[Bug 43127] wine crashes when trying to launch Gwent ( set_context_reg in ntdll/signal_x86_64.c assumes Xmm registers are aligned )

https://bugs.winehq.org/show_bug.cgi?id=43127

Sebastian Lackner sebastian@fds-team.de changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de Summary|wine crashes when trying to |wine crashes when trying to |launch Gwent |launch Gwent | |(set_context_reg in | |ntdll/signal_x86_64.c | |assumes Xmm registers are | |aligned) Component|-unknown |ntdll

--- Comment #1 from Sebastian Lackner sebastian@fds-team.de --- Thanks for reporting this issue. Based on the +relay,+tid,+seh log provided on IRC the relevant output is:

--- snip --- 0150:Call KERNEL32.RaiseException(406d1388,00000000,00000003,02fee530) ret=14028d218 0150:trace:seh:raise_exception code=406d1388 flags=0 addr=0x7b450a07 ip=7b450a07 tid=0150 0150:trace:seh:raise_exception info[0]=0000000000001000 0150:trace:seh:raise_exception info[1]=000000014108f680 0150:trace:seh:raise_exception info[2]=0000000000000150 [...] 0150:Call ntdll.RtlUnwindEx(02fee510,14028d21a,02fee330,406d1388,02fed7f0,02fed710) ret=1408cc158 [...] 0150:trace:seh:dwarf_virtual_unwind fde 0x7bcf87c0 len 64 personality (nil) lsda (nil) code 7bc9d770-7bc9e402 [...] 0150:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc980b0 ip=7bc980b0 tid=0150 0150:trace:seh:raise_exception rax=000000007bc980b0 rbx=0000000002fecf80 rcx=000000007bcd3744 rdx=0000000002fed468 0150:trace:seh:raise_exception rsi=0000000000000017 rdi=0000000002fea890 rbp=0000000000000018 rsp=0000000002fea5f8 0150:trace:seh:raise_exception r8=000000007bc9dea5 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 0150:trace:seh:raise_exception r12=0000000002fea890 r13=0000000002fed550 r14=0000000002fea658 r15=0000000002fea660 0150:trace:seh:call_vectored_handlers calling handler at 0x1801335b0 code=c0000005 flags=0 --- snip ---

The initial exception is expected and part of the Game code, however Wine crashes with a segmentation fault during unwinding (and as a result is stuck in an endless loop until it runs out of stack). The crash occurs here (part of set_context_reg):

--- snip --- 7bc980b0: 66 0f 6f 02 movdqa (%rdx),%xmm0 // <--- CRASH 7bc980b4: 0f 29 87 00 02 00 00 movaps %xmm0,0x200(%rdi) // Xmm6 7bc980bb: c3 retq --- snip ---

Problem is that the address (here 0x2fed468) is not properly 16-byte aligned. At first I suspected that Wine was compiled without enforcing stack alignment, but that is not the case:

--- snip --- 000000007bc9d770 <RtlUnwindEx@@Base>: 7bc9d770: 55 push %rbp 7bc9d771: 48 89 e5 mov %rsp,%rbp [...] 7bc9d782: 48 81 ec a0 00 00 00 sub $0xa0,%rsp 7bc9d789: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 7bc9d78d: 48 81 ec b0 06 00 00 sub $0x6b0,%rsp [...] 7bc9d7b1: 0f 11 b5 28 ff ff ff movups %xmm6,-0xd8(%rbp) --- snip ---

As you can see, GCC also used unaligned instructions here, so it seems intentional. Wines unwinding code probably just shouldn't make any assumptions about the alignment of variables stored on the stack.