On 1/14/06, James Trotter james.trotter@gmail.com wrote:
On 1/14/06, Robert Shearman < rob@codeweavers.com > wrote:
Dan Kegel wrote:
Rob wrote:
This very much looks like a use-after-free bug. The first two instructions are probably a COM *_Release call. Judging by the fact
that
this is a regression I would also guess that it is a Wine object.
This sounds like a job for valgrind!
But, er, does valgrind still work with wine? Rob said it did in March: http://www.winehq.com/hypermail/wine-devel/2005/03/0397.html It was too hard for one guy back in July: http://www.winehq.com/hypermail/wine-devel/2005/07/0401.html but that was probably because he didn't see Rob's message from March. Maybe we need to put better instructions on how to use Valgrind with Wine on winehq.org... or, dare I suggest it, bundle valgrind with Wine so anybody could easily use it be setting WINEDEBUG=+valgrind or something like that...
Valgrind 3.1.0 works with Wine with no Wine modifications needed. However, one patch to valgrind is required to generate meaningful backtraces and I've attached it to this message - I guess I should report this to the valgrind developers.
-- Rob Shearman
I was really just considering using valgrind! I already have it installed, but I wasn't sure it would work very nicely, though. I was afraid there would be too much pointless output to wade through, but I'll try it tomorrow sometime.
Cheers, James
Well, it took a little longer than I thought it might.
I compiled valgrind 3.1.0 with the above patch applied. I ran Icewind Dale II with valgrind '--trace-children=yes wine IWD2.exe'. It goes on for a short while outputting various errors until it freezes. It locks and I have to reboot the machine. I've tried to output it to a log as well, but the file is empty once I've rebooted, (perhaps the stream doesn't get flushed or whatever).
This didn't prove particularly useful... Any suggestions?
In case anyone is interested running 'valgrind --trace-children=yes wine' produces the following output:
==7379== Memcheck, a memory error detector. ==7379== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al. ==7379== Using LibVEX rev 1471, a library for dynamic binary translation. ==7379== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP. ==7379== Using valgrind-3.1.0, a dynamic binary instrumentation framework. ==7379== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al. ==7379== For more details, rerun with: -v ==7379== ==7379== My PID = 7379, parent PID = 7342. Prog and args are: ==7379== /home/james/development/wine/regression_testing/cvs/wine/loader/wine-preloader ==7379== /home/james/development/wine/regression_testing/cvs/wine/loader/wine-pthread ==7379== ==7379== Warning: set address range perms: large range 535756800, a 0, v 0 ==7379== Warning: set address range perms: large range 1031864320, a 0, v 0 ==7379== Warning: set address range perms: large range 1031864320, a 1, v 1 ==7379== Warning: set address range perms: large range 515899392, a 0, v 0 ==7379== Warning: set address range perms: large range 515964928, a 0, v 0 ==7379== Warning: set address range perms: large range 515964928, a 1, v 1 ==7379== Warning: set address range perms: large range 257949696, a 0, v 0 ==7379== Warning: set address range perms: large range 258015232, a 0, v 0 ==7379== Warning: set address range perms: large range 258015232, a 1, v 1 ==7379== Warning: set address range perms: large range 128974848, a 0, v 0 ==7379== Warning: set address range perms: large range 128974848, a 1, v 1 ==7379== Warning: set address range perms: large range 129040384, a 0, v 0 ==7379== Warning: set address range perms: large range 549322752, a 0, v 0 ==7379== Warning: set address range perms: large range 549322752, a 1, v 1 ==7379== Warning: set address range perms: large range 274661376, a 0, v 0 ==7379== Warning: set address range perms: large range 274661376, a 1, v 1 ==7379== Warning: set address range perms: large range 137297920, a 0, v 0 ==7379== Warning: set address range perms: large range 137297920, a 1, v 1 ==7379== Invalid read of size 4 ==7379== at 0x20010CA8: (within /lib/ld-2.3.5.so) ==7379== by 0x2000624D: (within /lib/ld-2.3.5.so) ==7379== by 0x20152A75: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20022CEF: wine_init (loader.c:550) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== Address 0x2018935C is 76 bytes inside a block of size 79 alloc'd ==7379== at 0x2001B45A: malloc (vg_replace_malloc.c:149) ==7379== by 0x20022983: first_dll_path (loader.c:162) ==7379== by 0x20022CCC: wine_init (loader.c:548) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Conditional jump or move depends on uninitialised value(s) ==7379== at 0x200086F7: (within /lib/ld-2.3.5.so) ==7379== by 0x20152BE9: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20022CEF: wine_init (loader.c:550) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Conditional jump or move depends on uninitialised value(s) ==7379== at 0x20008700: (within /lib/ld-2.3.5.so) ==7379== by 0x20152BE9: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20022CEF: wine_init (loader.c:550) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Conditional jump or move depends on uninitialised value(s) ==7379== at 0x2000882D: (within /lib/ld-2.3.5.so) ==7379== by 0x20152BE9: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20022CEF: wine_init (loader.c:550) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Conditional jump or move depends on uninitialised value(s) ==7379== at 0x20008852: (within /lib/ld-2.3.5.so) ==7379== by 0x20152BE9: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20022CEF: wine_init (loader.c:550) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Conditional jump or move depends on uninitialised value(s) ==7379== at 0x7BF00F5A: init_current_teb (../include/wine/library.h:127) ==7379== by 0x202DB7AA: thread_init (thread.c:149) ==7379== by 0x202BF6A8: __wine_process_init (loader.c:2163) ==7379== by 0x20022D31: wine_init (loader.c:561) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== ==7379== Invalid read of size 4 ==7379== at 0x20010CD7: (within /lib/ld-2.3.5.so) ==7379== by 0x2000624D: (within /lib/ld-2.3.5.so) ==7379== by 0x20152A75: (within /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x20153737: _dl_open (in /lib/tls/i686/cmov/libc-2.3.5.so) ==7379== by 0x20185CE7: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x2000B105: (within /lib/ld-2.3.5.so) ==7379== by 0x201862EA: (within /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x20185D40: dlopen (in /lib/tls/i686/cmov/libdl-2.3.5.so) ==7379== by 0x200229F9: wine_dlopen (loader.c:588) ==7379== by 0x20023556: dlopen_dll (loader.c:193) ==7379== by 0x202BF451: load_builtin_dll (loader.c:1422) ==7379== Address 0x2018CCB0 is 80 bytes inside a block of size 82 alloc'd ==7379== at 0x2001B45A: malloc (vg_replace_malloc.c:149) ==7379== by 0x20022983: first_dll_path (loader.c:162) ==7379== by 0x20023536: dlopen_dll (loader.c:191) ==7379== by 0x202BF451: load_builtin_dll (loader.c:1422) ==7379== by 0x202BF6DF: __wine_process_init (loader.c:2172) ==7379== by 0x20022D31: wine_init (loader.c:561) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== Warning: noted but unhandled ioctl 0x30B with no size/direction hints ==7379== This could cause spurious value errors to appear. ==7379== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==7379== ==7379== Syscall param writev(vector[...]) points to uninitialised byte(s) ==7379== at 0x20000772: (within /lib/ld-2.3.5.so) ==7379== by 0x202D54D5: wine_server_call (server.c:238) ==7379== by 0x202C9B95: NtSetValueKey (reg.c:755) ==7379== by 0x205D460C: create_scsi_entry (oldconfig.c:171) ==7379== by 0x205D4DE6: convert_old_config (oldconfig.c:401) ==7379== by 0x205DD38C: process_init (process.c:957) ==7379== by 0x205DD68B: __wine_kernel_init (process.c:1050) ==7379== by 0x202BF738: __wine_process_init (loader.c:2184) ==7379== by 0x20022D31: wine_init (loader.c:561) ==7379== by 0x7BF0103F: main (main.c:45) ==7379== Address 0xBE82E590 is on thread 1's stack ==7379== ==7379== ERROR SUMMARY: 28 errors from 8 contexts (suppressed: 17 from 1) ==7379== malloc/free: in use at exit: 5,068 bytes in 51 blocks. ==7379== malloc/free: 133 allocs, 82 frees, 17,323 bytes allocated. ==7379== For counts of detected errors, rerun with: -v ==7379== searching for pointers to 51 not-freed blocks. ==7379== checked 643,360 bytes. ==7379== ==7379== LEAK SUMMARY: ==7379== definitely lost: 156 bytes in 11 blocks. ==7379== possibly lost: 0 bytes in 0 blocks. ==7379== still reachable: 4,912 bytes in 40 blocks. ==7379== suppressed: 0 bytes in 0 blocks. ==7379== Use --leak-check=full to see details of leaked memory.