[Bug 24421] MJ's Help Diagnostics crashes on startup (app provided MonitorEnumProc callback relies on ECX = lprcMonitor)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Feb 5 15:52:34 CST 2014
http://bugs.winehq.org/show_bug.cgi?id=24421
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|-unknown |winex11.drv
Summary|MJ's Help Diagnostics |MJ's Help Diagnostics
|crashes on startup |crashes on startup (app
| |provided MonitorEnumProc
| |callback relies on ECX =
| |lprcMonitor)
--- Comment #11 from Anastasius Focht <focht at gmx.net> ---
Hello Austin,
thanks for the binaries and additional effort to recreate it on Fedora 19.
It seems the app provided MonitorEnumProc callback relies on register ECX
pointing to monitor RECT ... that is certainly broken behaviour.
--- snip ---
00492D9C 55 PUSH EBP
00492D9D 8BEC MOV EBP,ESP
00492D9F 51 PUSH ECX
00492DA0 53 PUSH EBX
00492DA1 56 PUSH ESI
00492DA2 57 PUSH EDI
00492DA3 894D FC MOV DWORD PTR SS:[EBP-4],ECX ; LPRECT lprcMonitor
00492DA6 8BF0 MOV ESI,EAX
00492DA8 A1 34DD4B00 MOV EAX,DWORD PTR DS:[4BDD34]
00492DAD E8 E22EF7FF CALL 00405C94
00492DB2 8BD8 MOV EBX,EAX
00492DB4 8D43 01 LEA EAX,[EBX+1]
00492DB7 50 PUSH EAX
00492DB8 B8 34DD4B00 MOV EAX,004BDD34
00492DBD B9 01000000 MOV ECX,1
00492DC2 8B15 7C2D4900 MOV EDX,DWORD PTR DS:[492D7C]
00492DC8 E8 8330F7FF CALL 00405E50
00492DCD 83C4 04 ADD ESP,4
00492DD0 8D049B LEA EAX,[EBX*4+EBX]
00492DD3 8B15 34DD4B00 MOV EDX,DWORD PTR DS:[4BDD34]
00492DD9 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; LPRECT lprcMonitor
00492DDC 56 PUSH ESI
00492DDD 8D7C82 04 LEA EDI,[EAX*4+EDX+4]
00492DE1 8BF1 MOV ESI,ECX ; LPRECT lprcMonitor
00492DE3 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; left
00492DE4 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; top
00492DE5 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; right
00492DE6 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; bottom
00492DE7 5E POP ESI
00492DE8 8B15 34DD4B00 MOV EDX,DWORD PTR DS:[4BDD34]
00492DEE 893482 MOV DWORD PTR DS:[EAX*4+EDX],ESI
00492DF1 B0 01 MOV AL,1
00492DF3 5F POP EDI
00492DF4 5E POP ESI
00492DF5 5B POP EBX
00492DF6 59 POP ECX
00492DF7 5D POP EBP
00492DF8 C2 0400 RETN 4
--- snip ---
In your case (default gcc '-O2' optimization setting) register ECX was (re)used
as index within X11DRV_EnumDisplayMonitors() hence it was clobbered at the time
the callback was called.
I have optimizations disabled by default because my standard use-case is
debugging Wine ;-)
ECX ended up pointing to 'rcMonitor'.
Try to annotate only X11DRV_EnumDisplayMonitors() with optimize 'disable' hint:
http://source.winehq.org/git/wine.git/blob/0f03f264b772e8638d4f1311a2cbdfc515b7faa5:/dlls/winex11.drv/xinerama.c#l250
--- snip ---
BOOL CDECL __attribute__((optimize("-O0"))) X11DRV_EnumDisplayMonitors( HDC
hdc, LPRECT rect, MONITORENUMPROC proc, LPARAM lp )
--- snip ---
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list