[PATCH v2 2/6] ntoskrnl.exe/tests: Add tests with and without report IDs.

Zebediah Figura (she/her) zfigura at codeweavers.com
Tue Jun 15 12:17:32 CDT 2021


On 6/15/21 12:05 PM, Rémi Bernon wrote:
> On 6/15/21 6:39 PM, Zebediah Figura (she/her) wrote:
>> On 6/15/21 11:29 AM, Rémi Bernon wrote:
>>> On 6/14/21 9:26 AM, Marvin wrote:
>>>> === w864 (64 bit report) ===
>>>>
>>>> Report validation errors:
>>>> ntoskrnl.exe:ntoskrnl crashed (c0000374)
>>>>
>>>
>>> FWIW this is crashing there:
>>>
>>>        ret = CertCloseStore(ctx->root_store, CERT_CLOSE_STORE_CHECK_FLAG);
>>>
>>> But I have absolutely no idea why. Somehow the certificate store got
>>> corrupted? It's not related to the patches, but it doesn't crash all the
>>> time.
>>>
>>
>> It seems it's been happening for a while now. Probably something's wrong
>> with the cert code in the test. Unfortunately I haven't been able to
>> find any errors from manual reëxamination, and I'm not sure how else to
>> proceed.
>>
>> Does anyone know of a memory checker that can be used on Windows? It may
>> be tricky to use it while avoiding looking at crypt32 internals, but
>> it's at least worth a try...
>>
> 
> I think it may be coming from CertFreeCertificateContext, which either
> is not necessary after CertDeleteCertificateFromStore, or w8 messed up
> its refcounts.
> 
> MSDN states:
> 
>   > The CertDeleteCertificateFromStore function always frees pCertContext
>   > by calling the CertFreeCertificateContext function, even if an error
>   > is encountered. Freeing the context reduces the context's reference
>   > count by one. If the reference count reaches zero, memory allocated
>   > for the certificate is freed.
> 
> Which is not completely clear to me if that means
> CertFreeCertificateContext should not be called, and maybe w8
> implemented it that way?

Nope, I think you're right. I probably misinterpreted 
CertAddCertificateContextToStore() somehow, and thought that it would 
hand us an extra reference when returning the context copy, but the 
documentation doesn't actually say it does, and clearly it doesn't in 
practice.

> I'm sending a patch which removes the calls, it seems to have fixed the
> crash according to 10 flawless runs.
> 



More information about the wine-devel mailing list