https://bugs.winehq.org/show_bug.cgi?id=54272

Bug ID: 54272 Summary: ntdll-NtDevicePath breaks Wow.exe Product: Wine-staging Version: 8.0-rc2 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: blocker Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: kdt3rd@gmail.com CC: leslie_alistair@hotmail.com, z.figura12@gmail.com Distribution: ---

In 8.0-rc2, the ntdll-NtDevicePath patch was updated and re-enabled. However, this seems to cause some sort of stack corruption that causes World of Warcraft to hard abort with a free() invalid pointer error after about 10-20 minutes.

https://bugs.winehq.org/show_bug.cgi?id=54267 has a bit more information

I added some trace calls, and 99.9% of the time it goes either into the path where the attributes provides a root directory, or the path does not match either \SystemRoot\ or ??\ so is processed by the original code path. However, when it does crash, it is during processing of

\SystemRoot\system32\ntoskrnl.exe

the path is converted to

??\C:\windows\system32\ntoskrnl.exe

and the nt_to_unix_file_name_internal function processes that correctly, translating it to

<configroot>/c:/windows/system32/ntoskrnl.exe

but then crashes during the free of the 'name' variable at the end of (the new) nt_to_unix_file_name. This is not the first time it did this transformation, if I scroll back in the log, I see a few others. So something seems to be triggering some sort of slow corruption - or debugstr_us is lying and there are hidden non-printable characters in the above and that explains the corruption. But I am sort of mystified, the lengths of the strings seem plausible. But if I just remove that one patch (ntdll-NtDevicePath), all works...