https://bugs.winehq.org/show_bug.cgi?id=50077
Bug ID: 50077 Summary: .NET 3.5SP1 installer depends on PEB->Reserved[1] / AtlThunkSListPtr32 being 0 or 1 Product: Wine Version: 5.20 Hardware: x86-64 OS: Mac OS X Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: bshanks@codeweavers.com
The .NET 3.5SP1 installer contains the 32-bit SITSetup.dll, which does the following:
- if IsProcessorFeatureEnabled(PF_NX_ENABLED) is true, - retrieve PEB[0x34]. In Wine this is currently 'Reserved[1]', Geoff Chappell documents it as 'AtlThunkSListPtr32'. - if the value is 0, allocate 8 bytes, zero them, and set PEB[0x34] to point to it. if the value is 1, this is coincidentally a flag value used by the code when DEP/NX is not supported/disabled. otherwise, the value is assumed to be a valid SLIST_HEADER pointer.
Wine uses PEB->Reserved for the image address, referenced by dbghelp check_live_target().
In limited testing on Linux (and Windows 10), I found PEB->Reserved[1] was set to 0, makes sense for a 32-bit EXE. On macOS (32on64), it was set to 0x1. On certain macOS versions, it was set to 0x2, causing the DLL to execute InterlockedPopEntrySList(2), which crashes.
https://bugs.winehq.org/show_bug.cgi?id=50077
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=50077
Brendan Shanks bshanks@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Fixed by SHA1| |b7f14a97bdb83690fc043ee3288 | |dfde0b860e1a2
--- Comment #1 from Brendan Shanks bshanks@codeweavers.com --- This is fixed by:
d18724c8169d50818c2c27ff3fb0b0567a5a3932 f40195cd9206872388d01e72db92ddf6b3140f6d b7f14a97bdb83690fc043ee3288dfde0b860e1a2
https://bugs.winehq.org/show_bug.cgi?id=50077
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.21.