Dmitry Timoshkov <dmitry@baikal.ru> wrote:

> "Zebediah Figura (she/her)" <zfigura@codeweavers.com> wrote:
>
> > >> You can also see the results at:
> > >> https://testbot.winehq.org/JobDetails.pl?Key=89319
> > >
> > > Same patch sent separately runs without failures:
> > > https://testbot.winehq.org/JobDetails.pl?Key=89342
> > >
> >
> > The tests crash with STATUS_HEAP_CORRUPTION, which strikes me as
> > something that could cause inconsistent behaviour. Are you sure that
> > you're not introducing a failure here?
>
> Thanks for the hint. Running with warn+heap helped to find the reason
> of the heap corruption, it's 'p[GlobalSize(global)] = 0;' statements.
> This revealed another bug in msxml3 - it doesn't NUL terminate the stream on
> ::save(). After fixing that and removing 'p[] = 0' the processing instruction
> tests stopped to crash.
>
> P.S.
> warn+heap still makes msxml3 domdoc tests crash, however that looks like
> another bug somewhere.

That another crash happens at the end of test_get_ownerDocument() because
priv->properties of doc1 and doc_owner have the same pointer value, and
releasing doc_owner after doc1 leads to a double free and heap corruption.

Nikolay, could you please have a look?

--
Dmitry.