The codes after is_pointer(hmem) function, "if (hmem == NULL)" check is needed to avoid null-pointer dereferences. After struggling about 1 week, I found the C code "*p|=0", and if this p is NULL, NULL-pointer error will occur.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49155 Signed-off-by: Gen Otsuji otsugen0000@gmail.com --- dlls/kernelbase/memory.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/dlls/kernelbase/memory.c b/dlls/kernelbase/memory.c index 1efc3b6e82..5744193a74 100644 --- a/dlls/kernelbase/memory.c +++ b/dlls/kernelbase/memory.c @@ -641,6 +641,9 @@ HLOCAL WINAPI DECLSPEC_HOTPATCH LocalFree( HLOCAL hmem ) ret = 0; if (is_pointer(hmem)) /* POINTER */ { + if (hmem == NULL) + ret = NULL; + else if (!HeapFree( GetProcessHeap(), HEAP_NO_SERIALIZE, hmem )) { SetLastError( ERROR_INVALID_HANDLE ); @@ -690,6 +693,7 @@ LPVOID WINAPI DECLSPEC_HOTPATCH LocalLock( HLOCAL hmem )
if (is_pointer( hmem )) { + if (hmem == NULL) return NULL; __TRY { volatile char *p = hmem;
Hi,
Both LocalFree(NULL) and LocalLock(NULL) don't crash for me as far as I can tell. Could you add a test case that does crash without this patch? (tests could go to kernel32/tests/heap.c).
Hi, Thank you for your reply. My environment is FreeBSD amd64 12.1R And I just tried to prepare test environment, but many tests could not pass in my environment. many. So, my environment is not trustworthy.
I tried only heap.ok. cd dlls/kernel32/test env LANG=C gmake heap.ok > log.txt 2>&1 (log.txt attached) and debugger launched and backtrace.txt(attached) but at the head of backtrace.txt
couldn't load main module (2) Unhandled exception: stack overflow in 64-bit code (0x000000007b059535).
test wouldn't even launch. I give up now to go further.
So far, as this is an assumption, maybe compiler, by CFLAGS or something related with Optimization, erased the code "*p|=0" in memory.s ( you can get assembler code by compiling with CFLAGS+=--save-temps ) Even though the p is declared volatile, because this code does nothing,it's erased.(my assumption) but this should not happen. I think CFLAGS with -O0 will do(?)
Cheers Gen
Hi, After some investigation, I want to cancel this patch. this patch is harmful. null pointer dereference error should be catched in __EXCEPT_PAGE_FAULT block.
Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246426#c26 As Alex mentioned above url, the catch block __EXCEPT_PAGE_FAULT cannot catch PAGE_FAULT in wine on FreeBSD. FreeBSD's trapno and Linux's trapno is different.
Regards
Gen
Hi, I forgot to mention existence of patch. There is a patch of signal_x86_64.c, not mine, which is very nice for FreeBSD, and can be followed from above url.
P.S. s/catched/caught/
Regards Gen Otsuji
Hi, Sorry for inconvenience, this patch is very nice, and resolve this trapno difference, I think. the URL is, https://github.com/shkhln/freebsd-lib32-companion-ports/blob/1aff798add915fc... from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246426#c6
Cheers Gen Otsuji
-
Gen Otsuji -
Nikolay Sivov