[Bug 24421] MJ's Help Diagnostics crashes on startup (app provided MonitorEnumProc callback relies on ECX = lprcMonitor)

5 Feb 2014


      http://bugs.winehq.org/show_bug.cgi?id=24421
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|-unknown                    |winex11.drv
            Summary|MJ's Help Diagnostics       |MJ's Help Diagnostics
                   |crashes on startup          |crashes on startup (app
                   |                            |provided MonitorEnumProc
                   |                            |callback relies on ECX =
                   |                            |lprcMonitor)
--- Comment #11 from Anastasius Focht focht@gmx.net ---
Hello Austin,
thanks for the binaries and additional effort to recreate it on Fedora 19.
It seems the app provided MonitorEnumProc callback relies on register ECX
pointing to monitor RECT ... that is certainly broken behaviour.
--- snip ---
00492D9C    55              PUSH EBP
00492D9D    8BEC            MOV EBP,ESP
00492D9F    51              PUSH ECX
00492DA0    53              PUSH EBX
00492DA1    56              PUSH ESI
00492DA2    57              PUSH EDI
00492DA3    894D FC         MOV DWORD PTR SS:[EBP-4],ECX ; LPRECT lprcMonitor
00492DA6    8BF0            MOV ESI,EAX
00492DA8    A1 34DD4B00     MOV EAX,DWORD PTR DS:[4BDD34]
00492DAD    E8 E22EF7FF     CALL 00405C94
00492DB2    8BD8            MOV EBX,EAX
00492DB4    8D43 01         LEA EAX,[EBX+1]
00492DB7    50              PUSH EAX
00492DB8    B8 34DD4B00     MOV EAX,004BDD34
00492DBD    B9 01000000     MOV ECX,1
00492DC2    8B15 7C2D4900   MOV EDX,DWORD PTR DS:[492D7C]
00492DC8    E8 8330F7FF     CALL 00405E50
00492DCD    83C4 04         ADD ESP,4
00492DD0    8D049B          LEA EAX,[EBX*4+EBX]
00492DD3    8B15 34DD4B00   MOV EDX,DWORD PTR DS:[4BDD34]
00492DD9    8B4D FC         MOV ECX,DWORD PTR SS:[EBP-4] ; LPRECT lprcMonitor
00492DDC    56              PUSH ESI
00492DDD    8D7C82 04       LEA EDI,[EAX*4+EDX+4]
00492DE1    8BF1            MOV ESI,ECX           ; LPRECT lprcMonitor
00492DE3    A5              MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; left
00492DE4    A5              MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; top
00492DE5    A5              MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; right
00492DE6    A5              MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; bottom
00492DE7    5E              POP ESI
00492DE8    8B15 34DD4B00   MOV EDX,DWORD PTR DS:[4BDD34]
00492DEE    893482          MOV DWORD PTR DS:[EAX*4+EDX],ESI
00492DF1    B0 01           MOV AL,1
00492DF3    5F              POP EDI
00492DF4    5E              POP ESI
00492DF5    5B              POP EBX
00492DF6    59              POP ECX
00492DF7    5D              POP EBP
00492DF8    C2 0400         RETN 4
--- snip ---
In your case (default gcc '-O2' optimization setting) register ECX was (re)used
as index within X11DRV_EnumDisplayMonitors() hence it was clobbered at the time
the callback was called.
I have optimizations disabled by default because my standard use-case is
debugging Wine ;-)
ECX ended up pointing to 'rcMonitor'.
Try to annotate only X11DRV_EnumDisplayMonitors() with optimize 'disable' hint:
http://source.winehq.org/git/wine.git/blob/0f03f264b772e8638d4f1311a2cbdfc51...
--- snip ---
BOOL CDECL __attribute__((optimize("-O0"))) X11DRV_EnumDisplayMonitors( HDC
hdc, LPRECT rect, MONITORENUMPROC proc, LPARAM lp )
--- snip ---
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 24421] MJ's Help Diagnostics crashes on startup (app provided MonitorEnumProc callback relies on ECX = lprcMonitor)