[Bug 34258] 64-bit Cygwin installer crashes on start (app misaligns stack causing crash in gcc emitted x64 MSABI prologue code)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Sep 1 14:11:31 CDT 2013
http://bugs.winehq.org/show_bug.cgi?id=34258
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
URL| |http://cygwin.com/setup-x86
| |_64.exe
CC| |focht at gmx.net
Resolution| |DUPLICATE
Summary|cygwin (64-bit) installer |64-bit Cygwin installer
|crashes on start |crashes on start (app
| |misaligns stack causing
| |crash in gcc emitted x64
| |MSABI prologue code)
--- Comment #5 from Anastasius Focht <focht at gmx.net> 2013-09-01 14:11:31 CDT ---
Hello folks,
confirming.
Reminded me of bug 27680 (violation of the Windows 64-bit ABI, stack pointer
(RSP) must be 16-byte aligned when making a call to Win64 API)...
Similarly the gcc generated prologue code for MSABI (SSE2 callee save) causes a
crash due to misaligned stack (needs to be 16-byte aligned).
--- snip ---
...
0027:Starting process L"Z:\\home\\focht\\Downloads\\setup-x86_64.exe"
(entryproc=0x691616)
0027:Call KERNEL32.GetModuleHandleA(0057ce81 "KERNEL32") ret=0057ce90
0027:Ret KERNEL32.GetModuleHandleA() retval=7b820000 ret=0057ce90
0027:Call KERNEL32.GetProcAddress(7b820000,0057ce9a "VirtualProtect")
ret=0057ceb1
0027:Ret KERNEL32.GetProcAddress() retval=7b83007c ret=0057ceb1
0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7fb738137842
ip=7fb738137842 tid=0027
0027:trace:seh:raise_exception rax=000000007b83007c rbx=000000007b83007c
rcx=000000007bae33d0 rdx=00000000000403dc
0027:trace:seh:raise_exception rsi=0000000000690000 rdi=000000000040016f
rbp=000000000033fc08 rsp=000000000033fb18
0027:trace:seh:raise_exception r8=000000000033fc80 r9=000000000033fc88
r10=0000000000000000 r11=0000003629581400
0027:trace:seh:raise_exception r12=000000007bf00c50 r13=00007fffb49477a0
r14=0000000000000000 r15=0000000000000000
...
--- snip ---
Winedbg isn't useful here because it doesn't support SSE2 instructions.
Running winedbg --gdb yields more useful results.
Debug session:
--- snip ---
...
Dump of assembler code for function NtProtectVirtualMemory:
=> 0x00007f8e5e51703a <+0>: push %rbp
0x00007f8e5e51703b <+1>: mov %rsp,%rbp
0x00007f8e5e51703e <+4>: push %rdi
0x00007f8e5e51703f <+5>: push %rsi
0x00007f8e5e517040 <+6>: sub $0x1d0,%rsp
0x00007f8e5e517047 <+13>: movaps %xmm6,-0xb0(%rbp)
0x00007f8e5e51704e <+20>: movaps %xmm7,-0xa0(%rbp)
0x00007f8e5e517055 <+27>: movaps %xmm8,-0x90(%rbp)
0x00007f8e5e51705d <+35>: movaps %xmm9,-0x80(%rbp)
0x00007f8e5e517062 <+40>: movaps %xmm10,-0x70(%rbp)
0x00007f8e5e517067 <+45>: movaps %xmm11,-0x60(%rbp)
0x00007f8e5e51706c <+50>: movaps %xmm12,-0x50(%rbp)
0x00007f8e5e517071 <+55>: movaps %xmm13,-0x40(%rbp)
0x00007f8e5e517076 <+60>: movaps %xmm14,-0x30(%rbp)
0x00007f8e5e51707b <+65>: movaps %xmm15,-0x20(%rbp)
0x00007f8e5e517080 <+70>: mov %rcx,0x10(%rbp)
0x00007f8e5e517084 <+74>: mov %rdx,0x18(%rbp)
0x00007f8e5e517088 <+78>: mov %r8,0x20(%rbp)
0x00007f8e5e51708c <+82>: mov %r9d,0x28(%rbp)
0x00007f8e5e517090 <+86>: movl $0x0,-0xb4(%rbp)
0x00007f8e5e51709a <+96>: mov 0x20(%rbp),%rax
0x00007f8e5e51709e <+100>: mov (%rax),%rax
...
--- snip ---
Reg dump before faulting instruction (xmm6 save):
--- snip ---
Wine-gdb> info reg
rax 0x33fc50 3406928
rbx 0x7b89f360 2072638304
rcx 0xffffffffffffffff -1
rdx 0x33fc50 3406928
rsi 0x690000 6881280
rdi 0x40016f 4194671
rbp 0x33fbe8 0x33fbe8
rsp 0x33fa08 0x33fa08
r8 0x33fc58 3406936
r9 0x4 4
r10 0x3629532710 232621549328
r11 0x0 0
r12 0x7bf00c50 2079329360
r13 0x7fff237e6030 140733788872752
r14 0x0 0
r15 0x0 0
rip 0x7f8e5e517047 0x7f8e5e517047 <NtProtectVirtualMemory+13>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
Program received signal SIGSEGV, Segmentation fault.
...
0x00007f8e5e517047 in NtProtectVirtualMemory (process=0x0, addr_ptr=0x0,
size_ptr=0x0, new_prot=6881280, old_prot=0x33fc88)
at /home/focht/projects/wine/wine-git/dlls/ntdll/virtual.c:2120
2120 {
--- snip ---
Windows x86_64 ABI specifies that registers xmm6-xmm15 be callee saved.
Gcc generates the MSABI prologue accordingly (see previous disassembly).
At the entry point of VirtualProtect() the stack is 16-byte aligned ...
--- snip ---
Stopped on breakpoint 1 at 0x000000007b89f360 VirtualProtect
[/home/focht/projects/wine/wine-git/dlls/kernel32/virtual.c:214] in kernel32
VirtualProtect () at
/home/focht/projects/wine/wine-git/dlls/kernel32/virtual.c:214
214 {
Wine-dbg>info reg
Register dump:
rip:000000007b89f360 rsp:000000000033fc80 rbp:000000000033fd20 eflags:00000206
( - -- I - -P- )
rax:000000007b89f360 rbx:000000007b89f360 rcx:000000000040016f
rdx:0000000000000078
rsi:0000000000690000 rdi:000000000040016f r8:0000000000000004
r9:000000000033fc88 r10:0000003629532710
r11:0000000000000000 r12:000000007bf00c50 r13:00007fffff7bdb10
r14:0000000000000000 r15:0000000000000000
Wine-dbg>
--- snip ---
*dingding*
At time of performing the call instruction the stack has to be 16-byte aligned!
Hence the callee messed this up.
Dupe of bug 27680 I'd say.
Tidbit: setup-x86_64.exe is compressed by "mpress"
(http://www.matcode.com/mpress.htm)
Regards
*** This bug has been marked as a duplicate of bug 27680 ***
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list