[Bug 27614] New: [FreeBSD][eve online][OOM][dll/iphlpapi/ifenum.c][enumIPAddresses()] "Bad Handshake" bug
http://bugs.winehq.org/show_bug.cgi?id=27614
Summary: [FreeBSD][eve online][OOM][dll/iphlpapi/ifenum.c][enumIPAddresses()] "Bad Handshake" bug Product: Wine Version: 1.3.23 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: pprocacci@gmail.com
Tested wine versions: 1.3.21 and 1.3.23
Attempting to log into the game "eve online" results in a "Bad Handshake" error. I've narrowed down the problem to the following within the enumIPAddresses routine in dll/iphlpapi/ifenum.c.
########################################### do { lastlen = ifc->ifc_len; HeapFree(GetProcessHeap(), 0, ifc->ifc_buf); if (guessedNumAddresses == 0) guessedNumAddresses = INITIAL_INTERFACES_ASSUMED; else guessedNumAddresses *= 2; ifc->ifc_len = sizeof(struct ifreq) * guessedNumAddresses; ifc->ifc_buf = HeapAlloc(GetProcessHeap(), 0, ifc->ifc_len); ioctlRet = ioctl(fd, SIOCGIFCONF, ifc); } while ((ioctlRet == 0) && (ifc->ifc_len != lastlen)); ###########################################
The above snippet of code loops endlessly until ioctl returns -1. The statement "ifc->ifc_len != lastlen" is always true. This results in enormous amounts of memory attempting to be allocated and then later used in ioctl. Eventually the ioctl call will return -1, breaking the loop. ERROR_INVALID_PARAMETER gets returned from this routine, and the proceeding (proceeding proceeding) routine (GetAdaptersInfo) ends of returning ERROR_OUTOFMEMORY.
############################################ ret = getIPAddrTable(&ipAddrTable, GetProcessHeap(), 0); if (!ret) ret = AllocateAndGetIpForwardTableFromStack(&routeTable, FALSE, GetProcessHeap(), 0); if (!ret) table = getNonLoopbackInterfaceIndexTable(); if (table) { <!--- snip ----> } else ret = ERROR_OUTOFMEMORY; ############################################
I don't have a patch on hand or anything, but my debugging led me to the information provided.
Hope this helps.
http://bugs.winehq.org/show_bug.cgi?id=27614
Paul pprocacci@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Platform|x86 |x86-64 OS/Version|Linux |FreeBSD
http://bugs.winehq.org/show_bug.cgi?id=27614
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de
--- Comment #1 from André H. nerv@dawncrow.de 2011-06-27 11:22:15 CDT --- good analysis, i'll have a look
http://bugs.winehq.org/show_bug.cgi?id=27614
--- Comment #2 from André H. nerv@dawncrow.de 2011-06-27 11:43:22 CDT --- Created an attachment (id=35311) --> (http://bugs.winehq.org/attachment.cgi?id=35311) bad but simple test code
i simply compiled the attached code with gcc tst.c after running a.out on linux i get: 0 0 160 0 lo 1 0 200 160 lo 2 0 200 200 lo after running a.out on FreeBSD 8.2 i get: 0 0 104 0 em0 1 0 248 104 em0 2 0 368 248 em0 3 0 368 368 em0
so i can't see a loop or something special
http://bugs.winehq.org/show_bug.cgi?id=27614
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://eveonline.com CC| |austinenglish@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=27614
--- Comment #3 from Paul pprocacci@gmail.com 2011-06-27 15:59:46 CDT --- I no longer have my original environment where this bug took place, but I do have other several BSD machines I have tested your 'crude code' on.
Your crude code works fine on both amd64 and i386 archs.
Since I know for certain that loop wasn't being broken properly, and now I look like a fool I will get that environment back up and running tonight produce the bug again, and show what you crude code does. ;-)
Stay tuned.
http://bugs.winehq.org/show_bug.cgi?id=27614
--- Comment #4 from Paul pprocacci@gmail.com 2011-06-27 21:45:03 CDT --- Ok, I have additional information. I've re-setup the environment in which this debugging took place, essentially following the instructions from the following wiki:
Running your 'crude code' on the host (amd64) yeilds: ################################################## ./tst 0 0 72 0 usbus0 1 0 216 72 usbus0 2 0 464 216 usbus0 3 0 856 464 usbus0 4 0 856 856 usbus0 ##################################################
Running your 'crude code' in the i386 chroot yields: ################################################## ./tst 0 0 128 0 usbus0 1 0 256 128 usbus0 2 0 512 256 usbus0 3 0 1024 512 usbus0 4 0 2048 1024 usbus0 5 0 4096 2048 usbus0 6 0 8192 4096 usbus0 7 0 16384 8192 usbus0 8 0 32768 16384 usbus0 9 0 65536 32768 usbus0 10 0 131072 65536 usbus0 11 0 262144 131072 usbus0 12 0 524288 262144 usbus0 13 0 1048576 524288 usbus0 14 0 2097152 1048576 usbus0 15 0 4194304 2097152 usbus0 16 0 8388608 4194304 usbus0 17 0 16777216 8388608 usbus0 18 0 33554432 16777216 usbus0 19 0 67108864 33554432 usbus0 20 0 134217728 67108864 usbus0 21 0 268435456 134217728 usbus0 22 0 536870912 268435456 usbus0 23 0 1073741824 536870912 usbus0 24 -1 -2147483648 1073741824 (null) ##################################################
Running your 'crude code' that was compiled from within the chroot on the host doesn't fair any better.
This to me sounds like an operating system bug of somekind. Perhaps you know of a work around? Do you believe I should file a bug with the FreeBSD devs?
If you need any additional information, please let me know.
http://bugs.winehq.org/show_bug.cgi?id=27614
--- Comment #5 from Paul pprocacci@gmail.com 2011-06-28 03:24:47 CDT --- Created an attachment (id=35328) --> (http://bugs.winehq.org/attachment.cgi?id=35328) bad patch
So you provided a "bad but simple test code". I in return I am providing a "bad patch", which gets past the handshake errors, but then doesn't get much futher....crashes when entering the game.
My C code isn't stellar, do any existing bugs woudl cause this, but hopefully some peer review would help fix that.
Still the question remains whether or not the existing code tickles a bug in FreeBSD.
http://bugs.winehq.org/show_bug.cgi?id=27614
Paul pprocacci@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #6 from Paul pprocacci@gmail.com 2011-06-28 03:54:54 CDT --- You can close this bug report. It seems that is was a bug in FreeBSD afterall.
http://www.freebsd.org/cgi/query-pr.cgi?pr=158369
There aren't any comments other than my own regarding the bug, but it does seemed fix. Even though I am still crashing, I will open another bug report for that once I get eh FreeBSD bug fix in place.
Thanks for your time.
http://bugs.winehq.org/show_bug.cgi?id=27614
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from André H. nerv@dawncrow.de 2011-06-28 11:59:44 CDT --- you're welcome closing invalid...
-
wine-bugs@winehq.org