https://bugs.winehq.org/show_bug.cgi?id=49260
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|Protection c0000005 with |Some MFC applications using |MFC CPropertySheet::DoModal |CPropertySheet freeze in | |CPropertySheet::DoModal on | |Mac OS X
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello Reinhold,
the exceptions are by design. The app makes use of LocalXXX() API in message handler(s) and sometimes passes NULL handle (HLOCAL) to GlobalLock(). Wine needs to figure out if the handle is a valid pointer and you basically trace the result of the access with 'seh' debug channel.
Disassembly of one location where the API is used by your example app:
--- snip --- 0000000140007988 | mov qword ptr ss:[rsp+8],rbx | 000000014000798D | mov qword ptr ss:[rsp+10],rbp | 0000000140007992 | mov qword ptr ss:[rsp+18],rsi | 0000000140007997 | push rdi | 0000000140007998 | sub rsp,20 | 000000014000799C | mov rdi,rdx | 000000014000799F | mov rbx,rcx | 00000001400079A2 | call newpropertysheet.14000A034 | 00000001400079A7 | xor ebp,ebp | 00000001400079A9 | test eax,eax | 00000001400079AB | je newpropertysheet.1400079B7 | 00000001400079AD | mov eax,1 | 00000001400079B2 | jmp newpropertysheet.140007A91 | 00000001400079B7 | mov rdx,qword ptr ds:[1401E9370] | "AfxClosePending" 00000001400079BE | mov rcx,qword ptr ds:[rbx+40] | 00000001400079C2 | call qword ptr ds:[140168EF0] | GetPropA 00000001400079C8 | mov rcx,rax | 00000001400079CB | mov rsi,rax | can be NULL 00000001400079CE | call qword ptr ds:[140168868] | GlobalLock 00000001400079D4 | test rax,rax | 00000001400079D7 | je newpropertysheet.140007A3A | 00000001400079D9 | cmp dword ptr ds:[rax],1 | 00000001400079DC | jne newpropertysheet.140007A31 | 00000001400079DE | mov rcx,qword ptr ds:[rbx+40] | 00000001400079E2 | xor r9d,r9d | 00000001400079E5 | xor r8d,r8d | 00000001400079E8 | mov edx,476 | 00000001400079ED | call qword ptr ds:[140169098] | SendMessageA 00000001400079F3 | test rax,rax | 00000001400079F6 | jne newpropertysheet.140007A31 | 00000001400079F8 | mov rcx,rsi | 00000001400079FB | call qword ptr ds:[140168770] | GlobalUnlock 0000000140007A01 | mov rdx,qword ptr ds:[1401E9370] | "AfxClosePending" 0000000140007A08 | mov rcx,qword ptr ds:[rbx+40] | 0000000140007A0C | call qword ptr ds:[140168EF8] | RemovePropA 0000000140007A12 | test rax,rax | 0000000140007A15 | je newpropertysheet.140007A20 | 0000000140007A17 | mov rcx,rax | 0000000140007A1A | call qword ptr ds:[<&JMP.&GlobalFree>] | 0000000140007A20 | mov rax,qword ptr ds:[rbx] | 0000000140007A23 | mov rcx,rbx | 0000000140007A26 | call qword ptr ds:[rax+C0] | 0000000140007A2C | jmp newpropertysheet.1400079AD | 0000000140007A31 | mov rcx,rsi | 0000000140007A34 | call qword ptr ds:[140168770] | GlobalUnlock 0000000140007A3A | cmp dword ptr ds:[rdi+8],100 | 0000000140007A41 | jne newpropertysheet.140007A86 | 0000000140007A43 | mov ecx,11 | 0000000140007A48 | call qword ptr ds:[140168F00] | GetAsyncKeyState 0000000140007A4E | test ax,ax | 0000000140007A51 | jns newpropertysheet.140007A86 | 0000000140007A53 | cmp qword ptr ds:[rdi+10],9 | 0000000140007A58 | je newpropertysheet.140007A68 | 0000000140007A5A | cmp qword ptr ds:[rdi+10],21 | 0000000140007A5F | je newpropertysheet.140007A68 | 0000000140007A61 | cmp qword ptr ds:[rdi+10],22 | 0000000140007A66 | jne newpropertysheet.140007A86 | 0000000140007A68 | mov rcx,qword ptr ds:[rbx+40] | 0000000140007A6C | mov r9,rdi | 0000000140007A6F | xor r8d,r8d | 0000000140007A72 | mov edx,475 | 0000000140007A77 | call qword ptr ds:[140169098] | SendMessageA 0000000140007A7D | test rax,rax | 0000000140007A80 | jne newpropertysheet.1400079AD | 0000000140007A86 | mov rdx,rdi | 0000000140007A89 | mov rcx,rbx | 0000000140007A8C | call newpropertysheet.14000B578 | 0000000140007A91 | mov rbx,qword ptr ss:[rsp+30] | 0000000140007A96 | mov rbp,qword ptr ss:[rsp+38] | 0000000140007A9B | mov rsi,qword ptr ss:[rsp+40] | 0000000140007AA0 | add rsp,20 | 0000000140007AA4 | pop rdi | 0000000140007AA5 | ret | --- snip ---
https://source.winehq.org/git/wine.git/blob/8257fe88fb99ca0bdeec27b47b7cf835...
--- snip --- 684 /*********************************************************************** 685 * LocalLock (kernelbase.@) 686 */ 687 LPVOID WINAPI DECLSPEC_HOTPATCH LocalLock( HLOCAL hmem ) 688 { 689 void *ret = NULL; 690 691 if (is_pointer( hmem )) 692 { 693 __TRY 694 { 695 volatile char *p = hmem; 696 *p |= 0; 697 } 698 __EXCEPT_PAGE_FAULT 699 { 700 return NULL; 701 } 702 __ENDTRY 703 return hmem; 704 } 705 706 RtlLockHeap( GetProcessHeap() ); 707 __TRY 708 { 709 struct local_header *header = get_header( hmem ); 710 if (header->magic == MAGIC_LOCAL_USED) 711 { 712 ret = header->ptr; 713 if (!header->ptr) SetLastError( ERROR_DISCARDED ); 714 else if (header->lock < LMEM_LOCKCOUNT) header->lock++; 715 } 716 else 717 { 718 WARN( "invalid handle %p (magic: 0x%04x)\n", hmem, header->magic ); 719 SetLastError( ERROR_INVALID_HANDLE ); 720 } 721 } 722 __EXCEPT_PAGE_FAULT 723 { 724 WARN("(%p): Page fault occurred ! Caused by bug ?\n", hmem); 725 SetLastError( ERROR_INVALID_HANDLE ); 726 } 727 __ENDTRY 728 RtlUnlockHeap( GetProcessHeap() ); 729 return ret; 730 } --- snip ---
Emphasis on line 696 which causes the page fault you see.
Alexandre changed that piece of code in commit https://source.winehq.org/git/wine.git/commit/a76518c186ac0893ea460cd3b06109... ("kernelbase: Use exception handlers instead of IsBad* functions.").
One could argue the value could be checked for NULL first to avoid the page fault at all. Still, it shouldn't change the outcome. These exceptions are not visible to the app. The app doesn't install vectored exception handler / VEH.
Please provide a link to an app which shows the "freeze" behaviour (and steps to reproduce).
Regards