https://bugs.winehq.org/show_bug.cgi?id=46635
Bug ID: 46635 Summary: git for windows works or crashes depending on how its invoked Product: Wine Version: 4.0 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: paleozogt@gmail.com Distribution: ---
Created attachment 63547 --> https://bugs.winehq.org/attachment.cgi?id=63547 wine git bug project
Git for Windows seems to work properly with Wine:
➜ wine git --version git version 2.20.1.windows.1
However, if its invoked via some other tool (such as CMake or Java) it will crash. Perhaps it has to do with the particular API being used (evecvp, etc)?
For example, if CMake invokes it with
execute_process( COMMAND git --version OUTPUT_VARIABLE VERSION OUTPUT_STRIP_TRAILING_WHITESPACE )
then we see:
➜ wine cmake .. -G "Unix Makefiles" 003b:fixme:winsock:WS_EnterSingleProtocolW unknown Protocol <0x00000000> 003b:fixme:winsock:WS_EnterSingleProtocolW unknown Protocol <0x00000000> wine: Unhandled page fault on write access to 0x00000000 at address 0x5db52b (thread 0045), starting debugger...
I've attached a project that allows you to reproduce this issue: 1) Make sure you have zip and p7zip-full installed 2) Setup wine with "wineboot" 3) Unzip the project and cd into it 4) Run ./setup.sh to download git, cmake, etc 5) Run ./test.sh to exercise the bug
https://bugs.winehq.org/show_bug.cgi?id=46635
--- Comment #1 from Aaron Simmons paleozogt@gmail.com --- Created attachment 63548 --> https://bugs.winehq.org/attachment.cgi?id=63548 output of setup.sh
https://bugs.winehq.org/show_bug.cgi?id=46635
--- Comment #2 from Aaron Simmons paleozogt@gmail.com --- Created attachment 63549 --> https://bugs.winehq.org/attachment.cgi?id=63549 output of test.sh
https://bugs.winehq.org/show_bug.cgi?id=46635
--- Comment #3 from Aaron Simmons paleozogt@gmail.com --- Just to be clear-- the crash in the example isn't coming from CMake, but from git itself.
https://bugs.winehq.org/show_bug.cgi?id=46635
Aaron Simmons paleozogt@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |paleozogt@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=46635
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
https://bugs.winehq.org/show_bug.cgi?id=46635
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Keywords| |download Ever confirmed|0 |1 CC| |xerox.xerox2000x@gmail.com
--- Comment #4 from Louis Lenders xerox.xerox2000x@gmail.com ---
Hi i can confirm there is a crash. seems like a problem in NtQueryObject.
002f:Call msvcrt._get_osfhandle(00000001) ret=005db4b9 002f:Ret msvcrt._get_osfhandle() retval=000000b4 ret=005db4b9 002f:Call KERNEL32.GetFileType(000000b4) ret=005db4c5 002f:Ret KERNEL32.GetFileType() retval=00000003 ret=005db4c5 002f:Call ntdll.NtQueryObject(000000b4,00000001,0032f710,000003fe,0032f70c) ret=005db512 002f:Ret ntdll.NtQueryObject() retval=00000000 ret=005db512 002f:trace:seh:NtRaiseException code=c0000005 flags=0 addr=0x5db52b ip=5db52b tid=002f 002f:trace:seh:NtRaiseException info[0]=0000000000000001 002f:trace:seh:NtRaiseException info[1]=0000000000000000
I might be off (little late) but msdn suggests enumeration for the OBJECT_INFORMATION_CLASS is wrong in wintern.h. (https://docs.microsoft.com/en-us/windows/desktop/api/winternl/nf-winternl-nt...)
msdn suggests ObjectBasicInformation =0 ObjectTypeInformation =1
and wintern.h says ObjectTypeInformation =2 or am I missing something/see it wrong?
The following hack makes crash dissapear:
diff --git a/include/winternl.h b/include/winternl.h index 46dac7e481..9ff5358b6e 100644 --- a/include/winternl.h +++ b/include/winternl.h @@ -824,8 +824,8 @@ typedef enum _KEY_VALUE_INFORMATION_CLASS {
typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation, - ObjectNameInformation, ObjectTypeInformation, + ObjectNameInformation, ObjectAllInformation, ObjectDataInformation } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
I did /tmp/wine-git-bug/.build$ wine ../tools/bin/cmake.exe .. -G "Unix Makefiles"
With the hack/patch: Is this expected output?
wine: cannot find L"C:\windows\system32\winemenubuilder.exe" 000b:err:wineboot:ProcessRunKeys Error running cmd L"C:\windows\system32\winemenubuilder.exe -a -r" (2) 0027:fixme:winsock:WS_EnterSingleProtocolW unknown Protocol <0x00000000> 0027:fixme:winsock:WS_EnterSingleProtocolW unknown Protocol <0x00000000> CMake Error at CMakeLists.txt:8 (message): GIT_VERSION= git version 2.20.1.windows.1
-- Configuring incomplete, errors occurred! 0027:fixme:ver:GetCurrentPackageId (0xabfcf0 (nil)): stub
https://bugs.winehq.org/show_bug.cgi?id=46635
--- Comment #5 from Louis Lenders xerox.xerox2000x@gmail.com --- Created attachment 63806 --> https://bugs.winehq.org/attachment.cgi?id=63806 hack
Attached is a hack, stolen from bug 45645, and a bit adapted for this crash. (that previous hack was utterly wrong, got confused by msdn page that only states two enumerationtypes (ObjectBasicInformation,ObjectTypeInformation)
To me looks like bug 45645 and this one are more or less similar issues but i`m by far an expert, so don`t shoot me if i`m wrong,
I will link this bugreport to bug 45645.
Note: source code seems to be here : https://github.com/git-for-windows/git/blob/master/compat/winansi.c
typedef struct _OBJECT_NAME_INFORMATION { UNICODE_STRING Name; WCHAR NameBuffer[0]; } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
#define ObjectNameInformation 1
#else #include <ntstatus.h> #endif
static void detect_msys_tty(int fd) { ULONG result; BYTE buffer[1024]; POBJECT_NAME_INFORMATION nameinfo = (POBJECT_NAME_INFORMATION) buffer; PWSTR name;
/* check if fd is a pipe */ HANDLE h = (HANDLE) _get_osfhandle(fd); if (GetFileType(h) != FILE_TYPE_PIPE) return;
/* get pipe name */ if (!NT_SUCCESS(NtQueryObject(h, ObjectNameInformation, buffer, sizeof(buffer) - 2, &result))) return; name = nameinfo->Name.Buffer; name[nameinfo->Name.Length / sizeof(*name)] = 0;
https://bugs.winehq.org/show_bug.cgi?id=46635
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=45645
https://bugs.winehq.org/show_bug.cgi?id=46635
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com Component|-unknown |wineserver
--- Comment #6 from Zebediah Figura z.figura12@gmail.com ---
From the source, it's passing standard handles to NtQueryObject(). If the
handle is not redirected, it'll be a kernel32 console handle. That's not a kernel object, and on Windows it causes NtQueryObject() to spit up STATUS_INVALID_HANDLE. That means that "detect_msys_tty()" will return early and not crash.
I'm not quite sure what level this should be fixed on. To be fully correct, I'd say that get_handle_obj() in server/handle.c should fail for console input objects, as I suspect basically anything else that checks for it should return STATUS_INVALID_HANDLE rather than succeeding or returning STATUS_OBJECT_TYPE_MISMATCH. But that's certainly risky; it would need a lot of tests.
https://bugs.winehq.org/show_bug.cgi?id=46635
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jacek@codeweavers.com
--- Comment #7 from Jacek Caban jacek@codeweavers.com --- They are kernel handles since Windows 8. ObjectNameInformation should return "\Device\ConDrv" for console handles.
https://bugs.winehq.org/show_bug.cgi?id=46635
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu@mailbox.org
--- Comment #8 from Bernhard Übelacker bernhardu@mailbox.org --- This seems the same crash as in bug #40011.
I tested inside a minimal Debian VM with dl.winehq.org packages: 4.13~bullseye: Unhandled page fault ... at address 0x5db52b 5.5~bullseye: Unhandled page fault ... at address 00000000005DB52B 5.17~bullseye: Unhandled page fault ... at address 00000000005DB52B 5.18~bullseye: works 7.5~bookworm-1: works 7.10~bookworm-1: works 8.9~bookworm-1: works
It looks like it got fixed between wine 5.17 and 5.18. I guess this bug can be closed as fixed (which I lack permission to).
https://bugs.winehq.org/show_bug.cgi?id=46635
--- Comment #9 from Fabian Maurer dark.shadow4@web.de --- Is there still something to be done here regarding handles or is this completely fixed?
-
wine-bugs@winehq.org -
WineHQ Bugzilla