Crash in menus on w32

From: Lennart Borgman
Subject: Crash in menus on w32
Date: Sun, 5 Sep 2010 04:00:39 +0200

Just got this (in my patched Emacs):

warning: HEAP[emacs.exe]:
warning: Invalid Address specified to RtlFreeHeap( 00850000, 00894EA8 )

Program received signal SIGTRAP, Trace/breakpoint trap.
0x7c90120f in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll
(gdb) bt
#0  0x7c90120f in ntdll!DbgUiConnectToDbg ()
   from C:\WINDOWS\system32\ntdll.dll
#1  0x7c96e139 in ntdll!RtlpNtMakeTemporaryKey ()
   from C:\WINDOWS\system32\ntdll.dll
#2  0x7c96e576 in ntdll!RtlpNtMakeTemporaryKey ()
   from C:\WINDOWS\system32\ntdll.dll
#3  0x7c96f75e in ntdll!RtlpNtMakeTemporaryKey ()
   from C:\WINDOWS\system32\ntdll.dll
#4  0x7c94bc4c in ntdll!LdrFindEntryForAddress ()
   from C:\WINDOWS\system32\ntdll.dll
#5  0x00850000 in ?? ()
#6  0x7c927573 in ntdll!RtlPcToFileHeader ()
   from C:\WINDOWS\system32\ntdll.dll
#7  0x011c6abc in w32_free_submenu_strings (menu=0x11d0573) at w32menu.c:1654
#8  0x011c6ad0 in w32_free_submenu_strings (menu=0x101c063b) at w32menu.c:1659
#9  0x011c6ad0 in w32_free_submenu_strings (menu=0xbb04ef) at w32menu.c:1659
#10 0x011c6b1b in w32_free_menu_strings (hwnd=0x1a0456) at w32menu.c:1676
#11 0x011c48fe in menubar_selection_callback (f=0x3d88a00, client_data=0xd56)
    at w32menu.c:345
#12 0x011de2a5 in w32_read_socket (terminal=0x3052900, expected=0,
    hold_quit=0x82f6e0) at w32term.c:4604
#13 0x0100e54d in read_avail_input (expected=0) at keyboard.c:6957
#14 0x0100e457 in gobble_input (expected=0) at keyboard.c:6878
#15 0x0100e40a in get_input_pending (addr=0x13fbaf0, flags=1)
    at keyboard.c:6841
#16 0x01014ab3 in detect_input_pending_run_timers (do_display=0)
    at keyboard.c:10502
#17 0x01007e0d in read_char (commandflag=1, nmaps=23, maps=0x82f990,
    prev_event=45488154, used_mouse_menu=0x82fb6c, end_time=0x0)
    at keyboard.c:2525
#18 0x01011d15 in read_key_sequence (keybuf=0x82fc60, bufsize=30,
    prompt=45488154, dont_downcase_last=0, can_return_switch_frame=1,
    fix_current_buffer=1) at keyboard.c:9316
#19 0x010066cf in command_loop_1 () at keyboard.c:1612
#20 0x01020803 in internal_condition_case (bfun=0x10063ad <command_loop_1>,
    handlers=45545714, hfun=0x1005da2 <cmd_error>) at eval.c:1458
#21 0x01006112 in command_loop_2 (ignore=45488154) at keyboard.c:1337
#22 0x010202f4 in internal_catch (tag=45543882,
    func=0x10060ef <command_loop_2>, arg=45488154) at eval.c:1202
#23 0x010060ca in command_loop () at keyboard.c:1316
#24 0x010059be in recursive_edit_1 () at keyboard.c:939
#25 0x01005b22 in Frecursive_edit () at keyboard.c:1001
#26 0x01002872 in main (argc=1, argv=0xa928e8) at emacs.c:1787

