[Bug 29570] New: Some applications crash when being +relay traced due to ntdll's relay_call clobbering ECX (and EDX)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jan 8 13:47:37 CST 2012 

http://bugs.winehq.org/show_bug.cgi?id=29570

             Bug #: 29570
           Summary: Some applications crash when being +relay traced due
                    to ntdll's relay_call clobbering ECX (and EDX)
           Product: Wine
           Version: 1.3.36
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntdll
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello,

while investigating bug 29550 I encountered a problem with +relay
I've seen such kind of +relay related crashes sometimes but forgot to report
them.
Now I have a fresh example ;-)

WINEDEBUG=+tid,+seh,+relay crashes the app quickly:

--- snip ---
...
0024:Call KERNEL32.GetCurrentThreadId() ret=10006777
0024:Ret  KERNEL32.GetCurrentThreadId() retval=00000024 ret=10006777
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10006777
ip=10006777 tid=0024
0024:trace:seh:raise_exception  info[0]=00000001
0024:trace:seh:raise_exception  info[1]=0000000c
0024:trace:seh:raise_exception  eax=00000024 ebx=008ba6a0 ecx=00000000
edx=00000000 esi=001425d0 edi=0032f220
0024:trace:seh:raise_exception  ebp=00040000 esp=0032f1d0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0024:trace:seh:call_vectored_handlers calling handler at 0x68bb9e26
code=c0000005 flags=0
0024:trace:seh:call_vectored_handlers handler at 0x68bb9e26 returned 0
0024:trace:seh:call_stack_handlers calling handler at 0x4a56b0 code=c0000005
flags=0
0024:Call msvcrt._except_handler3(0032f178,0032fd94,0032eeac,0032ed40)
ret=7bc7ac85
0024:trace:seh:_except_handler3 exception c0000005 flags=0 at 0x10006777
handler=0x4a56b0 0x32eeac 0x32ed40 semi-stub
0024:trace:seh:_except_handler3 reached TRYLEVEL_END, returning
ExceptionContinueSearch
0024:Ret  msvcrt._except_handler3() retval=00000001 ret=7bc7ac85
0024:trace:seh:call_stack_handlers handler at 0x4a56b0 returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x4a56b0 code=c0000005
flags=0
0024:Call msvcrt._except_handler3(0032f178,0032fe30,0032eeac,0032ed40)
ret=7bc7ac85
0024:trace:seh:_except_handler3 exception c0000005 flags=0 at 0x10006777
handler=0x4a56b0 0x32eeac 0x32ed40 semi-stub
0024:trace:seh:_except_handler3 level 0 prev -1 filter 0x4a5ab0
0024:Call msvcrt._XcptFilter(c0000005,0032ebd4) ret=004a5ac1
0024:trace:seh:_XcptFilter (c0000005,0x32ebd4)
0024:Ret  msvcrt._XcptFilter() retval=00000000 ret=004a5ac1
0024:trace:seh:_except_handler3 filter returned CONTINUE_SEARCH
0024:trace:seh:_except_handler3 reached TRYLEVEL_END, returning
ExceptionContinueSearch
0024:Ret  msvcrt._except_handler3() retval=00000001 ret=7bc7ac85
0024:trace:seh:call_stack_handlers handler at 0x4a56b0 returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x7bc919e1 code=c0000005
flags=0
0024:Call KERNEL32.UnhandledExceptionFilter(0032eca8) ret=7bc91a1b
...
--- snip ---

Code around the crash location:

-- snip ---
10006760 8B4C24 04        MOV ECX,DWORD PTR SS:[ESP+4]
10006764 33C0             XOR EAX,EAX
10006766 BA 01000000      MOV EDX,1
1000676B F0:0FB111        LOCK CMPXCHG DWORD PTR DS:[ECX],EDX
1000676F 75 0C            JNZ SHORT sfl.1000677D
10006771 FF15 24610210    CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>]
10006777 8941 0C          MOV DWORD PTR DS:[ECX+C],EAX
1000677A C2 0400          RETN 4
...
-- snip ---

Unfortunately ntdll's 32 bits relay_call clobbers ECX (=0) hence the exception
after returning from KERNEL32.GetCurrentThreadId().

Code:
http://source.winehq.org/git/wine.git/blob/2741edb9989d33ae7bb3d2dceba5e5d916655340:/dlls/ntdll/relay.c#l408

Preserving ECX in relay_call() lets the app successfully +relay traced (already
tested).
Technically EDX might need to be preserved for callers too but this app can
live without it...

$ sha1sum sai-1.1.0-ful-en.exe 
fb1876e370d431f21df06428ca6ccf35de727000  sai-1.1.0-ful-en.exe

$ wine --version
wine-1.3.36-172-gb00e703

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list