https://bugs.winehq.org/show_bug.cgi?id=49640
Bug ID: 49640 Summary: Loading certain builtin/Winelib DLLs twice may crash Product: Wine Version: 5.13 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: bshanks@codeweavers.com Distribution: ---
When certain "builtin"/Winelib DLLs/EXEs get loaded, then unloaded, then loaded again (by two calls to GetFileVersionInfoSize() for example), the second load may result in a crash.
The underlying problem is that dlopen_dll() in dlls/ntdll/unix/loader.c assumes that dlopen() is returning a freshly-mapped copy of the file. POSIX doesn't guarantee this though, and if the file was already previously loaded by Wine, and relocation fixups were applied, those fixed-up headers will be still be present. map_so_dll then applies fixups again, and that's where I'm seeing the crash. In particular, when map_so_dll is building the import directory, I see that imports->Name already has the delta applied to it from the previous load.
An EXE that has this problem is the "steam.exe.so" shipped with Proton, I believe since it links to a C++ library it will not be unloaded by a dlclose() call (see https://stackoverflow.com/questions/38869657/dlclose-not-unloading-so-file-w...)