[PATCH v2] ntdll: Avoid overwriting parameters with context in call_user_apc_dispatcher() on x86.
Fixes crash in 32 bit kernel32 file test. The crash is not always reproducible as the issue depends on stack layout.
Signed-off-by: Paul Gofman pgofman@codeweavers.com --- v2: - remove leftover debug changes.
dlls/ntdll/unix/signal_i386.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/dlls/ntdll/unix/signal_i386.c b/dlls/ntdll/unix/signal_i386.c index 4d8eeb2072c..58b79940773 100644 --- a/dlls/ntdll/unix/signal_i386.c +++ b/dlls/ntdll/unix/signal_i386.c @@ -1688,15 +1688,18 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "movl %esp,%ebx\n\t" "cmpl %esp,%esi\n\t" "cmovbl %esi,%esp\n\t" + "pushl 20(%ebx)\n\t" /* func */ + "pushl 16(%ebx)\n\t" /* arg2 */ + "pushl 12(%ebx)\n\t" /* arg1 */ + "movl 8(%ebx),%ebx\n\t" /* ctx */ "movl $0x00010007,(%esi)\n\t" /* context.ContextFlags = CONTEXT_FULL */ "pushl %esi\n\t" /* context */ "pushl $0xfffffffe\n\t" "call " __ASM_STDCALL("NtGetContextThread",8) "\n\t" "movl $0xc0,0xb0(%esi)\n" /* context.Eax = STATUS_USER_APC */ - "movl 20(%ebx),%eax\n\t" /* func */ - "movl 16(%ebx),%ecx\n\t" /* arg2 */ - "movl 12(%ebx),%edx\n\t" /* arg1 */ - "movl 8(%ebx),%ebx\n\t" /* ctx */ + "popl %edx\n\t" + "popl %ecx\n\t" + "popl %eax\n\t" "leal -20(%esi),%esp\n\t" "movl %eax,16(%esp)\n" /* func */ "2:\tmovl %ecx,12(%esp)\n\t" /* arg2 */
This fixes the 32 bit kernel32 file test for me too. I don't see a crash but one CPU being pegged at 100%.
bye michael
On 11/12/20 3:20 PM, Paul Gofman wrote:
Fixes crash in 32 bit kernel32 file test. The crash is not always reproducible as the issue depends on stack layout.
Signed-off-by: Paul Gofman pgofman@codeweavers.com
v2: - remove leftover debug changes.
dlls/ntdll/unix/signal_i386.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/dlls/ntdll/unix/signal_i386.c b/dlls/ntdll/unix/signal_i386.c index 4d8eeb2072c..58b79940773 100644 --- a/dlls/ntdll/unix/signal_i386.c +++ b/dlls/ntdll/unix/signal_i386.c @@ -1688,15 +1688,18 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "movl %esp,%ebx\n\t" "cmpl %esp,%esi\n\t" "cmovbl %esi,%esp\n\t"
"pushl 20(%ebx)\n\t" /* func */"pushl 16(%ebx)\n\t" /* arg2 */"pushl 12(%ebx)\n\t" /* arg1 */"movl 8(%ebx),%ebx\n\t" /* ctx */ "movl $0x00010007,(%esi)\n\t" /* context.ContextFlags = CONTEXT_FULL */ "pushl %esi\n\t" /* context */ "pushl $0xfffffffe\n\t" "call " __ASM_STDCALL("NtGetContextThread",8) "\n\t" "movl $0xc0,0xb0(%esi)\n" /* context.Eax = STATUS_USER_APC */
"movl 20(%ebx),%eax\n\t" /* func */"movl 16(%ebx),%ecx\n\t" /* arg2 */"movl 12(%ebx),%edx\n\t" /* arg1 */"movl 8(%ebx),%ebx\n\t" /* ctx */
"popl %edx\n\t""popl %ecx\n\t""popl %eax\n\t" "leal -20(%esi),%esp\n\t" "movl %eax,16(%esp)\n" /* func */ "2:\tmovl %ecx,12(%esp)\n\t" /* arg2 */
-
Michael Stefaniuc -
Paul Gofman