[Bug 52386] err:module:LdrInitializeThunk "libclang_rt.asan_dynamic-i386.dll" failed to initialize when using clang address sanitizer

WineHQ Bugzilla wine-bugs at winehq.org
Thu Jan 13 03:44:30 CST 2022 

https://bugs.winehq.org/show_bug.cgi?id=52386

--- Comment #7 from Eric Pouech <eric.pouech at orange.fr> ---
Created attachment 71626
  --> https://bugs.winehq.org/attachment.cgi?id=71626
patch against llvm-mingw32

the attached patch to llvm-mingw allows the use case to be run
partial result

[eric:~/work/llvm-mingw/target/i686-w64-mingw32/bin]$
~/work/output-wine/wine/wine
~/work/output-wine/wine/bugzilla/52386/use-after-free-i386.exe 
=================================================================
==32==ERROR: AddressSanitizer: heap-use-after-free on address 0x00f03e44 at pc
0x00401492 bp 0x0021fe8c sp 0x0021fe88
READ of size 4 at 0x00f03e44 thread T0
0024:fixme:dbghelp_dwarf:dwarf2_read_range no entry found
0024:fixme:dbghelp_dwarf:dwarf2_read_range no entry found
    #0 0x401491 in main+0x81
(H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401491)
    #1 0x401396 in __tmainCRTStartup
H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321
    #2 0x7b62dd4f in BaseThreadInitThunk+0xf
(C:\windows\system32\kernel32.dll+0x7b62dd4f)
    #3 0x7bc57856 in RtlUserThreadStart+0x26
(C:\windows\system32\ntdll.dll+0x7bc57856)
    #4 0x7bc57f0f in call_thread_func+0xaf
(C:\windows\system32\ntdll.dll+0x7bc57f0f)

0x00f03e44 is located 4 bytes inside of 400-byte region [0x00f03e40,0x00f03fd0)
freed by thread T0 here:
    #0 0x10042c4b in operator delete[]+0x7b
(H:\work\llvm-mingw\target\i686-w64-mingw32\bin\libclang_rt.asan_dynamic-i386.dll+0x10042c4b)
    #1 0x401450 in main+0x40
(H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401450)
    #2 0x401396 in __tmainCRTStartup
H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321
    #3 0x7b62dd4f in BaseThreadInitThunk+0xf
(C:\windows\system32\kernel32.dll+0x7b62dd4f)
    #4 0x7bc57856 in RtlUserThreadStart+0x26
(C:\windows\system32\ntdll.dll+0x7bc57856)
    #5 0x7bc57f0f in call_thread_func+0xaf
(C:\windows\system32\ntdll.dll+0x7bc57f0f)

previously allocated by thread T0 here:
    #0 0x100424eb in operator new[]+0x7b
(H:\work\llvm-mingw\target\i686-w64-mingw32\bin\libclang_rt.asan_dynamic-i386.dll+0x100424eb)
    #1 0x401433 in main+0x23
(H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401433)
    #2 0x401396 in __tmainCRTStartup
H:\work\llvm-mingw\mingw-w64\mingw-w64-crt\crt\crtexe.c:321
    #3 0x7b62dd4f in BaseThreadInitThunk+0xf
(C:\windows\system32\kernel32.dll+0x7b62dd4f)
    #4 0x7bc57856 in RtlUserThreadStart+0x26
(C:\windows\system32\ntdll.dll+0x7bc57856)
    #5 0x7bc57f0f in call_thread_func+0xaf
(C:\windows\system32\ntdll.dll+0x7bc57f0f)

SUMMARY: AddressSanitizer: heap-use-after-free
(H:\work\output-wine\wine\bugzilla\52386\use-after-free-i386.exe+0x401491) in
main+0x81
Shadow bytes around the buggy address:
  0x301e0770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x301e0780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x301e0790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x301e07a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x301e07b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x301e07c0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x301e07d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x301e07e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x301e07f0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x301e0800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x301e0810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==32==ABORTING

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list