[Bug 50290] New: Thunderbird 78.5.1 device_notify_proc() thread crashes with a stack overflow inside RtlCaptureStackBackTrace()

9 Dec 2020


      https://bugs.winehq.org/show_bug.cgi?id=50290
Bug ID: 50290
           Summary: Thunderbird 78.5.1 device_notify_proc() thread crashes
                    with a stack overflow inside
                    RtlCaptureStackBackTrace()
           Product: Wine
           Version: 6.0-rc1
          Hardware: x86-64
               URL: https://download.mozilla.org/?product=thunderbird-78.5
                    .1-SSL&os=win64&lang=en-US
                OS: Linux
            Status: NEW
          Keywords: download, source
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs@winehq.org
          Reporter: z.figura12@gmail.com
      Distribution: ---
This doesn't actually result in any visible problems with the application
(though I didn't try very hard to use it), but looks like a bug worth fixing
nonetheless. In theory the crash actually breaks device notification, but I'm
not sure what devices Thunderbird is trying to be notified of, or if Wine
actually supports hotplugging them.
The only visible symptom is:
01a0:err:virtual:virtual_setup_exception stack overflow 560 bytes in thread
01a0 addr 0x7f87f3cd7c73 stack 0x19a70dd0 (0x19a70000-0x19a71000-0x1a270000)
This thread is then terminated. It seems that it doesn't affect the rest of the
process. But the exception bothered me, and upon examination it happens inside
of RtlCaptureStackBackTrace().
What the application actually does is to hook LdrLoadDll and then later trigger
delay-loading for some rpcrt4 function from sechost. Inside of the hook it
calls RtlCaptureStackBackTrace(). The problem is that one of the functions is
missing unwinding information. The function in question is
__tailMerge_dlls_rpcrt4_librpcrt4_delay_a, generated by dlltool. It's missing
seh annotations (and is not in a form compatible with SEH).
The full call stack is something like this:
- RtlCaptureStackBackTrace
- application hook of LdrLoadDll
- LdrResolveDelayLoadedAPI [dlls/ntdll/loader.c]
- __delayLoadHelper2 [sechost.dll, from libs/winecrt0/delay_load.c]
- __tailMerge_dlls_rpcrt4_librpcrt4_delay_a [sechost.dll, from
libs/rpcrt4/librpcrt4.delay.a]
- RpcStringBindingComposeW [delay thunk in sechost.dll, tail caller]
- device_notify_proc [sechost.dll, dlls/sechost/service.c]
RtlCaptureStackBackTrace() tries to unwind past the tailMerge function, but
can't, and ends up recursing until the stack overflows. [I didn't actually
investigate why, but I'm assuming that RtlCaptureStackBackTrace() is not what's
broken here.]
Patching dlltool to generate SEH directives allows everything to work nicely;
the crash is avoided and a valid stack backtrace is returned.
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 50290] New: Thunderbird 78.5.1 device_notify_proc() thread crashes with a stack overflow inside RtlCaptureStackBackTrace()