[Bug 43127] wine crashes when trying to launch Gwent ( set_context_reg in ntdll/signal_x86_64.c assumes Xmm registers are aligned )

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jun 4 06:15:39 CDT 2017


https://bugs.winehq.org/show_bug.cgi?id=43127

Sebastian Lackner <sebastian at fds-team.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sebastian at fds-team.de
            Summary|wine crashes when trying to |wine crashes when trying to
                   |launch Gwent                |launch Gwent
                   |                            |(set_context_reg in
                   |                            |ntdll/signal_x86_64.c
                   |                            |assumes Xmm registers are
                   |                            |aligned)
          Component|-unknown                    |ntdll

--- Comment #1 from Sebastian Lackner <sebastian at fds-team.de> ---
Thanks for reporting this issue. Based on the +relay,+tid,+seh log provided on
IRC the relevant output is:

--- snip ---
0150:Call KERNEL32.RaiseException(406d1388,00000000,00000003,02fee530)
ret=14028d218
0150:trace:seh:raise_exception code=406d1388 flags=0 addr=0x7b450a07
ip=7b450a07 tid=0150
0150:trace:seh:raise_exception  info[0]=0000000000001000
0150:trace:seh:raise_exception  info[1]=000000014108f680
0150:trace:seh:raise_exception  info[2]=0000000000000150
[...]
0150:Call
ntdll.RtlUnwindEx(02fee510,14028d21a,02fee330,406d1388,02fed7f0,02fed710)
ret=1408cc158
[...]
0150:trace:seh:dwarf_virtual_unwind fde 0x7bcf87c0 len 64 personality (nil)
lsda (nil) code 7bc9d770-7bc9e402
[...]
0150:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc980b0
ip=7bc980b0 tid=0150
0150:trace:seh:raise_exception  rax=000000007bc980b0 rbx=0000000002fecf80
rcx=000000007bcd3744 rdx=0000000002fed468
0150:trace:seh:raise_exception  rsi=0000000000000017 rdi=0000000002fea890
rbp=0000000000000018 rsp=0000000002fea5f8
0150:trace:seh:raise_exception   r8=000000007bc9dea5  r9=0000000000000000
r10=0000000000000000 r11=0000000000000000
0150:trace:seh:raise_exception  r12=0000000002fea890 r13=0000000002fed550
r14=0000000002fea658 r15=0000000002fea660
0150:trace:seh:call_vectored_handlers calling handler at 0x1801335b0
code=c0000005 flags=0
--- snip ---

The initial exception is expected and part of the Game code, however Wine
crashes with a segmentation fault during unwinding (and as a result is stuck in
an endless loop until it runs out of stack). The crash occurs here (part of
set_context_reg):

--- snip ---
    7bc980b0:    66 0f 6f 02              movdqa (%rdx),%xmm0       // <---
CRASH
    7bc980b4:    0f 29 87 00 02 00 00     movaps %xmm0,0x200(%rdi)  // Xmm6
    7bc980bb:    c3                       retq
--- snip ---

Problem is that the address (here 0x2fed468) is not properly 16-byte aligned.
At first I suspected that Wine was compiled without enforcing stack alignment,
but that is not the case:

--- snip ---
000000007bc9d770 <RtlUnwindEx@@Base>:
    7bc9d770:    55                       push   %rbp
    7bc9d771:    48 89 e5                 mov    %rsp,%rbp
[...]
    7bc9d782:    48 81 ec a0 00 00 00     sub    $0xa0,%rsp
    7bc9d789:    48 83 e4 f0              and    $0xfffffffffffffff0,%rsp
    7bc9d78d:    48 81 ec b0 06 00 00     sub    $0x6b0,%rsp
[...]
    7bc9d7b1:    0f 11 b5 28 ff ff ff     movups %xmm6,-0xd8(%rbp)
--- snip ---

As you can see, GCC also used unaligned instructions here, so it seems
intentional. Wines unwinding code probably just shouldn't make any assumptions
about the alignment of variables stored on the stack.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.



More information about the wine-bugs mailing list