[Bug 21336] New: wine's valgrind annotations for large heap realloc yield false positives
http://bugs.winehq.org/show_bug.cgi?id=21336
Summary: wine's valgrind annotations for large heap realloc yield false positives Product: Wine Version: 1.1.36 Platform: x86 OS/Version: Linux Status: NEW Keywords: source Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com
Spotted and diagnosed by Lei Zhang.
http://build.chromium.org/buildbot/waterfall.fyi/builders/Chromium%20Linux%2... has the error Syscall param write(buf) points to uninitialised byte(s) ... Address 0x20350024 is 4 bytes inside a block of size 1,428,736 alloc'd at RtlReAllocateHeap (heap.c:247)
The problem is the heap annotations after realloc_large_block.
http://bugs.winehq.org/show_bug.cgi?id=21336
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|wine-bugs@winehq.org |dank@kegel.com
--- Comment #1 from Dan Kegel dank@kegel.com 2010-01-11 21:32:08 --- Created an attachment (id=25683) --> (http://bugs.winehq.org/attachment.cgi?id=25683) Patch to add kernel32 heap testcase showing the problem
This test seems to reproduce it.
http://bugs.winehq.org/show_bug.cgi?id=21336
--- Comment #2 from Dan Kegel dank@kegel.com 2010-01-11 21:33:44 --- Created an attachment (id=25684) --> (http://bugs.winehq.org/attachment.cgi?id=25684) Draft patch to fix problem
This patch seems to solve the problem, but doesn't catch overruns on shrunken blocks.
http://bugs.winehq.org/show_bug.cgi?id=21336
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, patch, testcase
http://bugs.winehq.org/show_bug.cgi?id=21336
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #25684|0 |1 is obsolete| |
--- Comment #3 from Dan Kegel dank@kegel.com 2010-01-13 23:21:25 --- Created an attachment (id=25726) --> (http://bugs.winehq.org/attachment.cgi?id=25726) Handle resized-in-place block a bit better?
This might be a bit better around the resize-in-place case for large blocks. Would need to test with heap overrun patches to be sure.
http://bugs.winehq.org/show_bug.cgi?id=21336
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com 2010-02-02 12:34:45 --- Another one is committed as 20430f6edefe0f299fe27303ec9e153873023ee0.
http://bugs.winehq.org/show_bug.cgi?id=21336
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #5 from Dan Kegel dank@kegel.com 2010-02-02 12:40:04 --- I think this is fixed now. If we find anything else I or Lei will open a new bug.
http://bugs.winehq.org/show_bug.cgi?id=21336
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org 2010-02-05 11:39:13 --- Closing bugs fixed in 1.1.38.
-
wine-bugs@winehq.org