Odd problem with process handles

Robert Lunnon bobl at optushome.com.au
Sun Apr 24 08:16:12 CDT 2005 

I am having a problem with the attached segfault in ie6

I have attached a gdb backtrace and the last part of a relay dump.
 hModule is 0xffffffffe and gets dereferenced to find e_magic presumably from the psp.

Obviously dereferencing 0xfffffffe is not good which raises an exception

The exception is caught and appears to be ignored the first time it occurs but this seems unusual to me


Can anyone shed light on this, is this normal or do I have a problem. What's going on here ?

More info follows


Bob
============================================================================


Starting program: /opt/cfw/wine/bin/wine iexplore

Program received signal SIGSEGV, Segmentation fault.
0xd1cbfb5f in RtlImageNtHeader (hModule=0xfffffffe) at loader.c:1907
1907            if (dos->e_magic == IMAGE_DOS_SIGNATURE)
(gdb) print dos
$1 = (IMAGE_DOS_HEADER *) 0xfffffffe

*** Aparrently in this code
1895    /***********************************************************************
1896     *           RtlImageNtHeader   (NTDLL.@)
1897     */
1898    PIMAGE_NT_HEADERS WINAPI RtlImageNtHeader(HMODULE hModule)
1899    {
1900        IMAGE_NT_HEADERS *ret;
1901
1902        __TRY
1903        {
1904            IMAGE_DOS_HEADER *dos = (IMAGE_DOS_HEADER *)hModule;
(gdb)
1905
1906            ret = NULL;
1907            if (dos->e_magic == IMAGE_DOS_SIGNATURE)
1908            {
1909                ret = (IMAGE_NT_HEADERS *)((char *)dos + dos->e_lfanew);
1910                if (ret->Signature != IMAGE_NT_SIGNATURE) ret = NULL;
1911            }
1912        }
1913        __EXCEPT(page_fault)
1914        {
(gdb)
1915            return NULL;
1916        }
1917        __ENDTRY
1918        return ret;
1919    }

**** Relay output

00b:Ret  kernel32.LoadLibraryA() retval=00000000 ret=70c2429c
000b:Call kernel32.GetLastError() ret=70c242a9
000b:Ret  kernel32.GetLastError() retval=0000007e ret=70c242a9
000b:Call kernel32.InterlockedExchange(70c2bd84,ffffffff) ret=70c242f0
000b:Ret  kernel32.InterlockedExchange() retval=00000000 ret=70c242f0
000b:Call kernel32.GetProcAddress(ffffffff,70c24832 "ApphelpCheckShellObject") ret=70c24399
000b:Call ntdll.RtlInitAnsiString(7fd8dc18,70c24832 "ApphelpCheckShellObject") ret=7fe1e655
000b:Ret  ntdll.RtlInitAnsiString() retval=7fd80018 ret=7fe1e655
000b:Call ntdll.LdrGetProcedureAddress(ffffffff,7fd8dc18,00000000,7fd8dc20) ret=7fe1e667

**** GDB Backtrace

(gdb) bt
#0  0xd1cbfb5f in RtlImageNtHeader (hModule=0xfffffffe) at loader.c:1907
#1  0xd1cc0018 in RtlImageDirectoryEntryToData (module=0xfffffffe, image=0, dir=0, size=0x7fd8db3c) at loader.c:2025
#2  0xd1cbdcd1 in LdrGetProcedureAddress (module=0xffffffff, name=0x7fd8dc18, ord=0, address=0x7fd8dc20) at loader.c:1154
#3  0xd1ccabcf in call_stdcall_function (func=0xd1cbdc9b <LdrGetProcedureAddress>, nb_args=4, args=0x7fd8dc08) at relay.c:521
#4  0xd1ccb2e0 in RELAY_CallFrom32 (ret_addr=2145511015) at relay.c:603
#5  0xd1d00025 in __wine_spec_exp_ordinals () from /opt/cfw/wine/lib/wine/ntdll.dll.so
#6  0xd1ccab7d in call_stdcall_function (func=0x7fe1e62b <GetProcAddress>, nb_args=2, args=0x7fd8dce4) at relay.c:519
#7  0xd1ccb2e0 in RELAY_CallFrom32 (ret_addr=1891779481) at relay.c:603
#8  0x7fec08dd in __wine_spec_forwards () from /opt/cfw/wine/lib/wine/kernel32.dll.so
#9  0x70c23bd1 in ?? ()
#10 0x71191420 in ?? ()
#11 0x711819aa in ?? ()
#12 0x7118a3c9 in ?? ()
#13 0x71165a1c in ?? ()
#14 0x7fbab1af in WINPROC_wrapper () from /opt/cfw/wine/lib/wine/user32.dll.so
#15 0x7fbab61d in WINPROC_CallWndProc (proc=0x71165af5, hwnd=0x20022, msg=129, wParam=0, lParam=2144920548)
    at ../../windows/winproc.c:418
#16 0x7fbb21a6 in CallWindowProcA (func=0x71165af5, hwnd=0x20022, msg=129, wParam=0, lParam=2144920548)
    at ../../windows/winproc.c:3202
#17 0x7fbea1f4 in call_window_proc (hwnd=0x20022, msg=129, wparam=0, lparam=2144920548, unicode=0, same_thread=1)
    at message.c:1521
#18 0x7fbec0cb in SendMessageTimeoutA (hwnd=0x20022, msg=129, wparam=0, lparam=2144920548, flags=0, timeout=4294967295,
    res_ptr=0x7fd8df78) at message.c:2376
#19 0x7fbec299 in SendMessageA (hwnd=0x20022, msg=129, wparam=0, lparam=2144920548) at message.c:2420
#20 0xd1ccabcf in call_stdcall_function (func=0x7fbec266 <SendMessageA>, nb_args=4, args=0x7fd8e040) at relay.c:521
#21 0xd1ccb2e0 in RELAY_CallFrom32 (ret_addr=2137925787) at relay.c:603
#22 0x7fc3e3a1 in __wine_spec_exp_ordinals () from /opt/cfw/wine/lib/wine/user32.dll.so
#23 0xd1cca480 in call_cdecl_function (func=0x7f6e23b6 <X11DRV_CreateWindow>, nb_args=3, args=0x7fd8e1c0) at relay.c:462
#24 0xd1ccb2c2 in RELAY_CallFrom32 (ret_addr=2142912231) at relay.c:599
#25 0x7f71a3a1 in __wine_spec_exp_ordinals () from /opt/cfw/wine/lib/wine/x11drv.dll.so
#26 0x7fba4554 in CreateWindowExA (exStyle=256, className=0x7fd8e538 "IEFrame",
    windowName=0x7fd8e74c "Microsoft Internet Explorer", style=47120384, x=-2147483648, y=-2147483648, width=-2147483648,
    height=-2147483648, parent=0x0, menu=0x94, instance=0x71160000, data=0x7ff39fb8) at ../../windows/win.c:1245
#27 0xd1ccae57 in call_stdcall_function (func=0x7fba43da <CreateWindowExA>, nb_args=12, args=0x7fd8e4fc) at relay.c:535
#28 0xd1ccb2e0 in RELAY_CallFrom32 (ret_addr=1891617362) at relay.c:603
#29 0x7fc3c851 in __wine_spec_exp_ordinals () from /opt/cfw/wine/lib/wine/user32.dll.so
#30 0x71181c0e in ?? ()
#31 0x71181acf in ?? ()
#32 0x71181a86 in ?? ()
#33 0x7101f031 in ?? ()
#34 0x00401ecd in ?? ()
#35 0x00401f7d in ?? ()
#36 0x7fe2cbf2 in start_process (arg=0x0) at process.c:1044

More information about the wine-devel mailing list