https://bugs.winehq.org/show_bug.cgi?id=49092
Bug ID: 49092 Summary: Blindwrite 7 crashes with a stack overflow Product: Wine Version: 5.7 Hardware: x86 URL: https://web.archive.org/web/20131210151026/http://down load2.vso-software.fr/Blindwrite7_setup.exe OS: Linux Status: NEW Keywords: download, regression Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: z.figura12@gmail.com Distribution: ---
0024:err:seh:setup_exception_record stack overflow 1696 bytes in thread 0024 eip f7c0b6cb esp 00220c90 stack 0x220000-0x221000-0x320000
A stack trace from winedbg yields:
Wine-gdb> bt #0 0xf7dc8fff in pthread_sigmask () from /usr/lib32/libpthread.so.0 #1 0x7bcb47fb in wine_server_call (req_ptr=0x222220) at ../../../wine/dlls/ntdll/server.c:387 #2 0x7bc95d7c in close_handle (handle=0x124) at ../../../wine/dlls/ntdll/om.c:393 #3 0x7bc95e88 in NtClose (Handle=0x124) at ../../../wine/dlls/ntdll/om.c:433 #4 0x7b043a04 in RegCloseKey@4 (hkey=0x124) at ../../../wine/dlls/kernelbase/registry.c:968 #5 0x0069ab55 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #6 0x00699e14 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #7 0x0069a89b in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #8 0x0069a84f in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #9 0x0073bb4b in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #10 0x007354d2 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #11 0x00736cc5 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #12 0x00736f53 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #13 0x00737f77 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #14 0x007384a9 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #15 0x00a9a1a7 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #16 0x00a99388 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #17 0x00a99394 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #18 0x00a99394 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe #19 0x00a99394 in ?? () from /home/hazel/.wine/dosdevices/c:/Program Files (x86)/VSO/BlindWrite/7/BW.exe
the last frame repeating ad nauseam.
I haven't figured out what's causing the bug.
I have to presume it's a regression, though, given bug 38235 and the comments there.
https://bugs.winehq.org/show_bug.cgi?id=49092
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu@mailbox.org
--- Comment #1 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 67109 --> https://bugs.winehq.org/attachment.cgi?id=67109 Revert-allocation-from-stack-in-36371075f8faebcb0ae2738982a877900.patch
Tried if I can get some more details and found following:
After the "ad nauseam" winedbg shows these frames: ... #16242 0x00a99394 in ?? () from .../BW.exe #16243 0x00a99394 in ?? () from .../BW.exe #16244 0x00b0417a in ?? () from .../BW.exe #16245 0x005f9edb in ?? () from .../BW.exe #16246 0x005f9b1f in ?? () from .../BW.exe #16247 0x005f9ad0 in ?? () from .../BW.exe #16248 0x0060452d in ?? () from .../BW.exe #16249 0x00b3881a in ?? () from .../BW.exe #16250 0x7b44fb6a in call_process_entry () at /home/bernhard/data/entwicklung/2020/wine/wine-git/wine-git/include/wine/debug.h:508 #16251 0x7b44fd0f in start_process (entry=0xb38770, peb=0x7ffdf000) at /home/bernhard/data/entwicklung/2020/wine/wine-git/wine-git/dlls/kernel32/process.c:153 #16252 0x7b44fb76 in __wine_start_process () at /home/bernhard/data/entwicklung/2020/wine/wine-git/wine-git/include/wine/debug.h:508 #16253 0x00000000 in ?? ()
A git bisect led to commit 36371075f8faebcb0ae2738982a877900ba870fb. Reduced that to just the *set* part, but could not find an "obvious" problem.
Attached patch (against wine-5.8) does just allocate the variable server_context from the heap instead of the stack and then it seems to work.
Could that be part of some protection which is checking no one messed around with the stack?
And third, this seems to be a one-time problem. Once I saw a program window this overflow issue was not triggered again on following runs.
Could you observe these points too?
https://bugs.winehq.org/show_bug.cgi?id=49092
--- Comment #2 from Zebediah Figura z.figura12@gmail.com --- That definitely changes behaviour, but it doesn't fix the problem. Instead I get a series of message boxes complaining of access violations. Also, if I trace back the call to NtSetContextThread() [using __builtin_return_address(0)], I eventually get RtlUnwind() with code STATUS_STACK_OVERFLOW.
I think that 36371075f just makes things worse, because while trying to handle a recoverable stack overflow we use another page or two of stack and end up causing an unrecoverable one.
I can confirm, though, that allowing the program to actually handle a stack overflow does change its behaviour, and subsequent runs don't run into the same crash...
https://bugs.winehq.org/show_bug.cgi?id=49092
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #3 from Zebediah Figura z.figura12@gmail.com --- I can't reproduce this anymore with wine 5.12.
https://bugs.winehq.org/show_bug.cgi?id=49092
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.13.
-
WineHQ Bugzilla