[Bug 47808] New: Cygwin's mintty.exe crashes with a stack overflow

List overview All Threads

newer

older

[Bug 54912] New: Will not run my...

[Bug 54991] New: Chinese IME no...

WineHQ Bugzilla

25 Sep 2019 25 Sep '19

5:38 p.m.

https://bugs.winehq.org/show_bug.cgi?id=47808

Bug ID: 47808 Summary: Cygwin's mintty.exe crashes with a stack overflow Product: Wine Version: 4.16 Hardware: x86-64 URL: https://cygwin.com/setup-x86_64.exe OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: z.figura12@gmail.com Distribution: ---

Created attachment 65297 --> https://bugs.winehq.org/attachment.cgi?id=65297 hack: always expand the stack if within the stack reserve

The problem is that Cygwin replaces the default stack with one that they've manually allocated, for whatever reason. Unlike Wine's stack, their stack is actually split into reserved and committed parts.

Then somewhere in gdi32, libfreetype jumps multiple pages of stack at once, skipping the guard page and triggering a stack overflow. It's within the reserved portion, but it never touches the guard pages, so we abort immediately. This is never a problem normally, because Wine commits the whole stack instead of just part of it.

The architecturally correct way to fix this is normally to have any such function use _chkstk(). But it's within libfreetype, so that isn't going to work. The attached patch fixes the bug, but it's probably not correct. I don't know how much better we can do, though...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

WineHQ Bugzilla

16 Aug 16 Aug

3:26 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Fabian Maurer dark.shadow4@web.de changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de

--- Comment #1 from Fabian Maurer dark.shadow4@web.de --- Is this still relevant?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

17 Aug 17 Aug

7:20 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- Created attachment 70481 --> https://bugs.winehq.org/attachment.cgi?id=70481 Update hack for wine-6.14

So, this is still a problem and affects all 64bit programs linking to the cygwin or msys2 dll. Also see the dupe, bug 51610 for a testcase.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:21 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #3 from Fabian Maurer dark.shadow4@web.de --- *** Bug 51610 has been marked as a duplicate of this bug. ***

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:28 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #4 from Zebediah Figura z.figura12@gmail.com --- It'll be fixed by using __wine_unix_call for freetype2 calls.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:51 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Fabian Maurer dark.shadow4@web.de changed:

--- Comment #5 from Fabian Maurer dark.shadow4@web.de --- Comment on attachment 70481 --> https://bugs.winehq.org/attachment.cgi?id=70481 Update hack for wine-6.14

Forget about the updated patch, it doesn't work properly. Since you seem to know what you're doing here, would you mind updating the hack?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

8:15 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #6 from Fabian Maurer dark.shadow4@web.de ---

...

It'll be fixed by using __wine_unix_call for freetype2 calls.

I'm curious, how does that indirection help with the stack usage?

Btw, the x window functions are affected as well, for me mostly XCreatePixmap.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

8:18 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #7 from Zebediah Figura z.figura12@gmail.com --- (In reply to Fabian Maurer from comment #6)

...

...
It'll be fixed by using __wine_unix_call for freetype2 calls.

I'm curious, how does that indirection help with the stack usage?

Btw, the x window functions are affected as well, for me mostly XCreatePixmap.

__wine_unix_call switches to the kernel stack.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

11:34 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #8 from Zebediah Figura z.figura12@gmail.com --- Created attachment 70483 --> https://bugs.winehq.org/attachment.cgi?id=70483 updated hack, probably

(In reply to Fabian Maurer from comment #5)

...

Comment on attachment 70481 [details] Update hack for wine-6.14

Forget about the updated patch, it doesn't work properly. Since you seem to know what you're doing here, would you mind updating the hack?

Untested, but I think the attached patch should constitute a translation of my earlier patch.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

18 Aug 18 Aug

9:30 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #9 from Fabian Maurer dark.shadow4@web.de ---

...

Untested, but I think the attached patch should constitute a translation of my earlier patch.

Unfortunately it doesn't work. Not too much of an issue though, waiting for a proper solution sounds good to me. Thanks for you err

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

9:30 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #10 from Fabian Maurer dark.shadow4@web.de --- your effort though.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

3 Sep 3 Sep

3:42 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Bernhard Übelacker bernhardu@mailbox.org changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu@mailbox.org

--- Comment #11 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 70599 --> https://bugs.winehq.org/attachment.cgi?id=70599 Another hack to get over the stack issue. And a fix to show bash output inside mintty.exe.

I still experienced crashes with the "updated hack". So I did some experiments and came up with another hack which does a few recursive function calls to get enough stack pages committed, to not have guard pages hit inside some shared library calls.

After getting over the stack issues, mintty.exe still shows nothing from the bash.exe process running inside. This is because mintty relies on NtQueryInformationFile(FilePipeLocalInformation) returning the real value for ReadDataAvailable.

With these three patches applied I had e.g. bash.exe, mintty.exe, ls.exe and script.exe working. gdb.exe (because of some python initialisation) and python3.8.exe did not work.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

3 Dec 3 Dec

8 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Bernhard Übelacker bernhardu@mailbox.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |52159

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

8:04 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Bernhard Übelacker bernhardu@mailbox.org changed:

--- Comment #12 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 71209 --> https://bugs.winehq.org/attachment.cgi?id=71209 hack adjusted to current git: Get stack committed before shared libraries get called which may jump over the guard page.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

8:06 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #13 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 71210 --> https://bugs.winehq.org/attachment.cgi?id=71210 hack adjusted to current git: Add read and write to commited guard pages.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

24 Jan 24 Jan

12:04 a.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #14 from Fabian Maurer dark.shadow4@web.de --- Still present as of wine-7.0. Not sure how far work on the conversion for freetype2 is though.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

29 Jun 29 Jun

5:37 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Joel Holdsworth joel@airwebreathe.org.uk changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |joel@airwebreathe.org.uk

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

18 Aug 18 Aug

3:58 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #15 from Joel Holdsworth joel@airwebreathe.org.uk --- Just retested on wine-7.15-104-g4a3c7e2758a.

ls.exe seems to work now since 35a59e07b923e42d9bb391b0fef7acd25a9eb9d7 (win32u: Use syscall interface for NtUserSystemParametersInfo.)

mintty still crashes.

---------------------- $ wine64 /path/to/usr/bin/mintty.exe 007c:fixme:hid:handle_IRP_MN_QUERY_ID Unhandled type 00000005 007c:fixme:hid:handle_IRP_MN_QUERY_ID Unhandled type 00000005 007c:fixme:hid:handle_IRP_MN_QUERY_ID Unhandled type 00000005 007c:fixme:hid:handle_IRP_MN_QUERY_ID Unhandled type 00000005 0024:fixme:ntdll:NtSetInformationToken unimplemented class 4 0024:fixme:security:GetWindowsAccountDomainSid (00000000FFFFC190 0000000000365148 00000000FFFFC18C): semi-stub 0024:fixme:netapi32:DsEnumerateDomainTrustsW ((null), 0x0023, 00000000FFFFC368, 00000000FFFFC354): stub 0114:fixme:wldap32:ldap_set_optionA Unsupported option: 0x95 0114:fixme:wldap32:ldap_set_optionA Unsupported option: 0x96 0024:fixme:netapi32:NetUserGetInfo Only implemented for local computer, but remote serverL"\\@" was requested. Cygwin WARNING: Couldn't compute FAST_CWD pointer. This typically occurs if you're using an older Cygwin version on a newer Windows. Please update to the latest available Cygwin version from https://cygwin.com/. If the problem persists, please see https://cygwin.com/problems.html

0024:fixme:netapi32:NetLocalGroupGetInfo ((null) L"Administrators" 1 00000000FFFFC3E0) semi-stub! 0024:fixme:netapi32:NetLocalGroupGetInfo ((null) L"Users" 1 00000000FFFFC3E0) semi-stub! Font not found, using system substitute: Lucida Console Font not found, using system substitute: Courier New 0024:fixme:system:EnableNonClientDpiScaling (000000000002005C): stub 0024:err:ole:com_get_class_object apartment not initialised 0024:fixme:dwmapi:DwmEnableBlurBehindWindow 000000000002005C 00000000FFFFC5B0 0024:fixme:dwmapi:DwmExtendFrameIntoClientArea (000000000002005C, 00000000FFFFC5C0) stub 0024:fixme:win:SetWindowCompositionAttribute (000000000002005C, 00000000FFFFC5C0): stub 0024:fixme:dwmapi:DwmEnableBlurBehindWindow 000000000002005C 00000000FFFFC0C0 0024:fixme:dwmapi:DwmExtendFrameIntoClientArea (000000000002005C, 00000000FFFFC0D0) stub 0024:fixme:win:SetWindowCompositionAttribute (000000000002005C, 00000000FFFFC0D0): stub 0024:fixme:imm:ImeSetActiveContext (0000000000010064, 1): stub 0024:fixme:imm:ImmReleaseContext (000000000002005C, 0000000000010064): stub 0024:fixme:sync:NtQueryDirectoryObject multiple entries not implemented 0 [main] mintty 1016 dofork: child 1017 - died waiting for dll loading, errno 11 011c:fixme:file:NtFsControlFile FSCTL_PIPE_IMPERSONATE: impersonating self 0098:fixme:imm:ImeSetActiveContext (0000000000010026, 0): stub 0098:fixme:imm:ImmReleaseContext (0000000000010020, 0000000000010026): stub [1] 1032870 segmentation fault wine64 /path/to/sf_msys64/usr/bin/mintty.exe ----------------------

It is affected by #40528 (FAST_CWD) and #52585 (NtQueryDirectoryObject), but these don't seem to be the cause of the issue.

However, with Bernhard Übelacker's hacks applied mintty launches successfully.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

4:26 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #16 from Joel Holdsworth joel@airwebreathe.org.uk --- Only Bernhard Übelacker's "Add read and write to commited guard pages." patch (https://bugs.winehq.org/attachment.cgi?id=71210&action=diff) now seems to be necessary to enable mintty to launch without crashing.

Can we get it submitted into the mainline?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

4:35 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #17 from Joel Holdsworth joel@airwebreathe.org.uk --- "Get stack committed before shared libraries get called which may jump over the guard page." (https://bugs.winehq.org/attachment.cgi?id=71209&action=diff) still seems to be necessary to get the installer to run correctly as per the method described here: https://bugs.winehq.org/show_bug.cgi?id=43193#c10

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

6:52 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Jacek Caban jacek@codeweavers.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |jacek@codeweavers.com

--- Comment #18 from Jacek Caban jacek@codeweavers.com --- We still bypass syscall dispatcher for a number of win32u functions, there is a chance that this branch fixes the remaining problem: https://gitlab.winehq.org/jacek/wine/-/tree/wow

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:34 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #19 from Joel Holdsworth joel@airwebreathe.org.uk --- Created attachment 72948 --> https://bugs.winehq.org/attachment.cgi?id=72948 On the jacek/wow branch, mintty launches without crashing but shows an error

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:35 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #20 from Joel Holdsworth joel@airwebreathe.org.uk --- Created attachment 72949 --> https://bugs.winehq.org/attachment.cgi?id=72949 With additional msys2-hacks-3 patches added to jakek/wow, mintty is up and running

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

7:45 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

--- Comment #21 from Joel Holdsworth joel@airwebreathe.org.uk --- Amazing! The jackek/wow branch seems to cause great improvements. Mintty now runs 1) without crashing at startup, 2) without getting stuck at a black screen, 3) displays an error message (see screenshot).

To go further we still need additional patches:

1. Bernhard Übelacker's "Add read and write to commited guard pages." patch (https://bugs.winehq.org/attachment.cgi?id=71210&action=diff) 2. Zeb Figura's patch from #52585: https://bugs.winehq.org/show_bug.cgi?id=52585 3. Jinoh Kang's fix for #52105: https://gitlab.winehq.org/wine/wine/-/merge_requests/498

All these things have been rebased together here: https://github.com/jhol/wine/commits/msys2-hacks-3

With all these patches applied, mintty seems to be working correctly!

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

19 Oct 19 Oct

9:35 a.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Bernhard Übelacker bernhardu@mailbox.org changed:

--- Comment #22 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 73319 --> https://bugs.winehq.org/attachment.cgi?id=73319 hack adjusted to current git: Get stack committed before shared libraries get called which may jump over the guard page.

I retested and this modification was not working, because it is called once for a stack in the area 0x310000, but later stack is switched to 0xffff0000, where the issue manifests again. Therefore adjusted it to get called on the switched stack too.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

30 May 30 May

12:03 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Jacek Caban jacek@codeweavers.com changed:

--- Comment #23 from Jacek Caban jacek@codeweavers.com --- Fixed in git.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

12:57 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

temp82@luukku.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |temp82@luukku.com

--- Comment #24 from temp82@luukku.com --- I think because the problem is well known it would be good to change this bug's title to get better changelog on next wine release. overflow is too generic bug description.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

9 Jun 9 Jun

9:54 p.m.

New subject: [Bug 47808] Cygwin's mintty.exe crashes with a stack overflow

https://bugs.winehq.org/show_bug.cgi?id=47808

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #25 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 8.10.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

664

Age (days ago)

2017

Last active (days ago)

wine-bugs@winehq.org

27 comments

1 participants

tags (0)

participants (1)

WineHQ Bugzilla