[Bug 10134] regtlib.exe from .NET 1.1's dotnetfx. exe installer crashes with heap problem

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Feb 26 15:06:34 CST 2008 

http://bugs.winehq.org/show_bug.cgi?id=10134





--- Comment #26 from Anastasius Focht <focht at gmx.net>  2008-02-26 15:06:32 ---
Hello,

--- snip ---
The bug is that the app is accessing the internals of the activation context,
and passing the magic number as a pointer. It looks like it's confusing an
activation context stack frame with the actual context. Of course never
returning a context at all from QueryActCtx would fix it, but I have a hard
time believing that it's the correct fix.
--- snip ---

What kind of information do you need for a better fix?
As I said in comment #17, the culprit seems to be the following call to
KERNEL32.QueryActCtxW() from app:

--- snip wine trace ---
..
0043:Call KERNEL32.LoadLibraryExW(791bd8f8 L"kernel32.dll",00000000,00000000)
ret=791b7b63
0043:Ret  KERNEL32.LoadLibraryExW() retval=7b820000 ret=791b7b63
0043:Call KERNEL32.GetProcAddress(7b820000,792405fc "QueryActCtxW")
ret=792405e1
0043:Ret  KERNEL32.GetProcAddress() retval=7b829fac ret=792405e1
0043:Call
KERNEL32.QueryActCtxW(00000000,00000000,00000000,00000001,0034f9b0,00000008,0034f9c0)
ret=7924064e
0043:trace:actctx:RtlQueryInformationActivationContext 00000000 (nil) (nil) 1
0x34f9b0 8 0x34f9c0
0043:Ret  KERNEL32.QueryActCtxW() retval=00000001 ret=7924064e
0043:Call shlwapi.StrCmpW(790413f8 L"SXS_ACTIVATION_CONTEXT",79248834
L"SXS_ACTIVATION_CONTEXT") ret=7904136c
..
--- snip wine trace ---

The parameters of the call are hard coded (commented for you pleasure)

--- snip app call parameter setup ---
..
xor     ebx, ebx
..
push    8
pop     edi
..
lea     eax, [ebp-4]    ; pcbLen
push    eax             
push    edi             ; cbBuff = 8 =
sizeof(ACTIVATION_CONTEXT_BASIC_INFORMATION)
lea     eax, [ebp-14h]   ; pvBuff
push    eax             
push    1               ; ulClass = 1 = ActivationContextBasicInformation
push    ebx             ; pvSubInst = NULL
push    ebx             ; hActCtx = NULL
push    ebx             ; dwFlags = 0
call    QueryActCtxW
..
--- snip app call parameter setup ---

I wrote a test client calling the same function on XP with same parameters.
There is no activation context handle returned back in basic info structure
(both members are cleared).
Though I admit that I don't understand why this query is actually done when no
info is returned.

Wine instead returns default process actctx with catastrophic result ...
Later the code goes as follows (only relevant parts) :

--- snip app evaluation of returned data ---
..
mov     eax, [ebp-8] ; pvBuff (PACTIVATION_CONTEXT_BASIC_INFORMATION)
mov     eax, [eax]   ; pvBuff->hActCtx
cmp     eax, ebx     ; hActCtx == NULL ?
jz      no_actctx_handle 
..
push    4            ; sizeof(HANDLE)
push    eax          ; hActCtx 
..
call    some_sub_xxx
..
no_actctx_handle:
..
ret
--- snip app evaluation of returned data ---

--- snip app uses context handle ---
some_sub_xxx:
..
mov     eax, [ebp+10h] ; hActCtx (from previous snippet)
mov     eax, [eax]     ; whoops ... probably not intended (ActCtx->magic)
cmp     eax, 0FFFFFFFFh
jz      go_home
push    eax
call    AddRefActCtx ; *boom*
..
--- snip app uses context handle ---

--- snip dlls/ntdll/actctx.c ---
typedef struct _ACTIVATION_CONTEXT
{
    ULONG               magic;
    int                 ref_count;
    struct file_info    config;
    struct file_info    appdir;
    struct assembly    *assemblies;
    unsigned int        num_assemblies;
    unsigned int        allocated_assemblies;
} ACTIVATION_CONTEXT; 
--- snip dlls/ntdll/actctx.c ---

Maybe there is one indirection missing, like you said (handle -> &actctx vs.
handle -> frame ptr -> acttcx).

I've never seen queries with such parameters in regular apps.
Maybe this is just a special thing to .NET framework/apps and maybe other OS
components.
I don't like the road .NET sometimes takes either (directly accessing/peeking
into internal/undocumented windows structures) ... it makes it a somewhat
tedious task to get fully working .NET support into wine.
Though in the long run it will actually help/boost wine.

Anyway I still think fixing QueryActCtxW() (and not using SEH) would be the
better solution regardless what kind of brain damage is present ...

But in the end you are the boss.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list