http://bugs.winehq.org/show_bug.cgi?id=29570
Bug #: 29570 Summary: Some applications crash when being +relay traced due to ntdll's relay_call clobbering ECX (and EDX) Product: Wine Version: 1.3.36 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello,
while investigating bug 29550 I encountered a problem with +relay I've seen such kind of +relay related crashes sometimes but forgot to report them. Now I have a fresh example ;-)
WINEDEBUG=+tid,+seh,+relay crashes the app quickly:
--- snip --- ... 0024:Call KERNEL32.GetCurrentThreadId() ret=10006777 0024:Ret KERNEL32.GetCurrentThreadId() retval=00000024 ret=10006777 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10006777 ip=10006777 tid=0024 0024:trace:seh:raise_exception info[0]=00000001 0024:trace:seh:raise_exception info[1]=0000000c 0024:trace:seh:raise_exception eax=00000024 ebx=008ba6a0 ecx=00000000 edx=00000000 esi=001425d0 edi=0032f220 0024:trace:seh:raise_exception ebp=00040000 esp=0032f1d0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0024:trace:seh:call_vectored_handlers calling handler at 0x68bb9e26 code=c0000005 flags=0 0024:trace:seh:call_vectored_handlers handler at 0x68bb9e26 returned 0 0024:trace:seh:call_stack_handlers calling handler at 0x4a56b0 code=c0000005 flags=0 0024:Call msvcrt._except_handler3(0032f178,0032fd94,0032eeac,0032ed40) ret=7bc7ac85 0024:trace:seh:_except_handler3 exception c0000005 flags=0 at 0x10006777 handler=0x4a56b0 0x32eeac 0x32ed40 semi-stub 0024:trace:seh:_except_handler3 reached TRYLEVEL_END, returning ExceptionContinueSearch 0024:Ret msvcrt._except_handler3() retval=00000001 ret=7bc7ac85 0024:trace:seh:call_stack_handlers handler at 0x4a56b0 returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x4a56b0 code=c0000005 flags=0 0024:Call msvcrt._except_handler3(0032f178,0032fe30,0032eeac,0032ed40) ret=7bc7ac85 0024:trace:seh:_except_handler3 exception c0000005 flags=0 at 0x10006777 handler=0x4a56b0 0x32eeac 0x32ed40 semi-stub 0024:trace:seh:_except_handler3 level 0 prev -1 filter 0x4a5ab0 0024:Call msvcrt._XcptFilter(c0000005,0032ebd4) ret=004a5ac1 0024:trace:seh:_XcptFilter (c0000005,0x32ebd4) 0024:Ret msvcrt._XcptFilter() retval=00000000 ret=004a5ac1 0024:trace:seh:_except_handler3 filter returned CONTINUE_SEARCH 0024:trace:seh:_except_handler3 reached TRYLEVEL_END, returning ExceptionContinueSearch 0024:Ret msvcrt._except_handler3() retval=00000001 ret=7bc7ac85 0024:trace:seh:call_stack_handlers handler at 0x4a56b0 returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x7bc919e1 code=c0000005 flags=0 0024:Call KERNEL32.UnhandledExceptionFilter(0032eca8) ret=7bc91a1b ... --- snip ---
Code around the crash location:
-- snip --- 10006760 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] 10006764 33C0 XOR EAX,EAX 10006766 BA 01000000 MOV EDX,1 1000676B F0:0FB111 LOCK CMPXCHG DWORD PTR DS:[ECX],EDX 1000676F 75 0C JNZ SHORT sfl.1000677D 10006771 FF15 24610210 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>] 10006777 8941 0C MOV DWORD PTR DS:[ECX+C],EAX 1000677A C2 0400 RETN 4 ... -- snip ---
Unfortunately ntdll's 32 bits relay_call clobbers ECX (=0) hence the exception after returning from KERNEL32.GetCurrentThreadId().
Code: http://source.winehq.org/git/wine.git/blob/2741edb9989d33ae7bb3d2dceba5e5d91...
Preserving ECX in relay_call() lets the app successfully +relay traced (already tested). Technically EDX might need to be preserved for callers too but this app can live without it...
$ sha1sum sai-1.1.0-ful-en.exe fb1876e370d431f21df06428ca6ccf35de727000 sai-1.1.0-ful-en.exe
$ wine --version wine-1.3.36-172-gb00e703
Regards