[Bug 50290] New: Thunderbird 78.5.1 device_notify_proc() thread crashes with a stack overflow inside RtlCaptureStackBackTrace()
WineHQ Bugzilla
wine-bugs at winehq.org
Tue Dec 8 18:22:21 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=50290
Bug ID: 50290
Summary: Thunderbird 78.5.1 device_notify_proc() thread crashes
with a stack overflow inside
RtlCaptureStackBackTrace()
Product: Wine
Version: 6.0-rc1
Hardware: x86-64
URL: https://download.mozilla.org/?product=thunderbird-78.5
.1-SSL&os=win64&lang=en-US
OS: Linux
Status: NEW
Keywords: download, source
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: z.figura12 at gmail.com
Distribution: ---
This doesn't actually result in any visible problems with the application
(though I didn't try very hard to use it), but looks like a bug worth fixing
nonetheless. In theory the crash actually breaks device notification, but I'm
not sure what devices Thunderbird is trying to be notified of, or if Wine
actually supports hotplugging them.
The only visible symptom is:
01a0:err:virtual:virtual_setup_exception stack overflow 560 bytes in thread
01a0 addr 0x7f87f3cd7c73 stack 0x19a70dd0 (0x19a70000-0x19a71000-0x1a270000)
This thread is then terminated. It seems that it doesn't affect the rest of the
process. But the exception bothered me, and upon examination it happens inside
of RtlCaptureStackBackTrace().
What the application actually does is to hook LdrLoadDll and then later trigger
delay-loading for some rpcrt4 function from sechost. Inside of the hook it
calls RtlCaptureStackBackTrace(). The problem is that one of the functions is
missing unwinding information. The function in question is
__tailMerge_dlls_rpcrt4_librpcrt4_delay_a, generated by dlltool. It's missing
seh annotations (and is not in a form compatible with SEH).
The full call stack is something like this:
- RtlCaptureStackBackTrace
- application hook of LdrLoadDll
- LdrResolveDelayLoadedAPI [dlls/ntdll/loader.c]
- __delayLoadHelper2 [sechost.dll, from libs/winecrt0/delay_load.c]
- __tailMerge_dlls_rpcrt4_librpcrt4_delay_a [sechost.dll, from
libs/rpcrt4/librpcrt4.delay.a]
- RpcStringBindingComposeW [delay thunk in sechost.dll, tail caller]
- device_notify_proc [sechost.dll, dlls/sechost/service.c]
RtlCaptureStackBackTrace() tries to unwind past the tailMerge function, but
can't, and ends up recursing until the stack overflows. [I didn't actually
investigate why, but I'm assuming that RtlCaptureStackBackTrace() is not what's
broken here.]
Patching dlltool to generate SEH directives allows everything to work nicely;
the crash is avoided and a valid stack backtrace is returned.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list