http://bugs.winehq.org/show_bug.cgi?id=24882
Summary: Read after free to do with D3D9 Product: Wine Version: 1.2.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: jseward@acm.org
I don't know whether this is a Wine bug, or an X bug, or a /usr/lib32/dri/i915_dri.so bug, so this may be noise, in which case apologies. Anyway, when running Firefox crashtests on Wine-1.2.1 on Valgrind:
Invalid read of size 4 at 0x1CCBF91F: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCEF860: _mesa_test_framebuffer_completeness (in /usr/lib32/dri/i915_dri.so) by 0x1CCF39DB: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCF3A16: _mesa_update_framebuffer (in /usr/lib32/dri/i915_dri.so) by 0x1CC70FD7: intel_draw_buffer (in /usr/lib32/dri/i915_dri.so) by 0x1CCC0090: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFD54: _mesa_set_texture_attachment (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFF80: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CCF02EF: _mesa_FramebufferTexture2DEXT (in /usr/lib32/dri/i915_dri.so) by 0x1AF6E331: initPixelFormats (utils.c:965) by 0x1AEDF2CA: InitAdapters (directx.c:5126) by 0x1AEEA2C9: wined3d_init (directx.c:5369) Address 0x8f2152c is 28 bytes inside a block of size 132 free'd at 0x48EDC1A: free (vg_replace_malloc.c:366) by 0x1CD08BEC: _mesa_free (in /usr/lib32/dri/i915_dri.so) by 0x1CCBFCD7: ??? (in /usr/lib32/dri/i915_dri.so) by 0x1CD1C3B3: _mesa_reference_renderbuffer (in /usr/lib32/dri/i915_dri.so) by 0x1CCEFB1A: _mesa_remove_attachment (in /usr/lib32/dri/i915_dri.so) by 0x1CD31ECE: _mesa_DeleteTextures (in /usr/lib32/dri/i915_dri.so) by 0x1AF6E3CB: initPixelFormats (utils.c:1059) by 0x1AEDF2CA: InitAdapters (directx.c:5126) by 0x1AEEA2C9: wined3d_init (directx.c:5369) by 0x1AF72659: WineDirect3DCreate (wined3d_main.c:91) by 0x180A4D2C: Direct3DCreate9 (d3d9_main.c:43) by 0x180A4DFD: Direct3DCreate9Ex (d3d9_main.c:61)
and I also saw two others which are clearly the same thing.
http://bugs.winehq.org/show_bug.cgi?id=24882
--- Comment #1 from Henri Verbeet hverbeet@gmail.com 2010-10-25 05:20:53 CDT --- Looks like a Mesa/i915 issue. Line numbers would probably help there, but the GL functions in question refer to GL objects by handles, and GL is supposed to ignore invalid ones.
http://bugs.winehq.org/show_bug.cgi?id=24882
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #2 from joaopa jeremielapuree@yahoo.fr 2011-07-09 09:24:54 CDT --- still a bug in current wine?
If yes, does there exist a demo showing the problem?
http://bugs.winehq.org/show_bug.cgi?id=24882
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #3 from Dan Kegel dank@kegel.com 2011-07-09 10:19:01 CDT --- Since it happens in wined3d_init, there's some chance it'd happen in wine's unit tests. With this kind of Valgrind report, the right thing to do is usually not to ask which demo it affects, but rather to audit the source code and try to find the bug.
http://bugs.winehq.org/show_bug.cgi?id=24882
--- Comment #4 from Austin English austinenglish@gmail.com 2013-11-13 16:48:05 CST --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.6 or newer) wine? If so, please attach the terminal output in 1.7.6 (see http://wiki.winehq.org/FAQ#get_log).
https://bugs.winehq.org/show_bug.cgi?id=24882
roger@mailinator.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |roger@mailinator.com
--- Comment #5 from roger@mailinator.com --- abandon
https://bugs.winehq.org/show_bug.cgi?id=24882
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |ABANDONED
--- Comment #6 from Austin English austinenglish@gmail.com --- Abandoned.
https://bugs.winehq.org/show_bug.cgi?id=24882
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org