[Bug 33359] New: WinRT/ARM port of Audacity crashes in dll entry point due to incorrect thumb2 mode MOVW/MOVT relocation type processing

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Apr 9 18:24:36 CDT 2013 

http://bugs.winehq.org/show_bug.cgi?id=33359

             Bug #: 33359
           Summary: WinRT/ARM port of Audacity crashes in dll entry point
                    due to incorrect thumb2 mode MOVW/MOVT relocation type
                    processing
           Product: Wine
           Version: 1.5.27
          Platform: arm
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntdll
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello folks,

as the summary says ...

--- snip ---
...
002e:Call PE DLL (proc=0x41f6f258,module=0x41ef0000
L"msvcrt.dll",reason=PROCESS_ATTACH,res=(nil)) 
...
002e:trace:module:load_dll looking for L"wxbase28u_net_vc_custom.dll" in
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
002e:trace:module:get_load_order looking for
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity\\wxbase28u_net_vc_custom.dll"
...
002e:trace:module:load_native_dll Trying native dll
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity\\wxbase28u_net_vc_custom.dll"
002e:trace:module:map_image mapped PE file at 0x42150000-0x42174000
002e:trace:module:map_image mapping section .text at 0x42151000 off 400 size
d400 virt d338 flags 60000020
002e:trace:module:map_image clearing 0x4215e400 - 0x4215f000
002e:trace:module:map_image mapping section .rdata at 0x4215f000 off d800 size
ec00 virt eb28 flags 40000040
002e:trace:module:map_image clearing 0x4216dc00 - 0x4216e000
002e:trace:module:map_image mapping section .data at 0x4216e000 off 1c400 size
800 virt b6c flags c0000040
002e:trace:module:map_image clearing 0x4216e800 - 0x4216f000
002e:trace:module:map_image mapping section .pdata at 0x4216f000 off 1cc00 size
1200 virt 11e0 flags 40000040
002e:trace:module:map_image clearing 0x42170200 - 0x42171000
002e:trace:module:map_image mapping section .rsrc at 0x42171000 off 1de00 size
800 virt 748 flags 40000040
002e:trace:module:map_image clearing 0x42171800 - 0x42172000
002e:trace:module:map_image mapping section .reloc at 0x42172000 off 1e600 size
1a00 virt 18f0 flags 42000040
002e:trace:module:map_image clearing 0x42173a00 - 0x42174000
002e:trace:module:map_image relocating from 0x10000000-0x10024000 to
0x42150000-0x42174000 
...
002e:trace:module:load_dll looking for L"MSVCR110.dll" in
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
002e:trace:module:load_dll Found L"C:\\windows\\system32\\msvcr110.dll" for
L"MSVCR110.dll" at 0x420e0000, count=2
002e:trace:imports:import_dll --- _calloc_crt MSVCR110.dll.496 = 0x41eff9c0
...
002e:trace:imports:import_dll --- _initterm_e MSVCR110.dll.701 = 0x41ef955c
002e:trace:imports:import_dll --- _amsg_exit MSVCR110.dll.474 = 0x41ef73b8
002e:trace:imports:import_dll --- _malloc_crt MSVCR110.dll.827 = 0x41f00efc
002e:trace:imports:import_dll --- _unlock MSVCR110.dll.1165 = 0x41efd460
002e:trace:imports:import_dll --- __dllonexit MSVCR110.dll.390 = 0x41ef67ec
002e:trace:imports:import_dll --- _lock MSVCR110.dll.810 = 0x41efa480
002e:trace:imports:import_dll --- _onexit MSVCR110.dll.976 = 0x41efbae8
002e:trace:imports:import_dll --- _initterm MSVCR110.dll.700 = 0x41ef951c
002e:warn:module:import_dll No implementation for
MSVCR110.dll.__C_specific_handler imported from
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity\\wxbase28u_net_vc_custom.dll",
setting to 0x419a0288
002e:trace:imports:import_dll --- __C_specific_handler MSVCR110.dll.349 =
0x419a0288
002e:trace:imports:import_dll --- ?terminate@@YAXXZ MSVCR110.dll.313 =
0x41ef61c4
002e:trace:imports:import_dll --- ??1type_info@@UAA at XZ MSVCR110.dll.112 =
0x41ef59ec
002e:trace:module:load_dll looking for L"KERNEL32.dll" in
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity;.;C:\\windows\\system32;C:\\windows\\system;C:\\windows;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
002e:trace:module:load_dll Found L"C:\\windows\\system32\\KERNEL32.dll" for
L"KERNEL32.dll" at 0x40a00000, count=21 
...
002e:trace:loaddll:load_native_dll Loaded
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity\\wxbase28u_net_vc_custom.dll"
at 0x42150000: native
002e:trace:module:load_dll Loaded module
L"Z:\\home\\linaro\\wine-apps\\audacity\\Audacity\\wxbase28u_net_vc_custom.dll"
(native) at 0x42150000
...
002e:trace:module:process_attach (L"wxbase28u_net_vc_custom.dll",0x1) - START 
...
002e:Call PE DLL (proc=0x4215d539,module=0x42150000
L"wxbase28u_net_vc_custom.dll",reason=PROCESS_ATTACH,res=0x1)
002e:Call KERNEL32.GetSystemTimeAsFileTime(4143fcb0) ret=4215d78b
002e:Ret  KERNEL32.GetSystemTimeAsFileTime() retval=00000000 ret=4215d78b
002e:Call KERNEL32.GetCurrentThreadId() ret=4215d799
002e:Ret  KERNEL32.GetCurrentThreadId() retval=0000002e ret=4215d799
002e:Call KERNEL32.GetTickCount64() ret=4215d7a5
002e:Ret  KERNEL32.GetTickCount64() retval=00000000002f5c5f ret=4215d7a5
002e:Call KERNEL32.QueryPerformanceCounter(4143fcb8) ret=4215d7b5
002e:Ret  KERNEL32.QueryPerformanceCounter() retval=00000001 ret=4215d7b5
002e:trace:seh:raise_exception  info[0]=00000000
002e:trace:seh:raise_exception  info[1]=72657468
002e:trace:seh:raise_exception  Pc:72657468 Sp:4143fc70 Lr:4215d3bb
Cpsr:200f0030 r0:4215f5a0 r1:4215f5ac r2:0000 r3:0001
002e:trace:seh:raise_exception  r4:4216eb5c r5:4216eb58  r6:0000  r7:0001
r8:42150000 r9:42150000 r10:40046000 Fp:4143fca0 Ip:4205f00c
002e:trace:seh:call_stack_handlers calling handler at 0x4041d6fc code=c0000005
flags=0
002e:trace:seh:RtlUnwind code=c0000005 flags=2
002e:exception in PE entry point
(proc=0x4215d539,module=0x42150000,reason=PROCESS_ATTACH,res=0x1)
002e:Ret  PE DLL (proc=0x4215d539,module=0x42150000
L"wxbase28u_net_vc_custom.dll",reason=PROCESS_ATTACH,res=0x1) retval=0
002e:Call PE DLL (proc=0x4215d539,module=0x42150000
L"wxbase28u_net_vc_custom.dll",reason=PROCESS_DETACH,res=0x1)
002e:Ret  PE DLL (proc=0x4215d539,module=0x42150000
L"wxbase28u_net_vc_custom.dll",reason=PROCESS_DETACH,res=0x1) retval=0
002e:warn:module:process_attach Initialization of
L"wxbase28u_net_vc_custom.dll" failed
002e:trace:module:process_attach (L"wxbase28u_net_vc_custom.dll",0x1) - END
002e:trace:module:process_attach (L"Audacity.exe",0x1) - END 
--- snip ---

--- snip ---
Wine-gdb> bt
#0  0x72657468 in ?? ()
#1  0x4211d3ba in ?? ()
#2  0x4211d3ba in ?? ()

Wine-gdb> x/10i 0x4211d3aa
   0x4211d3aa:  ldr     r1, [pc, #120]  ; (0x4211d424)
   0x4211d3ac:  ldr     r0, [pc, #112]  ; (0x4211d420)
   0x4211d3ae:  movs    r3, #1
   0x4211d3b0:  dmb     ish
   0x4211d3b4:  str     r3, [r4, #0]
   0x4211d3b6:  bl      0x4211d654
   0x4211d3ba:  cmp     r0, #0

Wine-gdb> x/10i 0x4211d654
   0x4211d654:  movw    r12, #61452     ; 0xf00c
   0x4211d658:  movt    r12, #16897     ; 0x4201
   0x4211d65c:  ldr.w   pc, [r12]

Wine-gdb> x/10x 0x4201f00c
0x4201f00c <__wine_spec_file_name+28468>:       0x72657469      0x726f7461     
0x3f554740      0x61686324
0x4201f01c <__wine_spec_file_name+28484>:       0x72745f72      0x73746961     
0x73404740      0x40406474
0x4201f02c <__wine_spec_file_name+28500>:       0x56403240      0x30403233
--- snip ---

imm16 from MOVT should be 0x4211 in this case (final relocation: 0x4211f00c)

>From "ARM Architecture Reference Manual Thumb-2 Supplement":

--- quote ---
Assembler syntax

MOVT<c><q> <Rd>, #<imm16>

where:

S If present, specifies that the instruction updates the flags. Otherwise, the
instruction does not
update the flags.
<c><q> See Standard assembler syntax fields on page 4-6.
<Rd> Specifies the destination register.
<imm16> Specifies the immediate value to be written to <Rd>. It must be in the
range 0-65535.

MOVT<c> <Rd>,#<imm16>

Operation

if ConditionPassed() then
EncodingSpecificOperations();
R[d]<31:16> = imm16;
// R[d]<15:0> unchanged

Exceptions

None.
--- quote ---

The opcode encodes as follows:

--- snip ---
11110|i|10  1100|imm4|  0|imm3|Rd|  imm8

d = UInt(Rd);

Encoding of imm16 argument for MOVT and MOVW Thumb2 instructions:

imm16 = imm4:i:imm3:imm8
--- snip ---

Example with original opcodes (unprocessed relocation):

--- snip ---
Wine-gdb> x/10i 0x4214d660
...
0x0cb8f24f ;  movw    r12, #61624 ; 0xf24f -> i=0x0, imm4=0xf
                                  ; 0x0cb8 -> imm3=0x0, Rd=0xc, imm8=0xb8
                                  ; -> low imm16=0xf0b8

0x0c00f2c1 ;  movt    r12, #4096  ; 0xf2c1 -> i=0x0, imm4=0x1
                                  ; 0x0c00 -> imm3=0x0, Rd=0xC, imm8=0x00
                                  ; -> high imm16=0x1000

0xf000f8dc ;  ldr.w   pc, [r12]
--- snip ---

Wine source:
http://source.winehq.org/git/wine.git/blob/cd03a51e7ddcafb3cf98b6c1dd5469bb92b8adcd:/dlls/ntdll/loader.c#l2154

With relocations fixed all dll entry points are correctly executed, including
Wine builtin MSVC++ 2012 runtime initialization.
The app then runs into bug 33195

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list