Wine test suite crashes X server with SIGBUS

[jeffrey.a.klein@…]

I'm building Wine on my Macbook Pro, but somewhere in the test suite the X server completely crashes.

Occurs in 2.3.3.2 and 2.4.0 rc1.

Wine source checked out from ​git://source.winehq.org/git/wine.git

commit 578aeb87b59b04a85db6e8e545a6065cfab8a79b Author: Alexandre Julliard <julliard@…> Date: Fri Jul 17 18:38:57 2009 +0200

Release 1.1.26.

The test that crashes is:

./wine ./dlls/user32/tests/user32_test.exe.so win

[jeffrey.a.klein@…]

Crash report

[jeffrey.a.klein@…]

It's not crashing every time, but at least 1 out of 2.

The Wine output before the crash is:

win.c:590: main: WM_WINDOWPOSCHANGING 0x20034 after 0x0, x -32769, y -40000, cx 0, cy 0 flags 00000002 win.c:610: main: WM_WINDOWPOSCHANGED 0x20034 after 0x0, x 100, y 100, cx 0, cy 0 flags 00000006 win.c:590: main: WM_WINDOWPOSCHANGING 0x20034 after 0x0, x 32768, y 40000, cx 32767, cy 32767 flags 00000002 X connection to /tmp/launch-0NHaKn/:0 broken (explicit kill or server shutdown).

It could be that the change event triggers a redraw, that is just exactly right to break the Bresenham algorithm.

I added a trace for the LineTo function:

win.c:590: main: WM_WINDOWPOSCHANGING 0x10032 after 0x0, x 32768, y 40000, cx 32767, cy 32767 flags 00000002 trace:graphics:DrawEdge 0x3a4 (0,0)-(32767,32767) 0005 200f trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 0, 0, 32767, 0) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 0, 0, 0, 32767) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 32766, 32766, -1, 32766) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 32766, 32766, 32766, -1) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 1, 1, 32766, 1) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 1, 1, 1, 32766) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 32765, 32765, 0, 32765) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 32765, 32765, 32765, 0) trace:graphics:X11DRV_LineTo XDrawLine(0x40809800, 0x1000016, 0x40222820, 3, 21, 32764, 21) X connection to /tmp/launch-0NHaKn/:0 broken (explicit kill or server shutdown).

[jeremyhu@…]

I can reproduce it, but interestingly the crash is in a different location for me. I see it in another memcpy...

#3  0x0002b7b8 in StartFrameResize (pWin=0xd40b670, gravity=1, oldX=32767, oldY=32767, oldW=32767, oldH=32767, oldBW=0, newX=100, newY=100, newW=300, newH=300, newBW=0) at rootlessWindow.c:1087
#4  0x0002c5b9 in RootlessResizeWindow (pWin=0xd40b670, x=100, y=100, w=300, h=300, pSib=0xd40a510) at rootlessWindow.c:1351
#5  0x0014aeb3 in ConfigureWindow (pWin=0xd40b670, mask=15, vlist=0x91d780, client=0xd4098e0) at window.c:2433
#6  0x00116b6d in ProcConfigureWindow (client=0xd4098e0) at dispatch.c:754
#7  0x00115fb5 in Dispatch () at dispatch.c:448
#8  0x001331bb in dix_main (argc=6, argv=0xbfffe400, envp=0xbfffe3a0) at main.c:435
#9  0x00019ef7 in server_thread (arg=0x636e40) at quartzStartup.c:69
#10 0x94ea2fe1 in _pthread_start ()
#11 0x94ea2e66 in thread_start ()

It's definitely some kind of memory management / bounds issue... these are ugly.

I'm going to spend some time trying to figure it out in 2.4.0, but it won't block the release since it is not a regression.

[hoehle@…]

I get the exact same backtrace (about fbBresSolid <- RootlessPolySegment) as the OP, running XQuartz 2.3.3.2 on an "early 2009" Mac OS mini with OSX 10.5.7.

In wine/dlls/user32/tests/win.c, wine performs boundary checking:

SetWindowPos(hwnd, 0, -32769, -40000, -32769, -90000, SWP_NOMOVE); SetWindowPos(hwnd, 0, 32768, 40000, 32768, 40000, SWP_NOMOVE);

SetWindowPos(hwnd, 0, -32769, -40000, -32769, -90000, SWP_NOSIZE); SetWindowPos(hwnd, 0, 32768, 40000, 32768, 40000, SWP_NOSIZE);

When I comment out the second call, the tests run without crash. Otherwise, X11.app crashes every time.

The testsuite only crashes in fullscreen (rootless) mode. when Wine runs inside a virtual desktop window, there's no crash.

[jeremyhu@…]

Just to be certain, please verify that this occurs on 2.5.0

[cdavis@…]

Replying to jeremyhu@…:

Just to be certain, please verify that this occurs on 2.5.0

It does not. At least, not with a 64-bit X server. Throwing more memory at the problem certainly helps :).

Can't test with a 32-bit server yet. I'm on battery at the moment, so I can't build Wine (at least, not without draining the battery).

[cdavis@…]

The 32-bit server doesn't crash either.

[jeremyhu@…]

Thanks!