[Bug 35021] New: League of Legends installer page faults in custom action during stackwalk (SymFromAddr with NULL displacement ptr)

30 Nov 2013


      http://bugs.winehq.org/show_bug.cgi?id=35021
Bug #: 35021
           Summary: League of Legends installer page faults in custom
                    action during stackwalk (SymFromAddr with NULL
                    displacement ptr)
           Product: Wine
           Version: 1.7.7
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: dbghelp
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: focht@gmx.net
    Classification: Unclassified
Hello folks,
I already mentioned this in bug 35011 ... not a big thing but it deserves it's
own bug.
The context capture/stack walk in custom action is done on purpose.
--- snip ---
003b:trace:msi:ACTION_CallDllFunction calling L"OnAiRemoveFilesUndoable" 
...
003b:Call dbghelp.SymGetModuleBase(ffffffff,7d4fd3f7) ret=7e458574
003b:Ret  dbghelp.SymGetModuleBase() retval=7d4d0000 ret=7e458574
003b:Call dbghelp.SymFunctionTableAccess(ffffffff,7d4fd3f7) ret=7e458515
003b:Ret  dbghelp.SymFunctionTableAccess() retval=00000000 ret=7e458515
003b:Ret  dbghelp.StackWalk() retval=00000001 ret=003b337f
003b:Call ntdll.RtlAllocateHeap(00bb0000,00000000,00000020) ret=003c8570
003b:Ret  ntdll.RtlAllocateHeap() retval=00bb41d0 ret=003c8570
003b:Call dbghelp.SymFromAddr(ffffffff,7d4fd3f7,00000000,00000000,00bb39a0)
ret=003b3844
003b:Call ntdll.RtlReAllocateHeap(00110000,00000000,01300030,0000ad88)
ret=7e45be05
003b:Ret  ntdll.RtlReAllocateHeap() retval=01300030 ret=7e45be05
003b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e45d158
ip=7e45d158 tid=003b
003b:trace:seh:raise_exception  info[0]=00000001
003b:trace:seh:raise_exception  info[1]=00000000
003b:trace:seh:raise_exception  eax=0000000b ebx=00000000 ecx=00000000
edx=00000000 esi=7d4fd3ec edi=00000000
003b:trace:seh:raise_exception  ebp=00ebca58 esp=00ebca20 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
003b:trace:seh:call_stack_handlers calling handler at 0x3d840d code=c0000005
flags=0 
...
003b:trace:seh:__regs_RtlUnwind handler at 0x3da946 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x3cb818 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x3cb818 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x7bc81a26 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x7bc81a26 returned 3
003b:Ret  ntdll.RtlUnwind() retval=00000000 ret=7d566735
003b:  eax=00000000 ebx=7d5c7000 ecx=00eba318 edx=00eba318 esi=00ebe8d0
edi=7d56674a ebp=00eb9e08 esp=00eb9dd8 ds=002b es=002b fs=0063 gs=006b
flags=00200216
003b:err:msi:ACTION_CallDllFunction Custom action
(L"C:\users\focht\Temp\msi5823.tmp":L"OnAiRemoveFilesUndoable") caused a
page fault: c0000005
003b:trace:msi:MsiCloseHandle 6
003b:trace:msi:MsiCloseHandle handle 6 destroyed
003b:Call KERNEL32.FreeLibrary(00390000) ret=7d4fd812
003b:Ret  KERNEL32.FreeLibrary() retval=00000001 ret=7d4fd812
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:MsiCloseHandle handle 5 destroyed
003b:Call ntdll.RtlFreeHeap(00110000,00000000,00914c28) ret=7d532a5a
003b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7d532a5a
003b:Call oleaut32.SysFreeString(00914e24
L"C:\users\focht\Temp\msi5823.tmp") ret=7d4fd83c
003b:Ret  oleaut32.SysFreeString() retval=00000000 ret=7d4fd83c
003b:Call oleaut32.SysFreeString(0090404c L"OnAiRemoveFilesUndoable")
ret=7d4fd84a
003b:Ret  oleaut32.SysFreeString() retval=00000000 ret=7d4fd84a
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:DllThread custom action (3b) returned 0
003b:trace:msi:MsiCloseAllHandles  
--- snip ---
Wine unconditionally writes to the optional out parameter 'Displacement' in
SymFromAddr() for which the caller passes NULL, causing a page fault.
MSDN says:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681323%28v=vs.85%2...
--- quote ---
Displacement [out, optional]
The displacement from the beginning of the symbol, or zero.
--- quote ---
Source:
http://source.winehq.org/git/wine.git/blob/836b682ed3bff439f1264bc9cee4ecce6...
(fault caused in line 1232)
--- snip ---
1219 BOOL WINAPI SymFromAddr(HANDLE hProcess, DWORD64 Address,
1220                         DWORD64* Displacement, PSYMBOL_INFO Symbol)
1221 {
1222     struct module_pair pair;
1223     struct symt_ht* sym;
1224
1225     pair.pcs = process_find_by_handle(hProcess);
1226     if (!pair.pcs) return FALSE;
1227     pair.requested = module_find_by_addr(pair.pcs, Address, DMT_UNKNOWN);
1228     if (!module_get_debug(&pair)) return FALSE;
1229     if ((sym = symt_find_nearest(pair.effective, Address)) == NULL) return
FALSE;
1230
1231     symt_fill_sym_info(&pair, NULL, &sym->symt, Symbol);
1232     *Displacement = Address - Symbol->Address;
1233     return TRUE;
1234 }
--- snip ---
Regards
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 35021] New: League of Legends installer page faults in custom action during stackwalk (SymFromAddr with NULL displacement ptr)