http://bugs.winehq.org/show_bug.cgi?id=22829
Summary: Systinternals RAMMap crashes Product: Wine Version: 1.2-rc1 Platform: x86-64 URL: http://download.sysinternals.com/Files/RAMMap.zip OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: Paul.Vriens.Wine@gmail.com
Created an attachment (id=28189) --> (http://bugs.winehq.org/attachment.cgi?id=28189) Crash log
RAMMap.exe (new tool from SysInternals) crashes when run. You need to change the version to Vista or higher btw.
The crash in SysAllocString looks like reported as well in bug 3756.
http://bugs.winehq.org/show_bug.cgi?id=22829
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
--- Comment #1 from Austin English austinenglish@gmail.com 2010-05-22 19:15:39 --- Doesn't crash here, just complains that it can't connect to the 'FileInfo driver' and asks if I want to run it on next boot. Choosing yes or no and running it again has no effect. How can I reproduce this?
http://bugs.winehq.org/show_bug.cgi?id=22829
--- Comment #2 from Paul Vriens Paul.Vriens.Wine@gmail.com 2010-05-23 06:47:50 --- I'm running on a 64bit Wine (wow64). Crashes always here.
http://bugs.winehq.org/show_bug.cgi?id=22829
Paul Vriens Paul.Vriens.Wine@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |win64 Summary|Systinternals RAMMap |Sysinternals RAMMap crashes |crashes |
--- Comment #3 from Paul Vriens Paul.Vriens.Wine@gmail.com 2010-05-25 08:06:43 --- Running on a 32bit Wine gives the same results as Austin found. So it's most likely a 64bit (and/or wow64) Wine issue.
http://bugs.winehq.org/show_bug.cgi?id=22829
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW URL|http://download.sysinternal |http://technet.microsoft.co |s.com/Files/RAMMap.zip |m/en-us/sysinternals/ff7002 | |29 Component|-unknown |shell32 CC| |focht@gmx.net Ever Confirmed|0 |1 Summary|Sysinternals RAMMap crashes |Sysinternals RAMMap crashes | |(shell32.CommandLineToArgvW | |needs to include | |terminating NULL element in | |returned array of pointers)
--- Comment #4 from Anastasius Focht focht@gmx.net 2012-04-07 06:07:25 CDT --- Hello,
confirming. It seems the app expects CommandLineToArgvW() to return a terminating NULL element in returned array of pointers.
MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/bb776391%28v=vs.85%2...
There is a comment in community section (non Microsoft) stating:
--- quote --- No extra NULL element Unlike main and wmain, CommandLineToArgvW does not have an extra element of argv[argc] == NULL. Trying to do this will result in reading past the end of the pointer list. --- quote ---
This doesn't seem true.
The application code does _exactly_ that: ignoring the returned "argc" value and looping through returned pointer list to look for terminating NULL element.
Relevant application code, annotated:
--- snip --- 0040EB18 33FF XOR EDI,EDI ... 0040EB45 8D4424 44 LEA EAX,[LOCAL.165] ; __out int *pNumArgs 0040EB49 50 PUSH EAX 0040EB4A 897C24 14 MOV DWORD PTR SS:[LOCAL.178],EDI 0040EB4E FF15 50B24200 CALL DWORD PTR DS:[<&KERNEL32.GetCommandLineW>] 0040EB54 50 PUSH EAX ; lpCmdLine 0040EB55 FF15 ACB24200 CALL DWORD PTR DS:[<&SHELL32.CommandLineToArgvW>] 0040EB5B 8BF0 MOV ESI,EAX 0040EB5D 897C24 14 MOV DWORD PTR SS:[LOCAL.177],EDI ; local_argc = 0 0040EB61 393E CMP DWORD PTR DS:[ESI],EDI ; argv[0] == NULL ? 0040EB63 0F84 8A000000 JE 0040EBF3 0040EB69 8BDE MOV EBX,ESI arg_store_loop: 0040EB6B 68 F8164300 PUSH OFFSET 004316F8 ... 0040EB97 FF4424 14 INC DWORD PTR SS:[LOCAL.177] ... 0040EBD9 8B4424 14 MOV EAX,DWORD PTR SS:[LOCAL.177] 0040EBDD 8D1C86 LEA EBX,[EAX*4+ESI] 0040EBE0 833B 00 CMP DWORD PTR DS:[EBX],0 0040EBE3 75 86 JNE SHORT 0040EB6B ; arg_store_loop --- snip ---
Calling the app with some arguments:
--- snip --- $ wine ./RAMMap.exe arg1 arg2 arg3 --- snip ---
Dump of corresponding memory block Wine returns (heap metadata prepended for convenience)
--- snip --- 0012C438 00000078 0012C43C 00455355 USE 0012C440 0012C450 ; UNICODE "Z:\home\focht\Downloads\RAMMap.exe" 0012C444 0012C49A ; UNICODE "arg1" 0012C448 0012C4A4 ; UNICODE "arg2" 0012C44C 0012C4AE ; UNICODE "arg3" 0012C450 003A005A Z : 0012C454 0068005C \ h 0012C458 006D006F o m 0012C45C 005C0065 e \ 0012C460 006F0066 f o 0012C464 00680063 c h 0012C468 005C0074 t \ 0012C46C 006F0044 D o 0012C470 006E0077 w n 0012C474 006F006C l o 0012C478 00640061 a d 0012C47C 005C0073 s \ 0012C480 00410052 R A 0012C484 004D004D M M 0012C488 00700061 a p 0012C48C 0065002E . e 0012C490 00650078 x e 0012C494 00220000 0012C498 00610020 a 0012C49C 00670072 r g 0012C4A0 00000031 1 0012C4A4 00720061 a r 0012C4A8 00320067 g 2 0012C4AC 00610000 a 0012C4B0 00670072 r g 0012C4B4 00000033 3 --- snip ---
Iteration 5: "argv[4]" -> 0x0012C450 -> dereference: 0x003A005A (already part of argv[0] string). The address is mapped by chance (thread stack at 0x3A0000) not triggering page fault.
Iteration 6: "argv[5]" -> 0x0012C454 -> dereference: 0x0068005C This virtual address is not mapped, triggering fault, crashing the app.
Source: http://source.winehq.org/git/wine.git/blob/f445325999ebf3afd0b7df0e5c1a31eeb...
RAMMap v1.11 By Mark Russinovich and Bryce Cogswell Published: May 18, 2011
$ sha1sum RAMMap.exe 7f24fc771549d159d1ae4b3ea6e314750ce07a70 RAMMap.exe
$ wine --version wine-1.5.1-169-g1c62c9f
Regards
http://bugs.winehq.org/show_bug.cgi?id=22829
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #5 from Bruno Jesus 00cpxxx@gmail.com 2012-04-07 09:51:07 CDT --- Then this is a dupe of bug 28881 ?
http://bugs.winehq.org/show_bug.cgi?id=22829
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Sysinternals RAMMap crashes |Sysinternals RAMMap crashes |(shell32.CommandLineToArgvW |(shell32.CommandLineToArgvW |needs to include |needs to include |terminating NULL element in |terminating NULL element in |returned array of pointers) |returned array of pointers | |starting with WinVer >= | |Windows Vista)
--- Comment #6 from Anastasius Focht focht@gmx.net 2012-04-07 10:11:12 CDT --- Hell Bruno,
--- quote --- Then this is a dupe of bug 28881 ? --- quote ---
Same problem, yes. Regarding dupe .. well, chose one.
This bug is older and has a real world application crashing (from Microsoft guys) while the other bug talks about a "private" app which has already been modified to work around.
Anyway, the problem and solution is known - easy to fix.
Regards
http://bugs.winehq.org/show_bug.cgi?id=22829
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |martijn.jstn@gmail.com
--- Comment #7 from Bruno Jesus 00cpxxx@gmail.com 2012-04-07 10:24:36 CDT --- *** Bug 28881 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=22829
--- Comment #8 from Anastasius Focht focht@gmx.net 2012-12-17 09:12:17 CST --- Hello folks,
the bug is still present.
Other tools like "DiskView.exe" from Windows Sysinternals suite also suffer from this, crashing at startup.
Download: http://technet.microsoft.com/en-us/sysinternals/bb896650.aspx
Adding that extra terminating NULL to argv prevents the crash.
$ wine --version wine-1.5.19-152-g7f88250
Regards
http://bugs.winehq.org/show_bug.cgi?id=22829
Frédéric Delanoy frederic.delanoy@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |frederic.delanoy@gmail.com
--- Comment #9 from Frédéric Delanoy frederic.delanoy@gmail.com 2013-08-07 03:20:43 CDT --- Still in wine 1.6
http://bugs.winehq.org/show_bug.cgi?id=22829
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #10 from Sebastian Lackner sebastian@fds-team.de --- Could someone please test with the following patch?
https://github.com/compholio/wine-compholio-daily/tree/master/patches/17-she...
When it fixes the problem I'll go ahead and submit it.
http://bugs.winehq.org/show_bug.cgi?id=22829
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello Sebastian,
yes, the patch works as proposed (no crash anymore).
Regards
http://bugs.winehq.org/show_bug.cgi?id=22829
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |d892239f5ab913b1418bff63652 | |c09528bac936e Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #12 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/d892239f5ab913b1418bff63652...
Thanks Sebastian
Regards
https://bugs.winehq.org/show_bug.cgi?id=22829
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.22.
-
wine-bugs@winehq.org