content_unittests DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0 fail on DrMemory

[derekbruening]

From zhao...@google.com on September 30, 2014 18:11:04

$ ~/Workspace/DrMemory/builds/build_x86_drm_rel.git/bin/drmemory.exe -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = DownloadFileTestWithRename.RenameWithErrorRetry
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0
unknown file: error: Uninteresting mock function call - returning directly.
Function call: RegisterCallback(@0018F6E4 8-byte object <00-00 00-00 00-00 00-00>)
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(593): error: Value of: interrupt_reason
Actual: 6
Expected: DOWNLOAD_INTERRUPT_REASON_NONE
Which is: 0
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(659): error: Value of: did_run_callback
Actual: true
Expected: false
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(667): error: Value of: did_run_callback
Actual: true
Expected: false
[ FAILED ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0, where GetParam() = 4-byte object <FE-83 46-00> (5577 ms)

Original issue: http://code.google.com/p/drmemory/issues/detail?id=1644

[derekbruening]

From zhao...@google.com on September 30, 2014 15:12:08

Failed on light mode:
$ ~/Workspace/DrMemory/builds/build_x86_drm_rel.git/bin/drmemory.exe -light -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = DownloadFileTestWithRename.RenameWithErrorRetry
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0
unknown file: error: Uninteresting mock function call - returning directly.
Function call: RegisterCallback(@0018F6E4 8-byte object <00-00 00-00 00-00 00-00>)
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(593): error: Value of: interrupt_reason
Actual: 6
Expected: DOWNLOAD_INTERRUPT_REASON_NONE
Which is: 0
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(659): error: Value of: did_run_callback
Actual: true
Expected: false
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(667): error: Value of: did_run_callback
Actual: true
Expected: false
[ FAILED ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0, where GetParam() = 4-byte object <FE-83 46-00> (833 ms)

Labels: -Priority-Medium Priority-High

[derekbruening]

From zhao...@google.com on September 30, 2014 15:14:05

Passed on handle-leaks only mode

$ ~/Workspace/DrMemory/builds/build_x86_drm_rel.git/bin/drmemory.exe -handle_leaks_only -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = DownloadFileTestWithRename.RenameWithErrorRetry
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0
[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0 (3735 ms)

Passed on Debug build DynamoRIO
$ ~/Workspace/DynamoRIO/builds/build_x86_dbg.git/bin32/drrun.exe -debug -- ./out/Release/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
...
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0

[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0 (6651 ms)

[derekbruening]

From zhao...@google.com on September 30, 2014 15:15:55

The tests tries to force a platform error on Windows by opening a file for exclusive read and then attempting to move it to a different directory (which on Windows is an error). The expected error is a sharing violation. This works as intended on Win7 and WinXP. But somehow under Dr. Memory, the result appears to be FILE_TOO_LARGE. Do you know why that might be?

[derekbruening]

From zhao...@google.com on September 30, 2014 15:31:58

Failed on leaks_only, passed on -no_track_allocs -leaks_only

$ ~/Workspace/DrMemory/builds/build_x86_drm_rel.git/bin/drmemory.exe -leaks_only -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = DownloadFileTestWithRename.RenameWithErrorRetry
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0
unknown file: error: Uninteresting mock function call - returning directly.
Function call: RegisterCallback(@0018F6E4 8-byte object <00-00 00-00 00-00 00-00>)
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(593): error: Value of: interrupt_reason
Actual: 6
Expected: DOWNLOAD_INTERRUPT_REASON_NONE
Which is: 0
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(659): error: Value of: did_run_callback
Actual: true
Expected: false
d:\src\chrome\src\content\browser\download\download_file_unittest.cc(667): error: Value of: did_run_callback
Actual: true
Expected: false
[ FAILED ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0, where GetParam() = 4-byte object <FE-83 46-00> (721 ms)

$ ~/Workspace/DrMemory/builds/build_x86_drm_rel.git/bin/drmemory.exe -handle_leaks_only -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = DownloadFileTestWithRename.RenameWithErrorRetry
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0
[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0 (3600 ms)
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/1
[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/1 (3106 ms)
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename (6929 ms total)

[derekbruening]

From zhao...@google.com on September 30, 2014 18:36:48

It works with -no_replace_malloc -leaks_only
$ ~/Workspace/DrMemory/builds/build_x86_drm_dbg.git/bin/drmemory.exe -no_replace_malloc -leaks_only -- ./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry
WARNING: using debug DynamoRIO since release not found
<Starting application D:\src\chrome\src\out\Debug\content_unittests.exe (742796)>
<Initial options = -no_dynamic_options -logdir 'D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_drm_dbg.git\logs\dynamorio' -client_lib 'D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_drm_dbg.git\bin\debug\drmemorylib.dll;0;-no_replace_malloc -leaks_only -logdir D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_drm_dbg.git\logs -symcache_dir D:\src\cygwin\home\zhaoqin\Workspace\DrMemory\builds\build_x86_drm_dbg.git\logs\symcache -lib_blacklist C:\Windows_.d?? -resfile 742796 ' -code_api -probe_api -stack_size 56K -disable_traces -no_enable_traces -max_elide_jmp 0 -max_elide_call 0 -max_bb_instrs 256 -no_shared_traces -bb_ibl_targets -bb_single_restore_prefix -no_shared_trace_ibl_routine -no_enable_reset -no_reset_at_switch_to_os_at_vmm_limit -reset_at_vmm_percent_free_limit 0 -no_reset_at_vmm_full -reset_at_commit_free_limit 0K -reset_every_nth_pending 0 -vm_size 262144K -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct -no_aslr_dr -pad_jmps_mark_no_trace >
Dr.M Dr. Memory version 1.8.2097
Dr.M Running "./out/Debug/content_unittests.exe --gtest_filter=DownloadFileTestWithRename.RenameWithErrorRetry"
Valgrind detected, switching to single process mode.
Pass --test-launcher-debug-launcher to valgrind the launcher itself.
Note: Google Test filter = *DownloadFileTestWithRename.RenameWithErrorRetry_
[==========] Running 2 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0

[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/0 (9441 ms)
[ RUN ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/1
[ OK ] DownloadFile/DownloadFileTestWithRename.RenameWithErrorRetry/1 (3545 ms)
[----------] 2 tests from DownloadFile/DownloadFileTestWithRename (14331 ms total)

[----------] Global test environment tear-down
[==========] 2 tests from 1 test case ran. (14413 ms total)
[ PASSED ] 2 tests.

So it is more likely to be replaced allocator bug.

[derekbruening]

From asanka@chromium.org on October 01, 2014 08:14:38

Blocking: chromium:418748

[derekbruening]

From zhao...@google.com on October 02, 2014 00:26:20

it is the replaced allocator's problem

0:000> kp
ChildEBP RetAddr
0018ea84 76e19a9e drmemorylib!replace_RtlFreeHeap(void * heap = 0x002f0000, unsigned long flags = 0, void * ptr = 0x00000000)+0x2db [d:\src\cygwin\home\zhaoqin\workspace\drmemory\drmemory.git\common\alloc_replace.c @ 3526]
0018eb54 76e19abf kernel32!MoveFileWithProgressTransactedW+0x510
0018eb74 76e19b1c kernel32!MoveFileWithProgressW+0x1b
0018eb90 75d8127e kernel32!MoveFileExW+0x17
0018ebdc 75d81cc3 SHELL32!CFSTransfer::_SameVolumeMoveOrRename+0x226
0018ee24 75cc97e7 SHELL32!CFSTransfer::MoveItem+0x1be
0018ee74 75aca4b6 SHELL32!CMoveOperation::Do+0x141
0018eea0 75aca8f0 SHELL32!CCopyWorkItem::_DoOperation+0x28
0018f0ec 75ac9262 SHELL32!CCopyWorkItem::_SetupAndPerformOp+0x23a
0018f334 75ac963d SHELL32!CCopyWorkItem::ProcessWorkItem+0x152
0018f368 75ac9f96 SHELL32!CRecursiveFolderOperation::Do+0x224
0018f3ac 75ac9a65 SHELL32!CFileOperation::_EnumRootDo+0x14e
0018f414 75ac9809 SHELL32!CFileOperation::PrepareAndDoOperations+0x275
0018f43c 75ac9717 SHELL32!SHFileOperationWithAdditionalFlags+0xe9
0018f44c 06c21264 SHELL32!SHFileOperationW+0xf
0018f4c8 06c200b4 content!content::BaseFile::MoveFileAndAdjustPermissions(class base::FilePath * new_path = 0x0018f76c)+0xb4 [d:\src\chrome\src\content\browser\download\base_file_win.cc @ 342]
0018f5c8 06c25863 content!content::BaseFile::Rename(class base::FilePath * new_path = 0x0018f76c)+0x134 [d:\src\chrome\src\content\browser\download\base_file.cc @ 160]
0018f788 06c25693 content!content::DownloadFileImpl::RenameWithRetryInternal(class base::FilePath * full_path = 0x0018fa28, content::DownloadFileImpl::RenameOption option = ANNOTATE_WITH_SOURCE_INFORMATION (2), int retries_left = 3, class base::TimeTicks time_of_first_failure = class base::TimeTicks, class base::Callback<void __cdecl(enum content::DownloadInterruptReason,base::FilePath const &)> * callback = 0x0018f840)+0x153 [d:\src\chrome\src\content\browser\download\download_file_impl.cc @ 159]
0018f7b4 007385d7 content!content::DownloadFileImpl::RenameAndAnnotate(class base::FilePath * full_path = 0x0018fa28, class base::Callback<void __cdecl(enum content::DownloadInterruptReason,base::FilePath const &)> * callback = 0x0018f840)+0x33 [d:\src\chrome\src\content\browser\download\download_file_impl.cc @ 124]
0018fa74 01252354 content_unittests!content::DownloadFileTestWithRename_RenameWithErrorRetry_Test::TestBody(void)+0x517 [d:\src\chrome\src\content\browser\download\download_file_unittest.cc @ 648]

This test first tried to produce a failure on rename fail, which generate a 0xC0000043 STATUS_SHARING_VIOLATION.

system call #48==48.0 NtOpenFile

0 KERNEL32.dll!MoveFileWithProgressTransactedW+0xb4 (0x76e1991c <KERNEL32.dll+0x2991c>) modid:0^M

1 fp=0x0018eb54 parent=0x0018eb74 KERNEL32.dll!MoveFileWithProgressW+0x1a (0x76e19abf <KERNEL32.dll+0x29abf>) modid:0^M

2 fp=0x0018eb74 parent=0x0018eb90 KERNEL32.dll!MoveFileExW +0x16 (0x76e19b1c <KERNEL32.dll+0x29b1c>) modid:0^M

3 fp=0x0018eb90 parent=0x0018ebdc SHELL32.dll!CFSTransfer::_SameVolumeMoveOrRename+0x225 (0x75d8127e <SHELL32.dll+0x31127e>) modid:0^M

4 fp=0x0018ebdc parent=0x0018ee24 SHELL32.dll!CFSTransfer::MoveItem+0x1bd (0x75d81cc3 <SHELL32.dll+0x311cc3>) modid:0^M

5 fp=0x0018ee24 parent=0x0018ee74 SHELL32.dll!CMoveOperation::Do+0x140 (0x75cc97e7 <SHELL32.dll+0x2597e7>) modid:0^M

6 fp=0x0018ee74 parent=0x0018eea0 SHELL32.dll!CCopyWorkItem::_DoOperation+0x27 (0x75aca4b6 <SHELL32.dll+0x5a4b6>) modid:0^M

7 fp=0x0018eea0 parent=0x0018f0ec SHELL32.dll!CCopyWorkItem::_SetupAndPerformOp+0x1f2 (0x75aca8f0 <SHELL32.dll+0x5a8f0>) modid:0^M

8 fp=0x0018f0ec parent=0x0018f334 SHELL32.dll!CCopyWorkItem::ProcessWorkItem+0xffffff17 (0x75ac9262 <SHELL32.dll+0x59262>) modid:0^M

9 fp=0x0018f334 parent=0x0018f368 SHELL32.dll!CRecursiveFolderOperation::Do+0x149 (0x75ac963d <SHELL32.dll+0x5963d>) modid:0^M

#10 fp=0x0018f368 parent=0x0018f3ac SHELL32.dll!CFileOperation::_EnumRootDo+0xe8 (0x75ac9f96 <SHELL32.dll+0x59f96>) modid:0^M
#11 fp=0x0018f3ac parent=0x0018f414 SHELL32.dll!CFileOperation::PrepareAndDoOperations+0x1e9 (0x75ac9a65 <SHELL32.dll+0x59a65>) modid:0^M
#12 fp=0x0018f414 parent=0x0018f43c SHELL32.dll!SHFileOperationWithAdditionalFlags+0xe8 (0x75ac9809 <SHELL32.dll+0x59809>) modid:0^M
#13 fp=0x0018f43c parent=0x0018f44c SHELL32.dll!SHFileOperationW+0xe (0x75ac9717 <SHELL32.dll+0x59717>) modid:0^M
#14 fp=0x0018f44c parent=0x0018f4c8 content.dll!content::BaseFile::MoveFileAndAdjustPermissions+0xb3 [d:\src\chrome\src\content\browser\download\base_file_wi
n.cc:342+0x9](0x06c21264 <content.dll+0x4d1264) modid:0^M
#15 fp=0x0018f4c8 parent=0x0018f5c8 content.dll!content::BaseFile::Rename+0x133 [d:\src\chrome\src\content\browser\download\base_file.cc:160+0xb](0x06c200b4
<content.dll+0x4d00b4) modid:0^M
#16 fp=0x0018f5c8 parent=0x0018f788 content.dll!content::DownloadFileImpl::RenameWithRetryInternal+0x152 [d:\src\chrome\src\content\browser\download\download
_file_impl.cc:159+0x14](0x06c25863 <content.dll+0x4d5863) modid:0^M
#17 fp=0x0018f788 parent=0x0018f7b4 content.dll!content::DownloadFileImpl::RenameAndAnnotate+0x32 [d:\src\chrome\src\content\browser\download\download_file_i
mpl.cc:123+0x29](0x06c25693 <content.dll+0x4d5693) modid:0^M
#18 fp=0x0018f7b4 parent=0x0018fa74 content::DownloadFileTestWithRename_RenameWithErrorRetry_Test::TestBody+0x516 [d:\src\chrome\src\content\browser\download
\download_file_unittest.cc:648+0x66](0x007385d7 <content_unittests.exe+0x3385d7) modid:0^M
#19 fp=0x0018fa74 parent=0x0018fa7c testing::internal::HandleExceptionsInMethodIfSupported<>+0x33 [d:\src\chrome\src\testing\gtest\src\gtest.cc:2418+0x5](0x
01252354 <content_unittests.exe+0xe52354) modid:0^M
...^M
return from system call #48==48.0 NtOpenFile
system call 48 NtOpenFile failed with error 0xc0000043

The error is set into the teb.
0:000> !teb
TEB at fffdd000
ExceptionList: 0018eb44
StackBase: 00190000
StackLimit: 00187000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: fffdd000
EnvironmentPointer: 00000000
ClientId: 000b8174 . 000b8a14
RpcHandle: 00000000
Tls Storage: 0031e0b0
PEB Address: fffde000
LastErrorValue: 32
LastStatusValue: c0000043
Count Owned Locks: 0
HardErrorMode: 0

Then later on RtlFreeHeap, our replaced replace_RtlFreeHeap failed, and overwrite the error in teb, and cause the test failure.

dr_switch_to_app_state(drcontext);
if (!res) {
    /* XXX: all our errors are invalid params so that's all we set.
     * We deliberately wait until in app mode to make this more efficient.
     */
    set_app_error_code(drcontext, ERROR_INVALID_PARAMETER);
}

0:000> dv
heap = 0x002f0000
flags = 0
ptr = 0x00000000
mc = struct _dr_mcontext_t
arena = 0x0d2a0000
drcontext = 0x1d9be880
res = 0x00 ''

0:000> !teb
TEB at fffdd000
ExceptionList: 0018eb44
StackBase: 00190000
StackLimit: 00187000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: fffdd000
EnvironmentPointer: 00000000
ClientId: 000b8174 . 000b8a14
RpcHandle: 00000000
Tls Storage: 0031e0b0
PEB Address: fffde000
LastErrorValue: 87
LastStatusValue: c0000043
Count Owned Locks: 0
HardErrorMode: 0

[derekbruening]

From zhao...@google.com on October 02, 2014 00:29:34

In contrast, if run natively:

0:000> kp
ChildEBP RetAddr
0018ea84 76e19a9e ntdll!RtlFreeHeap
0018eb54 76e19abf kernel32!MoveFileWithProgressTransactedW+0x510
0018eb74 76e19b1c kernel32!MoveFileWithProgressW+0x1b
0018eb90 75d8127e kernel32!MoveFileExW+0x17
0018ebdc 75d81cc3 SHELL32!CFSTransfer::_SameVolumeMoveOrRename+0x226
0018ee24 75cc97e7 SHELL32!CFSTransfer::MoveItem+0x1be
0018ee74 75aca4b6 SHELL32!CMoveOperation::Do+0x141
0018eea0 75aca8f0 SHELL32!CCopyWorkItem::_DoOperation+0x28
0018f0ec 75ac9262 SHELL32!CCopyWorkItem::_SetupAndPerformOp+0x23a
0018f334 75ac963d SHELL32!CCopyWorkItem::ProcessWorkItem+0x152
0018f368 75ac9f96 SHELL32!CRecursiveFolderOperation::Do+0x224
0018f3ac 75ac9a65 SHELL32!CFileOperation::_EnumRootDo+0x14e
0018f414 75ac9809 SHELL32!CFileOperation::PrepareAndDoOperations+0x275
0018f43c 75ac9717 SHELL32!SHFileOperationWithAdditionalFlags+0xe9
0018f44c 06c11264 SHELL32!SHFileOperationW+0xf
0018f4c8 06c100b4 content!content::BaseFile::MoveFileAndAdjustPermissions(class base::FilePath * new_path = 0x0018f76c)+0xb4 [d:\src\chrome\src\content\browser\download\base_file_win.cc @ 342]
0018f5c8 06c15863 content!content::BaseFile::Rename(class base::FilePath * new_path = 0x0018f76c)+0x134 [d:\src\chrome\src\content\browser\download\base_file.cc @ 160]
0018f788 06c15693 content!content::DownloadFileImpl::RenameWithRetryInternal(class base::FilePath * full_path = 0x0018fa28, content::DownloadFileImpl::RenameOption option = ANNOTATE_WITH_SOURCE_INFORMATION (2), int retries_left = 3, class base::TimeTicks time_of_first_failure = class base::TimeTicks, class base::Callback<void __cdecl(enum content::DownloadInterruptReason,base::FilePath const &)> * callback = 0x0018f840)+0x153 [d:\src\chrome\src\content\browser\download\download_file_impl.cc @ 159]
0018f7b4 007385d7 content!content::DownloadFileImpl::RenameAndAnnotate(class base::FilePath * full_path = 0x0018fa28, class base::Callback<void __cdecl(enum content::DownloadInterruptReason,base::FilePath const &)> * callback = 0x0018f840)+0x33 [d:\src\chrome\src\content\browser\download\download_file_impl.cc @ 124]
0018fa74 01252354 content_unittests!content::DownloadFileTestWithRename_RenameWithErrorRetry_Test::TestBody(void)+0x517 [d:\src\chrome\src\content\browser\download\download_file_unittest.cc @ 648]

0:000> dds esp
0018ea88 76e19a9e kernel32!MoveFileWithProgressTransactedW+0x510
0018ea8c 00280000
0018ea90 00000000
0018ea94 00000000
0018ea98 76e19a28 kernel32!MoveFileWithProgressTransactedW+0x4be

0:000> !teb
TEB at fffdd000
ExceptionList: 0018eb44
StackBase: 00190000
StackLimit: 00187000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: fffdd000
EnvironmentPointer: 00000000
ClientId: 0002416c . 000b7f7c
RpcHandle: 00000000
Tls Storage: 00289628
PEB Address: fffde000
LastErrorValue: 32
LastStatusValue: c0000043
Count Owned Locks: 0
HardErrorMode: 0

After
0:000> !teb
TEB at fffdd000
ExceptionList: 0018eb44
StackBase: 00190000
StackLimit: 00187000
SubSystemTib: 00000000
FiberData: 00001e00
ArbitraryUserPointer: 00000000
Self: fffdd000
EnvironmentPointer: 00000000
ClientId: 0002416c . 000b7f7c
RpcHandle: 00000000
Tls Storage: 00289628
PEB Address: fffde000
LastErrorValue: 32
LastStatusValue: c0000043
Count Owned Locks: 0
HardErrorMode: 0

So the native RtlFreeHeap won't report error on free a NULL pointer, but we reported.

[derekbruening]

From zhao...@google.com on October 02, 2014 00:32:09

In RtlFreeHeap:

77c8dfac 8b5d10 mov ebx,[ebp+0x10]
77c8dfaf 57 push edi
77c8dfb0 33ff xor edi,edi
77c8dfb2 897dfc mov [ebp-0x4],edi
77c8dfb5 3bdf cmp ebx,edi
77c8dfb7 0f84ff620000 je ntdll!RtlFreeHeap+0x14 (77c942bc)

77c942bc b001 mov al,0x1
77c942be e9789dffff jmp ntdll!RtlFreeHeap+0x143 (77c8e03b)

77c8e03b 5f pop edi
77c8e03c 5b pop ebx
77c8e03d c9 leave
77c8e03e c20c00 ret 0xc

So it returns without setting any error no if ptr is NULL.

[derekbruening]

From zhao...@google.com on October 06, 2014 12:03:43

This issue was closed by revision r2099 .

Status: Fixed