Correction to crash inside RtlCaptureStackBackTrace() + test case
Janne Hakonen
joyer83 at live.fi
Tue Feb 1 13:44:37 CST 2011
>
> It doesn't need a try-except block, just better wrap-around handling.
>
Ah, you mean to enhance the if-check?
Well..., to me it seems that there is a problem with the 2nd check:
"(void *)(frame + 1) >= NtCurrentTeb()->Tib.StackBase"
If frame is 0xffffffff or close to it (e.g. 0xfffffffc), adding 1 to its address makes it overflow and the left side becomes 0x3, or 0x0 in 0xfffffffc's case. And that would make the check fail.
I would propose that this would be corrected with an additional overflow check.
There are two 4 byte values that needs to be read: next frame address and return address.
So, it would be checked that address of last byte of return address (frame + 7 bytes) is not smaller than current frame address, right?
The if-check would then be as follows:
if (((void *)frame < NtCurrentTeb()->Tib.StackLimit) ||
((void *)(frame + 1) >= NtCurrentTeb()->Tib.StackBase) ||
((ULONG_PTR)frame & 3) ||
((ULONG)((char *)frame + 7) < (ULONG)frame))
...
I'm not quite sure if casting pointers to ULONG for comparison is wise move, but can't think anything else for that.
Do you think there is any problems with this approach?
Other alternative could be to just simply check if the frame pointer equals to 0xfffffffc, that, combined with "(ULONG_PTR)frame & 3" should handle all cases near 0xffffffff.
Best Regards,
Janne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20110201/59ab4b9d/attachment.htm>
More information about the wine-devel
mailing list