Module: wine Branch: master Commit: 0cf3d78167cef061aa8d187ea051a1402bdf45fa URL: http://source.winehq.org/git/wine.git/?a=commit;h=0cf3d78167cef061aa8d187ea0...
Author: Sebastian Lackner sebastian@fds-team.de Date: Wed Oct 8 21:11:55 2014 +0200
ntdll: Avoid recursive exception handler calls when handling guard pages.
The ATL check leads to problems when a page is protected with guard page protection. raise_segv_exception is called with EXCEPTION_EXECUTE_FAULT. The ATL check tries to read the memory, and triggers another exception handler. This time the virtual_handle_fault check is executed, and removes the guard page protection. Afterwards, when the ATL check returns, the exception is _not_ catched by virtual_handle_fault, but instead passed to the application.
---
dlls/kernel32/tests/virtual.c | 2 -- dlls/ntdll/signal_i386.c | 10 ++++++---- 2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/dlls/kernel32/tests/virtual.c b/dlls/kernel32/tests/virtual.c index 501934d..4d8277d 100644 --- a/dlls/kernel32/tests/virtual.c +++ b/dlls/kernel32/tests/virtual.c @@ -1818,7 +1818,6 @@ static DWORD execute_fault_seh_handler( EXCEPTION_RECORD *rec, EXCEPTION_REGISTR if (rec->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) {
- todo_wine ok( rec->ExceptionInformation[0] == EXCEPTION_EXECUTE_FAULT || broken(!(flags & MEM_EXECUTE_OPTION_DISABLE) && rec->ExceptionInformation[0] == EXCEPTION_READ_FAULT), /* Windows 2000 */ "ExceptionInformation[0] is %d instead of %d\n", (DWORD)rec->ExceptionInformation[0], EXCEPTION_EXECUTE_FAULT ); @@ -1971,7 +1970,6 @@ static void test_atl_thunk_emulation( ULONG dep_flags ) if (dep_flags & MEM_EXECUTE_OPTION_DISABLE) ok( num_execute_fault_calls == 1, "expected one STATUS_ACCESS_VIOLATION exception, got %d exceptions\n", num_execute_fault_calls ); else - todo_wine ok( num_execute_fault_calls == 0, "expected no STATUS_ACCESS_VIOLATION exception, got %d exceptions\n", num_execute_fault_calls );
ret = send_message_excpt( hWnd, WM_USER, 0, 0 ); diff --git a/dlls/ntdll/signal_i386.c b/dlls/ntdll/signal_i386.c index 12aa5a4..b9b45a8 100644 --- a/dlls/ntdll/signal_i386.c +++ b/dlls/ntdll/signal_i386.c @@ -1821,17 +1821,19 @@ static void WINAPI raise_segv_exception( EXCEPTION_RECORD *rec, CONTEXT *context case EXCEPTION_ACCESS_VIOLATION: if (rec->NumberParameters == 2) { - if (rec->ExceptionInformation[0] == EXCEPTION_EXECUTE_FAULT && check_atl_thunk( rec, context )) - goto done; if (rec->ExceptionInformation[1] == 0xffffffff && check_invalid_gs( context )) goto done; if (!(rec->ExceptionCode = virtual_handle_fault( (void *)rec->ExceptionInformation[1], rec->ExceptionInformation[0] ))) goto done; - /* send EXCEPTION_EXECUTE_FAULT only if data execution prevention is enabled */ - if (rec->ExceptionInformation[0] == EXCEPTION_EXECUTE_FAULT) + if (rec->ExceptionCode == EXCEPTION_ACCESS_VIOLATION && + rec->ExceptionInformation[0] == EXCEPTION_EXECUTE_FAULT) { ULONG flags; + if (check_atl_thunk( rec, context )) + goto done; + + /* send EXCEPTION_EXECUTE_FAULT only if data execution prevention is enabled */ NtQueryInformationProcess( GetCurrentProcess(), ProcessExecuteFlags, &flags, sizeof(flags), NULL ); if (!(flags & MEM_EXECUTE_OPTION_DISABLE))