[Bug 35021] New: League of Legends installer page faults in custom action during stackwalk (SymFromAddr with NULL displacement ptr)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Nov 30 05:20:32 CST 2013
http://bugs.winehq.org/show_bug.cgi?id=35021
Bug #: 35021
Summary: League of Legends installer page faults in custom
action during stackwalk (SymFromAddr with NULL
displacement ptr)
Product: Wine
Version: 1.7.7
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: dbghelp
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Classification: Unclassified
Hello folks,
I already mentioned this in bug 35011 ... not a big thing but it deserves it's
own bug.
The context capture/stack walk in custom action is done on purpose.
--- snip ---
003b:trace:msi:ACTION_CallDllFunction calling L"OnAiRemoveFilesUndoable"
...
003b:Call dbghelp.SymGetModuleBase(ffffffff,7d4fd3f7) ret=7e458574
003b:Ret dbghelp.SymGetModuleBase() retval=7d4d0000 ret=7e458574
003b:Call dbghelp.SymFunctionTableAccess(ffffffff,7d4fd3f7) ret=7e458515
003b:Ret dbghelp.SymFunctionTableAccess() retval=00000000 ret=7e458515
003b:Ret dbghelp.StackWalk() retval=00000001 ret=003b337f
003b:Call ntdll.RtlAllocateHeap(00bb0000,00000000,00000020) ret=003c8570
003b:Ret ntdll.RtlAllocateHeap() retval=00bb41d0 ret=003c8570
003b:Call dbghelp.SymFromAddr(ffffffff,7d4fd3f7,00000000,00000000,00bb39a0)
ret=003b3844
003b:Call ntdll.RtlReAllocateHeap(00110000,00000000,01300030,0000ad88)
ret=7e45be05
003b:Ret ntdll.RtlReAllocateHeap() retval=01300030 ret=7e45be05
003b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e45d158
ip=7e45d158 tid=003b
003b:trace:seh:raise_exception info[0]=00000001
003b:trace:seh:raise_exception info[1]=00000000
003b:trace:seh:raise_exception eax=0000000b ebx=00000000 ecx=00000000
edx=00000000 esi=7d4fd3ec edi=00000000
003b:trace:seh:raise_exception ebp=00ebca58 esp=00ebca20 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
003b:trace:seh:call_stack_handlers calling handler at 0x3d840d code=c0000005
flags=0
...
003b:trace:seh:__regs_RtlUnwind handler at 0x3da946 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x3cb818 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x3cb818 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x7bc81a26 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x7bc81a26 returned 3
003b:Ret ntdll.RtlUnwind() retval=00000000 ret=7d566735
003b: eax=00000000 ebx=7d5c7000 ecx=00eba318 edx=00eba318 esi=00ebe8d0
edi=7d56674a ebp=00eb9e08 esp=00eb9dd8 ds=002b es=002b fs=0063 gs=006b
flags=00200216
003b:err:msi:ACTION_CallDllFunction Custom action
(L"C:\\users\\focht\\Temp\\msi5823.tmp":L"OnAiRemoveFilesUndoable") caused a
page fault: c0000005
003b:trace:msi:MsiCloseHandle 6
003b:trace:msi:MsiCloseHandle handle 6 destroyed
003b:Call KERNEL32.FreeLibrary(00390000) ret=7d4fd812
003b:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7d4fd812
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:MsiCloseHandle handle 5 destroyed
003b:Call ntdll.RtlFreeHeap(00110000,00000000,00914c28) ret=7d532a5a
003b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7d532a5a
003b:Call oleaut32.SysFreeString(00914e24
L"C:\\users\\focht\\Temp\\msi5823.tmp") ret=7d4fd83c
003b:Ret oleaut32.SysFreeString() retval=00000000 ret=7d4fd83c
003b:Call oleaut32.SysFreeString(0090404c L"OnAiRemoveFilesUndoable")
ret=7d4fd84a
003b:Ret oleaut32.SysFreeString() retval=00000000 ret=7d4fd84a
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:DllThread custom action (3b) returned 0
003b:trace:msi:MsiCloseAllHandles
--- snip ---
Wine unconditionally writes to the optional out parameter 'Displacement' in
SymFromAddr() for which the caller passes NULL, causing a page fault.
MSDN says:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681323%28v=vs.85%29.aspx
--- quote ---
Displacement [out, optional]
The displacement from the beginning of the symbol, or zero.
--- quote ---
Source:
http://source.winehq.org/git/wine.git/blob/836b682ed3bff439f1264bc9cee4ecce6ca88bb2:/dlls/dbghelp/symbol.c#l1219
(fault caused in line 1232)
--- snip ---
1219 BOOL WINAPI SymFromAddr(HANDLE hProcess, DWORD64 Address,
1220 DWORD64* Displacement, PSYMBOL_INFO Symbol)
1221 {
1222 struct module_pair pair;
1223 struct symt_ht* sym;
1224
1225 pair.pcs = process_find_by_handle(hProcess);
1226 if (!pair.pcs) return FALSE;
1227 pair.requested = module_find_by_addr(pair.pcs, Address, DMT_UNKNOWN);
1228 if (!module_get_debug(&pair)) return FALSE;
1229 if ((sym = symt_find_nearest(pair.effective, Address)) == NULL) return
FALSE;
1230
1231 symt_fill_sym_info(&pair, NULL, &sym->symt, Symbol);
1232 *Displacement = Address - Symbol->Address;
1233 return TRUE;
1234 }
--- snip ---
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list