https://bugs.winehq.org/show_bug.cgi?id=36310

Bug ID: 36310 Summary: valgrind shows lots of uninitialized reads/writes in msxml3/tests/xmlview.c Product: Wine Version: 1.7.18 Hardware: x86 OS: Linux Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: msxml3 Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com

==6314== Invalid read of size 4 ==6314== at 0x7018C5F3: ??? ==6314== by 0x70197781: ??? ==6314== by 0x70181492: ??? ==6314== by 0x7BC555FE: MODULE_InitDLL (loader.c:1068) ==6314== by 0x7BC5597C: process_attach (loader.c:1157) ==6314== by 0x7BC5592C: process_attach (loader.c:1149) ==6314== by 0x7BC585E2: LdrLoadDll (loader.c:2129) ==6314== by 0x7B85A79A: load_library (module.c:933) ==6314== by 0x7B85A908: LoadLibraryExW (module.c:990) ==6314== by 0x73A81BA: load_xul (nsembed.c:484) ==6314== by 0x73A8E4A: load_wine_gecko_v (nsembed.c:587) ==6314== by 0x73A8EB7: load_wine_gecko (nsembed.c:605) ==6314== by 0x73A97E5: load_gecko (nsembed.c:772) ==6314== by 0x73AE233: create_nscontainer (nsembed.c:2047) ==6314== by 0x732CB68: HTMLDocument_Create (htmldoc.c:4751) ==6314== by 0x7398C60: ClassFactory_CreateInstance (main.c:238) ==6314== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6314== by 0x6CA4DB0: XMLView_create (xmlview.c:1444) ==6314== by 0x6C62320: ClassFactory_CreateInstance (factory.c:178) ==6314== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6314== Address 0x4eddfe4 is not stack'd, malloc'd or (recently) free'd ==6314==

==6530== Thread 4: ==6530== Invalid read of size 4 ==6530== at 0x7E41033: ??? ==6530== by 0x7E362D2: ??? ==6530== Address 0xcc3d7fc is on thread 1's stack ==6530==

==6652== Conditional jump or move depends on uninitialised value(s) ==6652== at 0x69DA2A6E: ??? ==6652== by 0x69D912D8: ??? ==6652== by 0x6B05358C: ??? ==6652== by 0x69FA8430: ??? ==6652== by 0x69F7B782: ??? ==6652== by 0x69F7C6BE: ??? ==6652== by 0x73A5E34: init_nscontainer (nsiface.h:59567) ==6652== by 0x73A62D1: create_nscontainer (nsembed.c:2065) ==6652== by 0x7324B68: HTMLDocument_Create (htmldoc.c:4751) ==6652== by 0x7390C60: ClassFactory_CreateInstance (main.c:238) ==6652== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6652== by 0x6CA4DB0: XMLView_create (xmlview.c:1444) ==6652== by 0x6C62320: ClassFactory_CreateInstance (factory.c:178) ==6652== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6652== by 0x4CA707B: test_QueryInterface (xmlview.c:156) ==6652== by 0x4CA7B69: func_xmlview (xmlview.c:269) ==6652== by 0x4CA896C: run_test (test.h:584) ==6652== by 0x4CA8D5B: main (test.h:654) ==6652== Uninitialised value was created by a stack allocation ==6652== at 0x69DA29E6: ??? ==6652==

==6753== Conditional jump or move depends on uninitialised value(s) ==6753== at 0x69D80B25: ??? ==6753== by 0x6A0E6970: ??? ==6753== by 0x6A0E645E: ??? ==6753== by 0x6AFE5020: ??? ==6753== by 0x69CAB81E: ??? ==6753== by 0x6A0E65B1: ??? ==6753== by 0x69D80A6F: ??? ==6753== by 0x5778509: ??? (winproc.c:173) ==6753== by 0x577867E: call_window_proc (winproc.c:244) ==6753== by 0x577986C: WINPROC_CallProcAtoW (winproc.c:603) ==6753== by 0x577A911: WINPROC_call_window (winproc.c:911) ==6753== by 0x573B8F9: DispatchMessageA (message.c:3948) ==6753== by 0x4CB7928: test_Load (xmlview.c:247) ==6753== by 0x4CB7B6E: func_xmlview (xmlview.c:270) ==6753== by 0x4CB896C: run_test (test.h:584) ==6753== by 0x4CB8D5B: main (test.h:654) ==6753== Uninitialised value was created by a stack allocation ==6753== at 0x69D80AB6: ??? ==6753==

==6998== Conditional jump or move depends on uninitialised value(s) ==6998== at 0x6AEE5337: ??? ==6998== by 0x69ECD001: ??? ==6998== by 0x6A1714F7: ??? ==6998== by 0x6A36FB0A: ??? ==6998== by 0x6AECA4E7: ??? ==6998== by 0x6AECA48F: ??? ==6998== by 0x69CAB81E: ??? ==6998== by 0x6A0E65B1: ??? ==6998== by 0x69D80A6F: ??? ==6998== by 0x5768509: ??? (winproc.c:173) ==6998== by 0x576867E: call_window_proc (winproc.c:244) ==6998== by 0x576986C: WINPROC_CallProcAtoW (winproc.c:603) ==6998== by 0x576A911: WINPROC_call_window (winproc.c:911) ==6998== by 0x572B8F9: DispatchMessageA (message.c:3948) ==6998== by 0x4CB3928: test_Load (xmlview.c:247) ==6998== by 0x4CB3B6E: func_xmlview (xmlview.c:270) ==6998== by 0x4CB496C: run_test (test.h:584) ==6998== by 0x4CB4D5B: main (test.h:654) ==6998== Uninitialised value was created by a client request ==6998== at 0x7BC4C52C: mark_block_uninitialized (heap.c:209) ==6998== by 0x7BC4C697: initialize_block (heap.c:240) ==6998== by 0x7BC50FA3: RtlAllocateHeap (heap.c:1717) ==6998== by 0x76E1CE0: MSVCRT_malloc (heap.c:329) ==6998== by 0x61E426BF: ??? ==6998== by 0x69D2235D: ??? ==6998== by 0x6A74092C: ??? ==6998== by 0x6A5B7D64: ??? ==6998== by 0x69C860AB: ??? ==6998== by 0x6B073403: ??? ==6998== by 0x6A4BD183: ??? ==6998== by 0x6AFE511D: ??? ==6998== by 0x69CAB81E: ??? ==6998== by 0x6A0E65B1: ??? ==6998== by 0x69D80A6F: ??? ==6998== by 0x5768509: ??? (winproc.c:173) ==6998== by 0x576867E: call_window_proc (winproc.c:244) ==6998== by 0x576986C: WINPROC_CallProcAtoW (winproc.c:603) ==6998== by 0x576A911: WINPROC_call_window (winproc.c:911) ==6998== by 0x572B8F9: DispatchMessageA (message.c:3948) ==6998==

==6998== 8 bytes in 1 blocks are possibly lost in loss record 421 of 6,589 ==6998== at 0x7BC4C735: notify_alloc (heap.c:255) ==6998== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==6998== by 0x7B84586B: HeapAlloc (heap.c:271) ==6998== by 0x7B845B40: GlobalAlloc (heap.c:376) ==6998== by 0x53683E7: OLEClipbrd_Initialize (clipboard.c:1732) ==6998== by 0x53A1772: OleInitialize (ole2.c:215) ==6998== by 0x6AFF45B4: ??? ==6998== by 0x69D19393: ??? ==6998== by 0x6A74092C: ??? ==6998== by 0x69C92A72: ??? ==6998== by 0x6B06D8C2: ??? ==6998== by 0x69F7C26F: ??? ==6998== by 0x73ADE34: init_nscontainer (nsiface.h:59567) ==6998== by 0x73AE2D1: create_nscontainer (nsembed.c:2065) ==6998== by 0x732CB68: HTMLDocument_Create (htmldoc.c:4751) ==6998== by 0x7398C60: ClassFactory_CreateInstance (main.c:238) ==6998== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6998== by 0x6CA4DB0: XMLView_create (xmlview.c:1444) ==6998== by 0x6C62320: ClassFactory_CreateInstance (factory.c:178) ==6998== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==6998==

==7281== 8 bytes in 1 blocks are possibly lost in loss record 428 of 6,602 ==7281== at 0x7BC4C735: notify_alloc (heap.c:255) ==7281== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==7281== by 0x7B84586B: HeapAlloc (heap.c:271) ==7281== by 0x7B845B40: GlobalAlloc (heap.c:376) ==7281== by 0x532204A: CreateStreamOnHGlobal (hglobalstream.c:603) ==7281== by 0x6C4D838: domdoc_load_from_stream (domdoc.c:772) ==7281== by 0x6C52086: domdoc_load (domdoc.c:2198) ==7281== by 0x6C9CCBA: handle_xml_load (msxml6.h:5228) ==7281== by 0x6C9D60C: XMLView_BindStatusCallback_OnDataAvailable (xmlview.c:539) ==7281== by 0x5FF159A: BindStatusCallback_OnDataAvailable (urlmon.h:820) ==7281== by 0x5FF73A2: report_data (urlmon.h:820) ==7281== by 0x5FF7595: InternetProtocolSink_ReportData (binding.c:1126) ==7281== by 0x5FFC920: ProtocolSinkHandler_ReportData (urlmon.h:3113) ==7281== by 0x5FFD5D6: BPInternetProtocolSink_ReportData (urlmon.h:3113) ==7281== by 0x73D062D: ResProtocol_Start (urlmon.h:3113) ==7281== by 0x5FFB2D1: BindProtocol_StartEx (urlmon.h:3296) ==7281== by 0x5FF8A1B: start_binding (urlmon.h:7870) ==7281== by 0x5FF8BCD: bind_to_storage (binding.c:1567) ==7281== by 0x6018CF1: URLMoniker_BindToStorage (umon.c:280) ==7281== by 0x6C9F74D: XMLView_PersistMoniker_Load (objidl.h:3488) ==7281==

==7281== 32 bytes in 1 blocks are possibly lost in loss record 2,478 of 6,602 ==7281== at 0x7BC4C735: notify_alloc (heap.c:255) ==7281== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==7281== by 0x7BC39AE9: RtlInitializeCriticalSectionEx (critsection.c:326) ==7281== by 0x7B876B51: InitializeCriticalSectionEx (sync.c:356) ==7281== by 0x7B876B17: InitializeCriticalSectionAndSpinCount (sync.c:334) ==7281== by 0x6AFB523E: ??? ==7281== by 0x69DFCC68: ??? ==7281== by 0x6A6C7944: ??? ==7281== by 0x69E6E0B7: ??? ==7281== by 0x7BC870D0: call_thread_func (signal_i386.c:2630) ==7281== by 0x7BC87065: ??? (signal_i386.c:2571) ==7281== by 0x7BC8E4B0: start_thread (thread.c:428) ==7281== by 0x4EA7BD89: start_thread (in /usr/lib/libpthread-2.18.so) ==7281== by 0x4E95CA0D: clone (in /usr/lib/libc-2.18.so)

==7449== 8 bytes in 1 blocks are possibly lost in loss record 422 of 6,591 ==7449== at 0x7BC4C735: notify_alloc (heap.c:255) ==7449== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==7449== by 0x7B84586B: HeapAlloc (heap.c:271) ==7449== by 0x7B845B40: GlobalAlloc (heap.c:376) ==7449== by 0x53683E7: OLEClipbrd_Initialize (clipboard.c:1732) ==7449== by 0x53A1772: OleInitialize (ole2.c:215) ==7449== by 0x6AFF45B4: ??? ==7449== by 0x69D19393: ??? ==7449== by 0x6A74092C: ??? ==7449== by 0x69C92A72: ??? ==7449== by 0x6B06D8C2: ??? ==7449== by 0x69F7C26F: ??? ==7449== by 0x739DE34: init_nscontainer (nsiface.h:59567) ==7449== by 0x739E2D1: create_nscontainer (nsembed.c:2065) ==7449== by 0x731CB68: HTMLDocument_Create (htmldoc.c:4751) ==7449== by 0x7388C60: ClassFactory_CreateInstance (main.c:238) ==7449== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==7449== by 0x6C94DB0: XMLView_create (xmlview.c:1444) ==7449== by 0x6C52320: ClassFactory_CreateInstance (factory.c:178) ==7449== by 0x5373E26: CoCreateInstance (unknwn.h:226) ==7449==

etc.