[Bug 37954] New: Unhandled exception: page fault on write access to 0x0cf00052 in 32-bit code (0x00520d30)
https://bugs.winehq.org/show_bug.cgi?id=37954
Bug ID: 37954 Summary: Unhandled exception: page fault on write access to 0x0cf00052 in 32-bit code (0x00520d30) Product: Wine Version: 1.7.34 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: anonymous.maarten@gmail.com Distribution: ---
Created attachment 50563 --> https://bugs.winehq.org/attachment.cgi?id=50563 Visual Studio 6 project, binary and wine output log
Hey,
While trying to implement msvcirt.dll, I stumbled upon a write to a null pointer.
The source of the binary is (compiled on Visual Studio 6.0, with option \MT and _MT and _DLL defined) see https://msdn.microsoft.com/en-us/library/aa272081(v=vs.60).aspx
#include <strstrea.h> int main() { ostrstream oss; return 0; }
The Visual Studio project, binary and console output are bundled in the attached tar.
The error is: wine: Unhandled page fault on write access to 0x00000000 at address 0x405000 (thread 000 9), starting debugger... Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0x00405000 ).
In current git all functions called in mscvirt are stubs. I believe that this should not cause a null pointer access.
https://bugs.winehq.org/show_bug.cgi?id=37954
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |msvcirt Summary|Unhandled exception: page |Test application using old |fault on write access to |MSVC++ iostream library |0x0cf00052 in 32-bit code |crashes on startup |(0x00520d30) |('msvcirt.??0ostrstream@@QA | |E@XZ' takes one argument) Ever confirmed|0 |1
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
Next time please put up a more meaningful summary.
Relevant part of trace log:
--- snip --- ... 0023:Call msvcirt.??0ostrstream@@QAE@XZ(0033fd8c) ret=0040100f 0023:fixme:msvcirt:MSVCIRT_ostrstream_sl_void (0x33fd8c) stub 0023:Ret msvcirt.??0ostrstream@@QAE@XZ() retval=0033fd8c ret=0040100f 0023:Call msvcirt.??1ostrstream@@UAE@XZ(0033fd90) ret=00401019 0023:fixme:msvcirt:MSVCIRT_ostrstream_sl_void (0x33fd90) stub 0023:Ret msvcirt.??1ostrstream@@UAE@XZ() retval=0033fd90 ret=00401019 0023:Call msvcirt.??1ios@@UAE@XZ(0033fd90) ret=00401023 0023:fixme:msvcirt:MSVCIRT_ios_sl_void (0x33fd90) stub 0023:Ret msvcirt.??1ios@@UAE@XZ() retval=0033fd90 ret=00401023 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x405000 ip=00405000 tid=0023 0023:trace:seh:raise_exception info[0]=00000001 0023:trace:seh:raise_exception info[1]=00000000 0023:trace:seh:raise_exception eax=00000000 ebx=7b8bf000 ecx=0033fd90 edx=7bceec48 esi=0033feb0 edi=00000000 0023:trace:seh:raise_exception ebp=0033fe20 esp=0033fde4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010212 ... Backtrace: =>0 0x00405000 in test1 (+0x5000) (0x0033fe20) 1 0x7b864ff8 call_process_entry+0xb() in kernel32 (0x0033fe38) ... --- snip ---
The stack gets imbalanced by the first ctor stub, resulting in later crash when leaving 'main'.
Code of test app:
--- snip --- Wine-dbg>disas
0x00401000: subl $88,%esp 0x00401003: leal 0x0(%esp),%ecx ; this 0x00401007: pushl $0x1 ; unknown arg to ctor? 0x00401009: call *0x404090 -> 0x7eff37d4 __thiscall_MSVCIRT_ostrstream_sl_void in msvcirt 0x0040100f: leal 0x8(%esp),%ecx 0x00401013: call *0x404094 -> 0x7eff37d4 __thiscall_MSVCIRT_ostrstream_sl_void in msvcirt 0x00401019: leal 0x8(%esp),%ecx 0x0040101d: call *0x404098 -> 0x7eff3758 __thiscall_MSVCIRT_ios_sl_void in msvcirt 0x00401023: xorl %eax,%eax 0x00401025: addl $88,%esp 0x00401028: ret --- snip --
It seems the MSVC++ 6 compiler generated code which passes an additional argument to 'ostrstream::ostrstream()' ctor.
Regards
https://bugs.winehq.org/show_bug.cgi?id=37954
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |testcase
https://bugs.winehq.org/show_bug.cgi?id=37954
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |9249f393c25cb4dc18869483472 | |e9d135dba351f Resolution|--- |FIXED
--- Comment #2 from Nikolay Sivov bunglehead@gmail.com --- This actually looks fixed, http://source.winehq.org/git/wine.git/commit/9249f393c25cb4dc18869483472e9d1....
https://bugs.winehq.org/show_bug.cgi?id=37954
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.9.17.
-
wine-bugs@winehq.org