Hi Alexandre,
There is sometimes a double free in the wineserver, in fd.c
Basically the callback for the timeout is called, and the callback (for instance in set_next_timer:queue.c) calls remove_timeout_user() which does a free( user ), but at the end of handle_timeout() it also performs a free, so I think the same timeout struct is freed twice.
I don't know how to fix this bug - I commented out the free in remove_timeout_user and that stopped the wineserver from segfaulting or dieing inside malloc, but it might cause a memory leak in the case where a timeout is added and then removed before being handled.
It's too bad there is no way to check if a pointer has already been freed. Maybe a flag (inside_callback) in the timeout_user struct, so we know not to free it in remove_timeout_user()? What do you think?
thanks -mike