[Bug 19564] New: Guitar Hero World Tour crashes in secur32
http://bugs.winehq.org/show_bug.cgi?id=19564 Summary: Guitar Hero World Tour crashes in secur32 Product: Wine Version: 1.1.26 Platform: PC URL: http://worldtour.guitarhero.com/uk/ OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: secur32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: andras(a)csevego.net Created an attachment (id=22798) --> (http://bugs.winehq.org/attachment.cgi?id=22798) crash After get trough bug 19563, we get another problem, game will crash in 30 sec, because of wine's secur32 failure. It works with native secur32. See attached image. Backtrace: =>0 0x7e007cb4 schan_free_handle+0x24(handle_idx=2116197184, type=SCHAN_HANDLE_CTX) [/home/andras/src/wine/dlls/secur32/schannel.c:169] in secur32 (0x0209b9d0) 1 0x7e008994 schan_DeleteSecurityContext+0x74(context_handle=<register ESI not in topmost frame>) [/home/andras/src/wine/dlls/secur32/schannel.c:1099] in secur32 (0x0209ba00) 2 0x7e01059e DeleteSecurityContext+0x4e(phContext=0x2be3724) [/home/andras/src/wine/dlls/secur32/wrapper.c:465] in secur32 (0x0209ba30) 3 0x00319d0e in xmassiveadclientdyn (+0x9d0e) (0x0209ba78) 4 0x00324d63 in xmassiveadclientdyn (+0x14d63) (0x0209bac0) 5 0x00325297 in xmassiveadclientdyn (+0x15297) (0x0209baec) 6 0x00321ca5 in xmassiveadclientdyn (+0x11ca5) (0x0209bb2c) 7 0x006df923 in ghwt (+0x2df923) (0x00000001) 8 0x00000000 (0x00000000) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Andras Kovacs <andras(a)csevego.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |19563 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #1 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-04 11:04:57 --- Please attach a +secur32 log. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #2 from Andras Kovacs <andras(a)csevego.net> 2009-08-04 12:08:50 --- Created an attachment (id=22802) --> (http://bugs.winehq.org/attachment.cgi?id=22802) +secur32 trace As far as I can see, its a double free. trace:secur32:DeleteSecurityContext 0x2be375c trace:secur32:schan_DeleteSecurityContext context_handle 0x1797a438 trace:secur32:DeleteSecurityContext 0x2be375c trace:secur32:schan_DeleteSecurityContext context_handle 0x1797a438 But it can be a broken code inside application triggered by this: fixme:secur32:schan_QueryContextAttributesA Unhandled attribute 0x53 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #3 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-04 12:40:44 --- (In reply to comment #2)
As far as I can see, its a double free. trace:secur32:DeleteSecurityContext 0x2be375c trace:secur32:schan_DeleteSecurityContext context_handle 0x1797a438 trace:secur32:DeleteSecurityContext 0x2be375c trace:secur32:schan_DeleteSecurityContext context_handle 0x1797a438
Thanks, that's what I suspected.
But it can be a broken code inside application triggered by this: fixme:secur32:schan_QueryContextAttributesA Unhandled attribute 0x53
Yeah, maybe. I think the code could be made safer though. I'll attach a quick patch in a sec. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #4 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-04 12:44:03 --- Created an attachment (id=22805) --> (http://bugs.winehq.org/attachment.cgi?id=22805) Patch: Sanity check handle index before indexing table Does this help? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch CC| |juan_lang(a)yahoo.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #5 from Andras Kovacs <andras(a)csevego.net> 2009-08-05 10:27:02 --- It goes further, but crashes in msxml6 probably due invalid data passed to it. This is not present on native secur32 too. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #6 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-05 10:39:50 --- (In reply to comment #5)
It goes further, but crashes in msxml6 probably due invalid data passed to it. This is not present on native secur32 too.
Could you attach a backtrace of the crash with this patch applied? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #7 from Andras Kovacs <andras(a)csevego.net> 2009-08-05 10:48:19 --- Created an attachment (id=22827) --> (http://bugs.winehq.org/attachment.cgi?id=22827) +secur32 after patch applied -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #8 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-05 11:07:14 --- Ah, right, msxml6 is only native, eh? From the log: fixme:secur32:schan_QueryContextAttributesA Unhandled attribute 0x53 wine: Unhandled page fault on read access to 0x00000004 at address 0x4 (thread 001a), starting debugger... You're almost certainly right, it's trying to dereference a NULL security context. 0x53 is SECPKG_ATTR_REMOTE_CERT_CONTEXT. That's also implicated in bug 19517, so I'd say that one's worth implementing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #9 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-05 11:16:22 --- Created an attachment (id=22828) --> (http://bugs.winehq.org/attachment.cgi?id=22828) Patch: Implement QueryContextAttributes for SECPKG_ATTR_REMOTE_CERT_CONTEXT How about with this patch? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #10 from Henri Verbeet <hverbeet(a)gmail.com> 2009-08-05 12:33:20 --- At first sight, I think that's missing a "LOAD_FUNCPTR(gnutls_certificate_get_peers)" in SECUR32_initSchannelSP(). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #22828|0 |1 is obsolete| | --- Comment #11 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-05 12:38:34 --- Created an attachment (id=22832) --> (http://bugs.winehq.org/attachment.cgi?id=22832) Patch: Implement QueryContextAttributes for SECPKG_ATTR_REMOTE_CERT_CONTEXT (try 2) Whoops, thanks Henri. How 'bout with this one? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #12 from Andras Kovacs <andras(a)csevego.net> 2009-08-05 13:34:38 --- Created an attachment (id=22834) --> (http://bugs.winehq.org/attachment.cgi?id=22834) secur32 log after patches It works, at least it doesn't crash.
From trace, i think it's working.
-- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #13 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-05 13:38:06 --- Excellent, thanks. I'll send a slightly modified version to wine-patches (it also checks the return value from CertCreateCertificateContext.) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED --- Comment #14 from Juan Lang <juan_lang(a)yahoo.com> 2009-08-06 10:54:49 --- Fixed in today's git. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 --- Comment #15 from Nikolay Sivov <bunglehead(a)gmail.com> 2009-08-06 11:09:29 --- Fixed by commits: 5ee34ea870cbe1bf828c0c5a30a646d5cd776b14 3a493d7782b56ce0c55cda60271be75843d7104d -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #16 from Alexandre Julliard <julliard(a)winehq.org> 2009-08-07 13:01:51 --- Closing bugs fixed in 1.1.27. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=19564 Bug 19564 depends on bug 19563, which changed state. Bug 19563 Summary: Guitar Hero World Tour crashes after dinput's QueryInterface http://bugs.winehq.org/show_bug.cgi?id=19563 What |Old Value |New Value ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org