[Bug 37585] 64-bit Chromium browser engine with native API sandboxing/hooking scheme fails if 64-bit ntdll.dll.so is not mapped at desired fixed address (Google Chrome 38+ crashes)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Nov 8 14:32:52 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=37585

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|ntdll                       |loader
           Hardware|x86                         |x86-64
            Summary|64-bit Google Chrome 38.x   |64-bit Chromium browser
                   |crashes (core dlls must be  |engine with native API
                   |prelinked at fixed          |sandboxing/hooking scheme
                   |addresses)                  |fails if 64-bit
                   |                            |ntdll.dll.so is not mapped
                   |                            |at desired fixed address
                   |                            |(Google Chrome 38+ crashes)

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

still present, tested with 64-bit Chrome 46.0.2490.80

I'm refining the summary to indicate this includes all 64-bit apps/processes
which make use of Chromium's browser engine with native API sandboxing/hooking
scheme.

At least on my system, 64-bit 'ntdll.dll.so' can't be mapped at desired fixed
<2GB address range since 'wine64' overlaps a bit into that area:

--- snip ---
...
00361000-68000000 ---p 00000000 00:00 0 
7b800000-7b860000 r-xp 00000000 00:23 19715625                          
/home/focht/projects/wine/wine.repo/install/lib64/wine/kernel32.dll.so
7b860000-7b861000 rw-p 00000000 00:00 0 
7b861000-7b935000 r-xp 00061000 00:23 19715625                          
/home/focht/projects/wine/wine.repo/install/lib64/wine/kernel32.dll.so
7b935000-7bb34000 ---p 00135000 00:23 19715625                          
/home/focht/projects/wine/wine.repo/install/lib64/wine/kernel32.dll.so
7bb34000-7bb35000 r--p 00134000 00:23 19715625                          
/home/focht/projects/wine/wine.repo/install/lib64/wine/kernel32.dll.so
7bb35000-7bce0000 rw-p 00135000 00:23 19715625                          
/home/focht/projects/wine/wine.repo/install/lib64/wine/kernel32.dll.so
7be00000-7bf02000 r-xp 00000000 00:23 19717163                          
/home/focht/projects/wine/wine.repo/install/bin/wine64
7c000000-7c101000 rw-p 00000000 00:23 19717163                          
/home/focht/projects/wine/wine.repo/install/bin/wine64
7c101000-7c102000 r--p 00101000 00:23 19717163                          
/home/focht/projects/wine/wine.repo/install/bin/wine64
7c102000-7c103000 rw-p 00102000 00:23 19717163                          
/home/focht/projects/wine/wine.repo/install/bin/wine64
7c400000-7c404000 r-xp 00200000 00:23 19717164                          
/home/focht/projects/wine/wine.repo/install/bin/wine64-preloader
7c604000-7c605000 rw-p 00204000 00:23 19717164                          
/home/focht/projects/wine/wine.repo/install/bin/wine64-preloader
7cadd000-7cbdf000 rw-p 00000000 00:00 0                                  [heap]
7ff00000-7ffe0000 ---p 00000000 00:00 0 
7ffe0000-7fff0000 rw-p 00000000 00:00 0 
317ae00000-317ae21000 r-xp 00000000 00:23 2123758                       
/usr/lib64/ld-2.21.so
...
7f4cd4942000-7f4cd49c0000 r-xp 00000000 00:23 19715856                  
/home/focht/projects/wine/wine.repo/install/lib64/wine/ntdll.dll.so
7f4cd49c0000-7f4cd49c1000 rw-p 00000000 00:00 0 
7f4cd49c1000-7f4cd4abb000 r-xp 0007f000 00:23 19715856                  
/home/focht/projects/wine/wine.repo/install/lib64/wine/ntdll.dll.so
7f4cd4abb000-7f4cd4cba000 ---p 00179000 00:23 19715856                  
/home/focht/projects/wine/wine.repo/install/lib64/wine/ntdll.dll.so
7f4cd4cba000-7f4cd4cbb000 r--p 00178000 00:23 19715856                  
/home/focht/projects/wine/wine.repo/install/lib64/wine/ntdll.dll.so
7f4cd4cbb000-7f4cd4cc6000 rw-p 00179000 00:23 19715856                  
/home/focht/projects/wine/wine.repo/install/lib64/wine/ntdll.dll.so
7f4cd4cc6000-7f4cd4cde000 rw-p 00000000 00:00 0 
--- snip ---

Relevant part of 'strace' log:

--- snip ---
...
2295  open("/home/focht/projects/wine/wine.repo/install/bin/wine64", O_RDONLY)
= 3
2295  read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0\20\r\360{\0\0\0\0"..., 2048) =
2048
2295  mmap(0x7be00000, 1056768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0x7be00000
2295  mmap(0x7c000000, 1060864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0x7c000000
2295  close(3)                          = 0 
...
2295 
open("/home/focht/projects/wine/wine.repo/install/bin/../lib64/wine/ntdll.dll.so",
O_RDONLY|O_CLOEXEC) = 3
2295  read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\5\310{\0\0\0\0"..., 832) =
832
2295  fstat(3, {st_dev=makedev(0, 43), st_ino=19715856, st_mode=S_IFREG|0755,
st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=6816,
st_size=3488144, st_atime=2015/11/08-12:24:24, st_mtime=2015/11/07-11:36:52,
st_ctime=2015/11/07-11:36:52}) = 0
2295  mmap(0x7bc00000, 3765184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x7f0f85b87000
2295  mprotect(0x7f0f85d00000, 2093056, PROT_NONE) = 0
2295  mmap(0x7f0f85eff000, 49152, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x178000) = 0x7f0f85eff000
2295  mmap(0x7f0f85f0b000, 78784, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f85f0b000
2295  close(3)                          = 0 
...
2295 
open("/home/focht/projects/wine/wine.repo/install/bin/../lib64/wine/kernel32.dll.so",
O_RDONLY|O_CLOEXEC) = 6
2295  read(6,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340X\206{\0\0\0\0"..., 832) =
832
2295  fstat(6, {st_dev=makedev(0, 43), st_ino=19715625, st_mode=S_IFREG|0755,
st_nlink=1, st_uid=1000, st_gid=1000, st_blksize=4096, st_blocks=8120,
st_size=4155192, st_atime=2015/11/08-12:24:25, st_mtime=2015/11/07-11:36:47,
st_ctime=2015/11/07-11:36:47}) = 0
2295  mmap(0x7b800000, 5109520, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
6, 0) = 0x7b800000
2295  mprotect(0x7b935000, 2093056, PROT_NONE) = 0
2295  mmap(0x7bb34000, 1753088, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x134000) = 0x7bb34000
2295  close(6)
...          
--- snip ---

kernel32: 0x7b800000..0x7bf02000 (ok)
ntdll: 0x7bc00000..0x7bf84000 (ought to be, can't be mapped here)
wine64: 0x7be00000..0x7c103000 (has overlap into ntdll range, causing ntdll to
be mapped in high 64-bit range)

If you move wine[64] load address a bit to higher range (don't forget to
'autoreconf -i' after modifying 'configure.ac') then 'ntdll.dll' can be
properly mapped at desired fixed base address and 'ReadProcessMemory()' on
remote process works as expected.

$ sha1sum googlechromestandaloneenterprise64.msi 
778342857d42ae17a58bb4f60aea61aed2e7654f 
googlechromestandaloneenterprise64.msi

$ du -sh googlechromestandaloneenterprise64.msi 
49M    googlechromestandaloneenterprise64.msi

$ wine --version
wine-1.7.54-179-ga0d0d0d

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list