[Bug 53270] New: test_WSARecv() fails when using wow64 thunks [Wow64ApcRoutine() overwrites return value set by NtContinue()]
WineHQ Bugzilla
wine-bugs at winehq.org
Sat Jun 25 20:34:00 CDT 2022
https://bugs.winehq.org/show_bug.cgi?id=53270
Bug ID: 53270
Summary: test_WSARecv() fails when using wow64 thunks
[Wow64ApcRoutine() overwrites return value set by
NtContinue()]
Product: Wine
Version: 7.11
Hardware: x86-64
OS: Linux
Status: NEW
Keywords: source, testcase
Severity: normal
Priority: P2
Component: ntdll
Assignee: wine-bugs at winehq.org
Reporter: z.figura12 at gmail.com
Distribution: ---
Created attachment 72642
--> https://bugs.winehq.org/attachment.cgi?id=72642
test diff
This might be a bit early since the wow64 path isn't exactly supported, but
(with a couple patches to ntdll to enable it in the first place) it works well
enough to expose a bug in its own implementation, which is more than a little
tricky to solve.
I'm attaching a diff to the tests, which I will submit upstream, which
demonstrates the root of the problem.
KiUserApcDispatcher can be called from three-ish places: wait functions,
NtTestAlert, and NtContinue. In the case of the former two KiUserApcDispatcher
will be passed a wow64 context which, among other things, has its %rax/%eax set
to STATUS_USER_APC or STATUS_SUCCESS respectively. In the latter case %rax/%eax
comes from the passed-in context.
Wow64ApcRoutine tries to translate the %rax from the 64-bit context into the
%eax that the 32-bit context will restore to. In the former two cases this is
STATUS_USER_APC or STATUS_SUCCESS and things work fine. In the latter case,
however, this overwrites %eax from the passed-in 32-bit context. Note that we
don't get the right %eax from ntdll either, because (a) ntdll gives us a 64-bit
context anyway, and (b) we don't use NtContinue but rather NtTestAlert. That
does mean we could fix it by using NtContinue and putting the %eax value into
%rax, which is a bit weird but I don't know if there's a better option.
This is wrong inherently, as the attached tests show, but it more saliently
ends up breaking LdrInitializeThunk, because on i386 RtlUserThreadStart is
called with %eax pointing to the thread procedure, and we then overwrite that
with zero.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list