415== by 0x4F38D09: stateblock_init (stateblock.c:1346) ==26415== by 0x4F38F8E: wined3d_stateblock_create (stateblock.c:1403) ==26415== by 0x4B8A024: ddraw_set_cooperative_level (ddraw.c:914) ==26415== by 0x4B8A5E2: ddraw7_SetCooperativeLevel (ddraw.c:1010) ==26415== by 0x4B888F3: ddraw_destroy (ddraw.c:420) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4AB0162: test_surface_interface_mismatch (ddraw4.c:1088) ==26415== by 0x4AD1B8C: func_ddraw4 (ddraw4.c:7456) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415== ==26415== Invalid read of size 4 ==26415== at 0x400B95A: memcpy (vg_replace_strmem.c:908) ==26415== by 0x4EABBB8: wined3d_device_set_ps_consts_f (device.c:2496) ==26415== by 0x4F37473: wined3d_stateblock_apply (stateblock.c:984) ==26415== by 0x4B8A1ED: ddraw_set_cooperative_level (ddraw.c:951) ==26415== by 0x4B8A5E2: ddraw7_SetCooperativeLevel (ddraw.c:1010) ==26415== by 0x4B888F3: ddraw_destroy (ddraw.c:420) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4AB0162: test_surface_interface_mismatch (ddraw4.c:1088) ==26415== by 0x4AD1B8C: func_ddraw4 (ddraw4.c:7456) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415== Address 0xa174008 is 888 bytes inside a block of size 65,536 alloc'd ==26415== at 0x7BC4C75D: notify_alloc (heap.c:255) ==26415== by 0x7BC50FA1: RtlAllocateHeap (heap.c:1716) ==26415== by 0x4F38C30: state_init (stateblock.c:1324) ==26415== by 0x4F38D09: stateblock_init (stateblock.c:1346) ==26415== by 0x4F38F8E: wined3d_stateblock_create (stateblock.c:1403) ==26415== by 0x4B8A024: ddraw_set_cooperative_level (ddraw.c:914) ==26415== by 0x4B8A5E2: ddraw7_SetCooperativeLevel (ddraw.c:1010) ==26415== by 0x4B888F3: ddraw_destroy (ddraw.c:420) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4AB0162: test_surface_interface_mismatch (ddraw4.c:1088) ==26415== by 0x4AD1B8C: func_ddraw4 (ddraw4.c:7456) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654) ==26415==

there's a valgrind assertion failure, after all of this, which these issues could be causing: memcheck: mc_main.c:1003 (get_sec_vbits8): Assertion 'n' failed. Memcheck: get_sec_vbits8: no node for address 0xA174000 (0xA17400F)

==26415== at 0x3804CD81: report_and_quit (m_libcassert.c:279) ==26415== by 0x3804CEA9: vgPlain_assert_fail (m_libcassert.c:359) ==26415== by 0x380255EE: get_sec_vbits8 (mc_main.c:1003) ==26415== by 0x38000585: mc_LOADVn_slow (mc_main.c:813) ==26415== by 0x38027616: vgMemCheck_helperc_LOADV32le (mc_main.c:4482) ==26415== by 0x88DFDA8C: ???

sched status: running_tid=1

Thread 1: status = VgTs_Runnable ==26415== at 0x400B95A: memcpy (vg_replace_strmem.c:908) ==26415== by 0x4EABBB8: wined3d_device_set_ps_consts_f (device.c:2496) ==26415== by 0x4F37473: wined3d_stateblock_apply (stateblock.c:984) ==26415== by 0x4B8A1ED: ddraw_set_cooperative_level (ddraw.c:951) ==26415== by 0x4B8A5E2: ddraw7_SetCooperativeLevel (ddraw.c:1010) ==26415== by 0x4B888F3: ddraw_destroy (ddraw.c:420) ==26415== by 0x4B88C0C: ddraw4_Release (ddraw.c:472) ==26415== by 0x4AB0162: test_surface_interface_mismatch (ddraw4.c:1088) ==26415== by 0x4AD1B8C: func_ddraw4 (ddraw4.c:7456) ==26415== by 0x4B24F84: run_test (test.h:584) ==26415== by 0x4B25373: main (test.h:654)

Note: see also the FAQ in the source distribution. It contains workarounds to several common problems. In particular, if Valgrind aborted or crashed after identifying problems in your program, there's a good chance that fixing those problems will prevent Valgrind aborting or crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind version, and what OS and version you are using. Thanks.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:32 p.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device7_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Summary|valgrind shows a use after |valgrind shows a use after |free in |free in |ddraw/tests/ddraw4.c |d3d_device7_Release() | |ddraw/tests/ddraw{4,7}.c

--- Comment #2 from Austin English austinenglish@gmail.com --- The original problem also occurs in ddraw7's tests: ==29087== Invalid write of size 4 ==29087== at 0x4B962A8: d3d_device_inner_Release (device.c:319) ==29087== by 0x4B963D9: d3d_device7_Release (device.c:336) ==29087== by 0x4AD6C8B: test_coop_level_d3d_state (ddraw7.c:913) ==29087== by 0x4AF73A2: func_ddraw7 (ddraw7.c:7184) ==29087== by 0x4B24F84: run_test (test.h:584) ==29087== by 0x4B25373: main (test.h:654) ==29087== Address 0x48b7540 is 112 bytes inside a block of size 160 free'd ==29087== at 0x7BC4C7AA: notify_free (heap.c:263) ==29087== by 0x7BC510EF: RtlFreeHeap (heap.c:1762) ==29087== by 0x4B889F9: ddraw_destroy (ddraw.c:441) ==29087== by 0x4B88B01: ddraw7_Release (ddraw.c:459) ==29087== by 0x4BAEC45: ddraw_surface_release_iface (surface.c:558) ==29087== by 0x4BAED19: ddraw_surface7_Release (surface.c:602) ==29087== by 0x4B96249: d3d_device_inner_Release (device.c:316) ==29087== by 0x4B963D9: d3d_device7_Release (device.c:336) ==29087== by 0x4AD6C8B: test_coop_level_d3d_state (ddraw7.c:913) ==29087== by 0x4AF73A2: func_ddraw7 (ddraw7.c:7184) ==29087== by 0x4B24F84: run_test (test.h:584) ==29087== by 0x4B25373: main (test.h:654) ==29087==

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:34 p.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device_inner_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Summary|valgrind shows a use after |valgrind shows a use after |free in |free in |d3d_device7_Release() |d3d_device_inner_Release() |ddraw/tests/ddraw{4,7}.c |ddraw/tests/ddraw{4,7}.c

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

3 Jun 3 Jun

7:08 p.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device_inner_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |valgrind

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10 Nov 10 Nov

4:36 a.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device_inner_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

joaopa jeremielapuree@yahoo.fr changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr

--- Comment #3 from joaopa jeremielapuree@yahoo.fr --- What about this bug with current wine(3.20)?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12 Feb 12 Feb

1:13 a.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device_inner_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

Austin English austinenglish@gmail.com changed:

--- Comment #4 from Austin English austinenglish@gmail.com --- I can't reproduce on my current hardware with wine-4.0-407-gf7b3120991

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

15 Feb 15 Feb

8:39 p.m.

New subject: [Bug 36261] valgrind shows a use after free in d3d_device_inner_Release() ddraw/tests/ddraw{4,7}.c

https://bugs.winehq.org/show_bug.cgi?id=36261

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.2.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

2157

Age (days ago)

3906

Last active (days ago)

wine-bugs@winehq.org

7 comments

1 participants

tags (0)

participants (1)

wine-bugs＠winehq.org