http://bugs.winehq.com/show_bug.cgi?id=943

Summary: Regression in module loading Product: Wine Version: CVS Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-loader AssignedTo: wine-bugs@winehq.com ReportedBy: prupe@myrealbox.com

A recent change in CVS caused Xnews (http://xnews.newsguy.com/) to crash on startup. I've traced it to the patch http://cvs.winehq.com/patch.py?id=1027987166850574216879071, but I know next to nothing about this how this part of the code works.

The crash happens on the following code in PE_InitTls, loader/pe_image.c: if ( wm->tlsindex == -1 ) { LPDWORD xaddr; wm->tlsindex = TlsAlloc(); xaddr = _fixup_address(&(peh->OptionalHeader),delta, pdir->AddressOfIndex ); => *xaddr=wm->tlsindex; } wm is the module Xnews.exe itself. xaddr and wm are both reasonable addresses, but the problem is that *xaddr was previously marked read-only using VIRTUAL_SetProt in map_image, memory/virtual.c. If I change it so that VPROT_WRITE|VPROT_WRITECOPY is always included again, it fixes this crash, but then the app dies soon after:

Wine-dbg>bt Backtrace: =>0 0x38a2389c (_end+0x309d6174) (ebp=405c6e8c) 1 0x400ac108 (start_process+0x258 [process.c:526] in libntdll.dll.so) (ebp=405c6f38 2 0x400b00d7 (call_on_thread_stack+0x23(func=0x400abeb0) [sysdeps.c:105] in (libnt.dll.so) (ebp=405c6ff4) 3 0x400b0270 (SYSDEPS_CallOnStack+0x14 in libnt.dll.so) (ebp=00000000) Wine-dbg>up 526 ExitThread( entry(NULL) ); Wine-dbg>p entry 0x4045918c

According to -debugmsg +module, Xnews.exe was mapped to 0x4036b000-0x404aa000, so I don't know where the 0x38... address came from. Backing out the above patch fixes the problem completely. Other apps don't seem to be affected, and I don't know what's special about this one.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://bugs.winehq.com/show_bug.cgi?id=943. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.