Use of virtual_check_buffer_for_write / IsBadWritePtr
awesie at gmail.com
Wed May 6 19:45:13 CDT 2020
While trying to solve bug 48665 by fixing the ntdll-WRITE_COPY staging
patches, I think I am now faced with a fundamental problem with Wine
that has been noted in the past but I'm hoping for some resolution.
In ntdll, most functions that indirectly modify a buffer will call
virtual_check_buffer_for_write or use one of the virtual_locked_*
functions. This is required to support write watches, and, with the
staging patchset above, WRITECOPY. There is a race condition with
virtual_check_buffer_for_write but it generally works.
However, not all Wine functions do this; e.g. NtReadFileScatter does
not. And if a buffer gets passed to a third party library, then that
third party library definitely won't call these functions even if it
is appropriate, so, theoretically, the Wine interface should be
calling IsBadReadPtr / IsBadWritePtr for any buffers that may be
touched by a third party library.
The current situation is one where some APIs in ntdll do the correct
thing but most Wine functions do not. My question is then: do we
continue the practice of adding calls to IsBadReadPtr / IsBadWritePtr
/ virtual_check_buffer_for_write when things break, or should these be
added more proactively? It feels a little inconsistent at the moment.
(As a side note, I investigated using userfaultfd-wp to solve this
problem more generally, but it is Linux-specific and not quite ready
for prime time.)
More information about the wine-devel