[Bug 11052] New: crypt32 accesses freed memory and tries to enter deleted critical sections on process shutdown
http://bugs.winehq.org/show_bug.cgi?id=11052 Summary: crypt32 accesses freed memory and tries to enter deleted critical sections on process shutdown Product: Wine Version: 0.9.52. Platform: Other OS/Version: other Status: UNCONFIRMED Severity: enhancement Priority: P2 Component: crypt32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: kumbayo84+wine_bugzilla(a)gmail.com Created an attachment (id=10060) --> (http://bugs.winehq.org/attachment.cgi?id=10060) output more debug info + possible solution + simplify test case to only 1 call crypt32 accesses memory after it has been freed normally this does not manifest, but a easy way to reproduce this is to run the cert test in the wine test suite with 2 patches of me applied what happens is: on process shutdown rsaenh.dll is unloaded and it calls destroy_handle_table which HeapFrees the handle table and deletes a critical section then crypt32.dll is unloaded and it tries to release a handle(release_handle) from rsaenh.dll which accesses the HeapFreed handle table + it calls a function of a already unloaded dll and tries to enter the already uninitialized critical section which hangs with my patch that zeros the whole critical section when deleting it http://blogs.msdn.com/oldnewthing/archive/2005/05/23/421024.aspx also talks about this problem of inside the first patch there are also 2 commented lines which make crypt32 do nothing when DLL_PROCESS_DETACH happens because of process shutdown this might already be the proper solution for this problem -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #1 from Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> 2008-01-05 12:33:13 --- Created an attachment (id=10061) --> (http://bugs.winehq.org/attachment.cgi?id=10061) zero critical sections when destroying them this makes the test hang on shutdown -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #2 from Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> 2008-01-05 12:35:36 --- Created an attachment (id=10062) --> (http://bugs.winehq.org/attachment.cgi?id=10062) a trace of the hang, shows what functions are called/when dlls are unloaded -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #10060|0 |1 is obsolete| | --- Comment #3 from Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> 2008-01-05 12:38:04 --- Created an attachment (id=10063) --> (http://bugs.winehq.org/attachment.cgi?id=10063) output more debug info + possible solution + simplify test case to only 1 call oops, wrong file -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dank(a)kegel.com --- Comment #4 from Dan Kegel <dank(a)kegel.com> 2008-01-05 13:33:42 --- Does that explain any of the warnings at http://kegel.com/wine/valgrind/logs-2008-01-03/vg-crypt32_cert.txt ? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #5 from Lei Zhang <thestig(a)google.com> 2008-01-06 03:09:31 --- I guess I forgot to file a bug for it, but I have essentially the same problem in winmm where it tries to call DriverProc for a video codec that has already been unloaded. FWIW, I sent this patch: http://winehq.org/pipermail/wine-patches/2007-December/047489.html -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #6 from Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> 2008-01-06 12:13:27 --- (In reply to comment #4)
Does that explain any of the warnings at http://kegel.com/wine/valgrind/logs-2008-01-03/vg-crypt32_cert.txt ?
I am not sure but i would say no, since all those errors have main and run_test on the stack I tried to run valgrind on my minimized testcase, but it did not report any errors regarding crypt32 I need to research more why this error is not reported. I would guess the memory is allocated again and thus also valid again. I will try to create a patch which does not free memory, only make it unaccessible for VG, so it is raises a error when the program is accessing it. (In reply to comment #5)
I guess I forgot to file a bug for it, but I have essentially the same problem in winmm where it tries to call DriverProc for a video codec that has already been unloaded. FWIW, I sent this patch:
http://winehq.org/pipermail/wine-patches/2007-December/047489.html
Looks like it has not been applied yet, if this is the right way to also solve the crypt32 problem i can create/send a patch for it -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #7 from Juan Lang <juan_lang(a)yahoo.com> 2008-01-08 11:40:40 --- Created an attachment (id=10118) --> (http://bugs.winehq.org/attachment.cgi?id=10118) Possible fix Does this patch fix it for you? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang(a)yahoo.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #8 from Peter Oberndorfer <kumbayo84+wine_bugzilla(a)gmail.com> 2008-01-09 12:01:38 --- (In reply to comment #7)
Created an attachment (id=10118) --> (http://bugs.winehq.org/attachment.cgi?id=10118) [details] Possible fix
Does this patch fix it for you?
Yes this patch fixes the problem. I still wonder if we should try to free the handle when crypt32.dll is unloaded by FreeLibrary instead of process shutdown In this case we hypotetically keep rsaenh.dll in memory while crypt32 is unloaded. But i don't know if it matters/or works the way i propose(checking the reserved value in DllMain) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 --- Comment #9 from Juan Lang <juan_lang(a)yahoo.com> 2008-01-14 13:18:29 --- (In reply to comment #8)
I still wonder if we should try to free the handle when crypt32.dll is unloaded by FreeLibrary instead of process shutdown
You're right, I updated my patch and sent it in: http://www.winehq.org/pipermail/wine-patches/2008-January/049063.html -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 Vijay Kamuju <infyquest(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED --- Comment #10 from Vijay Kamuju <infyquest(a)gmail.com> 2008-01-15 08:22:23 --- patch commited, it will be in 0.9.54 http://source.winehq.org/git/wine.git?a=commitdiff;h=027236b04f83f9d8f4b14bc... -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11052 Dan Kegel <dank(a)kegel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #11 from Dan Kegel <dank(a)kegel.com> 2008-01-28 06:13:59 --- Closing all RESOLVED FIXED bugs older than 0.9.54. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org