http://bugs.winehq.org/show_bug.cgi?id=28662
Bug #: 28662 Summary: kernel32/loader test crashes on FreeBSD7/9 (at least) Product: Wine Version: 1.3.30 Platform: x86 OS/Version: FreeBSD Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: kernel32 AssignedTo: wine-bugs@winehq.org ReportedBy: austinenglish@gmail.com Classification: Unclassified
Created attachment 36834 --> http://bugs.winehq.org/attachment.cgi?id=36834 backtrace
Crashes on Francois's 7.0 vm, as well as for me on 9.0: Backtrace: =>0 0x62a07312 test_section_access+0x242() [/home/austin/wine-git/dlls/kernel32/tests/loader.c:683] in kernel32_test (0x0032fb08) 1 0x62a09079 func_loader+0x1658() [/home/austin/wine-git/dlls/kernel32/tests/loader.c:699] in kernel32_test (0x0032fdf8) 2 0x62a63cf5 run_test+0x114(name="loader.c") [/home/austin/wine-git/dlls/kernel32/tests/../../../include/wine/test.h:556] in kernel32_test (0x0032fe38) wineserver: file_set_error() can't map error: Bad address 3 0x62a63f2c main+0x16b(argc=*** Invalid address 0x00000010 *** , argv=0x1103d0) [/home/austin/wine-git/dlls/kernel32/tests/../../../include/wine/test.h:624] in kernel32_test (0x0032fee8) 4 0x62a649f7 __wine_spec_exe_entry+0x56(peb=0x3ffff000) [/home/austin/wine-git/dlls/winecrt0/exe_entry.c:36] in kernel32_test (0x0032ff10) 5 0x6285711c call_process_entry+0xb() in kernel32 (0x0032ff28) 6 0x6285a790 start_process+0x5f(peb=0x3ffff000) [/home/austin/wine-git/dlls/kernel32/process.c:1091] in kernel32 (0x0032ff58) 7 0x62345610 call_thread_func+0xb() in ntdll (0x0032ff68) 8 0x6234789d call_thread_entry_point+0x7c(entry=0x6285a730, arg=0x3ffff000) [/home/austin/wine-git/dlls/ntdll/signal_i386.c:2499] in ntdll (0x0032ffd8) 9 0x623224fe start_process+0x1d(kernel_start=0x6285a730) [/home/austin/wine-git/dlls/ntdll/loader.c:2612] in ntdll (0x0032ffe8) 10 0x6204e7dd wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000) 0x62a07312 test_section_access+0x242 [/home/austin/wine-git/dlls/kernel32/tests/loader.c:683] in kernel32_test: repe cmpsb (%esi),%es:(%edi) 683 ok(!memcmp((const char *)info.BaseAddress, section_data, section.SizeOfRawData), "wrong section data\n");
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #1 from Austin English austinenglish@gmail.com 2011-10-11 19:02:46 CDT --- Created attachment 36836 --> http://bugs.winehq.org/attachment.cgi?id=36836 relay,seh,tid
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru 2011-10-11 23:40:42 CDT --- Could you please try to figure out what exactly section access makes the test crash?
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #3 from Austin English austinenglish@gmail.com 2011-10-12 12:18:35 CDT --- (In reply to comment #2)
Could you please try to figure out what exactly section access makes the test crash?
Not sure precisely what you mean. Commenting the following lines avoids the crash: //if (info.Protect != PAGE_NOACCESS) //ok(!memcmp((const char *)info.BaseAddress, section_data, section.SizeOfRawData), "wrong section data\n");
or did you want to know something else?
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #4 from Austin English austinenglish@gmail.com 2011-10-12 17:27:54 CDT --- (In reply to comment #2)
Could you please try to figure out what exactly section access makes the test crash?
Figured it out. It doesn't like any of: { IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE } { IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE } { IMAGE_SCN_CNT_UNINITIALIZED_DATA | IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE }
presumably a safety measure to help prevent exploits?
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #5 from Dmitry Timoshkov dmitry@baikal.ru 2011-10-12 23:25:21 CDT --- (In reply to comment #4)
Figured it out. It doesn't like any of: { IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE } { IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE } { IMAGE_SCN_CNT_UNINITIALIZED_DATA | IMAGE_SCN_MEM_EXECUTE, PAGE_EXECUTE }
presumably a safety measure to help prevent exploits?
Probably you should report a bug to FreeBSD devs, at least on x86 reading from a page with PAGE_EXECUTE access should work, and it does under Windows and Linux as the tests indicate.
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #6 from Alexandre Julliard julliard@winehq.org 2011-10-13 03:41:45 CDT --- If reading is expected to work we should be requesting PROT_READ.
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #7 from Dmitry Timoshkov dmitry@baikal.ru 2011-10-13 04:18:16 CDT --- (In reply to comment #6)
If reading is expected to work we should be requesting PROT_READ.
That makes the test fail, since the page protection becomes PAGE_EXECUTE_READ instead of PAGE_EXECUTE.
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #8 from Alexandre Julliard julliard@winehq.org 2011-10-13 05:00:44 CDT --- Of course it needs to be done in a way that isn't visible to the app.
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #9 from Dmitry Timoshkov dmitry@baikal.ru 2011-10-13 05:23:43 CDT --- Created attachment 36876 --> http://bugs.winehq.org/attachment.cgi?id=36876 Add memory page read access when execute access is set
Does the attached patch help?
http://bugs.winehq.org/show_bug.cgi?id=28662
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
--- Comment #10 from Austin English austinenglish@gmail.com 2011-10-13 13:39:31 CDT --- (In reply to comment #9)
Created attachment 36876 [details] Add memory page read access when execute access is set
Does the attached patch help?
Works, thanks.
http://bugs.winehq.org/show_bug.cgi?id=28662
--- Comment #11 from Dmitry Timoshkov dmitry@baikal.ru 2011-10-13 22:19:47 CDT --- Patch sent.
http://bugs.winehq.org/show_bug.cgi?id=28662
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |f7e466455d07a5efcb697e06c69 | |5006c6a06e0e6 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #12 from Austin English austinenglish@gmail.com 2011-10-17 13:26:08 CDT --- (In reply to comment #11)
Patch sent.
http://source.winehq.org/git/wine.git/commitdiff/f7e466455d07a5efcb697e06c69...
Thanks!
http://bugs.winehq.org/show_bug.cgi?id=28662
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Alexandre Julliard julliard@winehq.org 2011-10-21 13:49:56 CDT --- Closing bugs fixed in 1.3.31.
-
wine-bugs@winehq.org