[Bug 28089] exception handling code touches stack for exceptions handled by the debugger

https://bugs.winehq.org/show_bug.cgi?id=28089

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |3889c374a11d92733f6830473ff | |589f8846a7396 Keywords| |testcase Resolution|--- |FIXED

--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,

this was fixed by commits:

* https://source.winehq.org/git/wine.git/commitdiff/485c8566f103f05dba3c8c31d3... ("ntdll: Build the exception record on the signal stack first.")

* https://source.winehq.org/git/wine.git/commitdiff/3889c374a11d92733f6830473f... ("ntdll: Send debug event before pushing exception data on x86.")

Part of Wine 5.13 release.

Thanks Alexandre.

Disassembly of 'foo' from pre-built testcase (comment #9):

--- snip --- 00401530 PUSH EBP 00401531 MOV EBP,ESP 00401533 AND ESP,FFFFFFF0 00401536 SUB ESP,30 00401539 CALL 004016A0 0040153E MOV DWORD PTR SS:[LOCAL.4],0 00401546 MOV DWORD PTR SS:[LOCAL.1],0 0040154E MOV DWORD PTR SS:[LOCAL.2],0 00401556 MOV DWORD PTR SS:[LOCAL.3],0 0040155E LEA EAX,[LOCAL.5+3] 00401562 MOV DWORD PTR SS:[LOCAL.4],EAX 00401566 LEA EAX,[LOCAL.5+3] 0040156A SUB EAX,1F4 0040156F MOV DWORD PTR SS:[LOCAL.1],EAX 00401573 JMP SHORT 00401583 00401575 MOV EAX,DWORD PTR SS:[LOCAL.1] 00401579 LEA EDX,[EAX+1] 0040157C MOV DWORD PTR SS:[LOCAL.1],EDX 00401580 MOV BYTE PTR DS:[EAX],55 00401583 MOV EAX,DWORD PTR SS:[LOCAL.1] 00401587 CMP EAX,DWORD PTR SS:[LOCAL.4] 0040158B JNE SHORT 00401575 0040158D MOV BYTE PTR SS:[LOCAL.5+3],77 ; bpx here (= cause debugger event) 00401592 LEA EAX,[LOCAL.5+3] 00401596 SUB EAX,1F4 0040159B MOV DWORD PTR SS:[LOCAL.1],EAX 0040159F JMP SHORT 004015CA 004015A1 MOV EAX,DWORD PTR SS:[LOCAL.1] 004015A5 MOVZX EAX,BYTE PTR DS:[EAX] 004015A8 CMP AL,55 004015AA JE SHORT 004015C5 004015AC CMP DWORD PTR SS:[LOCAL.2],0 004015B1 JE SHORT 004015BD 004015B3 MOV EAX,DWORD PTR SS:[LOCAL.1] 004015B7 MOV DWORD PTR SS:[LOCAL.3],EAX 004015BB JMP SHORT 004015C5 004015BD MOV EAX,DWORD PTR SS:[LOCAL.1] 004015C1 MOV DWORD PTR SS:[LOCAL.2],EAX 004015C5 ADD DWORD PTR SS:[LOCAL.1],1 004015CA MOV EAX,DWORD PTR SS:[LOCAL.1] 004015CE CMP EAX,DWORD PTR SS:[LOCAL.4] 004015D2 JNE SHORT 004015A1 004015D4 MOV EAX,DWORD PTR SS:[LOCAL.2] 004015D8 MOV DWORD PTR SS:[LOCAL.10],EAX 004015DC MOV EAX,DWORD PTR SS:[LOCAL.3] 004015E0 MOV DWORD PTR SS:[LOCAL.11],EAX 004015E4 MOV DWORD PTR SS:[LOCAL.12],OFFSET 00404000 ; ASCII "to = %p, ..." 004015EB CALL <JMP.&msvcrt.printf> 004015F0 MOV EAX,0 004015F5 LEAVE 004015F6 RETN -- snip ---

To test this in automated way here is my one-liner which uses winedbg in gdb proxy mode:

Old behaviour:

--- snip --- $ wine --version wine-5.12-260-g485c8566f10

$ WINEDEBUG=+console winedbg --gdb test.exe -q <<< "b *0x0040158D"$'\n'cont$'\n' 2>&1 | grep "to =" 017c:trace:console:WriteConsoleW 0x27 L"to = 0064FDF7, from = 0064FC2B\r\n" 32 0x64fa1c (nil) --- snip ---

Fixed:

--- snip --- $ wine-5.12-264-g3889c374a11

$ WINEDEBUG=+console winedbg --gdb test.exe -q <<< "b *0x0040158D"$'\n'cont$'\n' 2>&1 | grep "to =" 017c:trace:console:WriteConsoleW 0x27 L"to = 00000000, from = 00000000\r\n" 32 0x64fa1c (nil) --- snip ---

The breakpoint triggers an exception event at the right place.

The app is a console app hence +console debug channel is used to capture and filter the output.

Regards