From: Yuxuan Shui <yshui@codeweavers.com> preloader will skip reserving a memory regioning if it overlaps with the arguments. Because the stack grows downwards from the arguments, the reserve region would have overlapped the stack had it not been skipped. Problem is, this check does not account for the stack usage of ld.so. Some ld.so functions such as [1] has relatively big stack frames. If the arguments array is *just* above a reserve region, the overlap check will pass, the region will be reserved. Then after the control flow has been passed to ld.so, it will crash after the stack frame grows into the reservation. [1]: https://elixir.bootlin.com/glibc/glibc-2.43.9000/source/elf/rtld.c#L855 --- loader/preloader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/loader/preloader.c b/loader/preloader.c index ce82a9f296f..72b7fcc7817 100644 --- a/loader/preloader.c +++ b/loader/preloader.c @@ -1439,7 +1439,7 @@ void* wld_start( void **stack ) for (i = 0; preload_info[i].size; i++) { if ((char *)av >= (char *)preload_info[i].addr && - (char *)pargc <= (char *)preload_info[i].addr + preload_info[i].size) + (char *)pargc - 0x1000 <= (char *)preload_info[i].addr + preload_info[i].size) { remove_preload_range( i ); i--; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10847