Re: [PATCH v10 0/6] MR8831: vccorlib140: Implement support for boxed values (aka IPropertyValue) - wine-gitlab

31 Aug 2025


      On Sun Aug 31 09:30:40 2025 +0000, Bernhard Übelacker wrote:
...
@vibhavp, in my latest ASan run the vccorlib140:vccorlib tests shows up
with a heap-use-after-free in WindowsGetStringRawBuffer in line 951. Is
`str` supposed to be a new allocation after line 948?
==vccorlib140_test.exe==1096==ERROR: AddressSanitizer:
heap-use-after-free on address 0x7f6707c03ba0 at pc 0x6ffffccb8d13 bp
0x7ffffe1ffa20 sp 0x7ffffe1ffa68
READ of size 8 at 0x7f6707c03ba0 thread T0
    #0 0x6ffffccb8d12 in WindowsGetStringRawBuffer /home/benutzer/wine-asan-pe/wine/dlls/combase/string.c:277:25
    #1 0x000140004458 in test_CreateValue /home/benutzer/wine-asan-pe/wine/dlls/vccorlib140/tests/vccorlib.c:951:15
0x7f6707c03ba0 is located 16 bytes inside of 36-byte region [0x7f6707c03b90,0x7f6707c03bb4)
freed by thread T0 here:
    #0 0x6ffffe86bb31 in free C:/llvm-project-main/compiler-rt/lib/asan/asan_malloc_win.cpp:71:3
    #1 0x6ffffccb8762 in WindowsDeleteString /home/benutzer/wine-asan-pe/wine/dlls/combase/string.c:154:9
    #2 0x00014000431c in test_CreateValue /home/benutzer/wine-asan-pe/wine/dlls/vccorlib140/tests/vccorlib.c:939:5
previously allocated by thread T0 here:
    #0 0x6ffffe86bc41 in malloc C:/llvm-project-main/compiler-rt/lib/asan/asan_malloc_win.cpp:80:3
    #1 0x6ffffccb844b in alloc_string /home/benutzer/wine-asan-pe/wine/dlls/combase/string.c:69:12
    #2 0x6ffffccb825b in WindowsCreateString /home/benutzer/wine-asan-pe/wine/dlls/combase/string.c:103:10
    #3 0x0001400042c9 in test_CreateValue /home/benutzer/wine-asan-pe/wine/dlls/vccorlib140/tests/vccorlib.c:936:10

[full ASan output](https://gitlab.winehq.org/bernhardu/wine/-/blob/asan-pe_2025-08-17_wine-10.1...)
Yes, I think `IPropertyValueStatics::CreateString` should use `WindowsDuplicateString`. Could you replace the code [here](https://gitlab.winehq.org/wine/wine/-/blob/1d1e5fb3e51b2acb0143e86c16463dfed...) with
```c
{
    HSTRING value;
    HRESULT hr;
TRACE("iface %p, value %s, property_value %p.\n", iface, debugstr_hstring(value_str), property_value);
*property_value = NULL;
    if (FAILED(hr = WindowsDuplicateString(value_str, &value))) return hr;
    create_primitive_property_value_iref(PropertyType_String, irefs.hstring_iface.lpVtbl, iref_hstring_vtbl);
}
```
and see if it resolves the issue? I'll create an MR in that case.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/8831#note_114348