[PATCH v3 0/1] MR8944: winedbg: Reserve more memory for symbol value. (ASan).

10 Sep 2025


      This is a first attempt to reserve more than the sizeof(DWORD).
As far as I see the size in memory_read_value originates from a call to types_get_info(TI_GET_LENGTH).
Therefore trying here to use a similar call to get the size for memory reservation.
And if that fails, falling back to at least sizeof(void*).
CC: @epo
<details>
<summary>ASan output from `wine winedbg.exe arp.exe`</summary>
```
$ export ASAN_OPTIONS="halt_on_error=0:allocator_may_return_null=1:strict_memcmp=0:windows_hook_rtl_allocators=1"
$ wine winedbg.exe arp.exe
WineDbg starting on pid 0144
013c:0140:fixme:dbghelp:elf_search_auxv can't find symbol in module
013c:0140:fixme:dbghelp:elf_search_auxv can't find symbol in module
013c:0140:fixme:dbghelp_dwarf:compute_location Only supporting one breg (r15/343 -> r12/340)
013c:0140:fixme:dbghelp_dwarf:dwarf2_fill_in_variant Unexpected base type bt=8 for form=f
013c:0140:fixme:dbghelp_dwarf:dwarf2_parse_variable Unsupported form for const value "pi" (f)
013c:0140:err:dbghelp_msc:codeview_process_info Unknown CODEVIEW signature 00000000 in module L"ntdll"
0x006fffffdc0569 ntdll+0x50569: retq
Wine-dbg>bt
Backtrace:
=>0 0x006fffffdc0569 in ntdll (+0x50569) (0x007ffffe1ffa70)
013c:0140:fixme:dbghelp_dwarf:compute_location Unhandled attr op: 0
  1 0x006fffffd9e1c0 loader_init+0x600(context=<is not available>, entry=<is not available>) [.../wine/dlls/ntdll/loader.c:0] in ntdll (0x007ffffe1ffa70)
=================================================================
==316==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7eea4db09d15 at pc 0x6ffffe85a58b bp 0x7ffffe1fa020 sp 0x7ffffe1fa068
READ of size 8 at 0x7eea4db09d15 thread T0
    #0 0x6ffffe85a58a in __asan_memcpy /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt\lib/asan/asan_interceptors_memintrinsics.cpp:63:3
    #1 0x00014002c4c2 in memory_read_value .../wine/programs/winedbg/memory.c:107:13
    #2 0x00014002e48a in memory_fetch_integer .../wine/programs/winedbg/memory.c:314:14
    #3 0x00014002ff00 in print_typed_basic .../wine/programs/winedbg/memory.c
    #4 0x00014002f52d in print_basic .../wine/programs/winedbg/memory.c:687:10
    #5 0x00014004b4df in print_value .../wine/programs/winedbg/types.c:499:9
    #6 0x000140039452 in symbol_print_localvalue .../wine/programs/winedbg/symbol.c:707:9
    #7 0x000140036832 in sym_enum_cb .../wine/programs/winedbg/stack.c:254:9
    #8 0x6ffffac1baee in send_symbol .../wine/dlls/dbghelp/symbol.c:892:13
    #9 0x6ffffac1b760 in symt_enum_locals_helper .../wine/dlls/dbghelp/symbol.c:1194:21
    #10 0x6ffffac1b08f in symt_enum_locals .../wine/dlls/dbghelp/symbol.c:1227:16
    #11 0x6ffffac1abd8 in sym_enum .../wine/dlls/dbghelp/symbol.c:1353:20
    #12 0x6ffffac0f529 in doSymEnumSymbols .../wine/dlls/dbghelp/symbol.c:1419:12
    #13 0x6ffffac0f360 in SymEnumSymbols .../wine/dlls/dbghelp/symbol.c:1450:11
    #14 0x000140036507 in stack_print_addr_and_args .../wine/programs/winedbg/stack.c:290:9
    #15 0x00014003584d in backtrace .../wine/programs/winedbg/stack.c:319:9
    #16 0x000140034fc7 in stack_backtrace .../wine/programs/winedbg/stack.c:450:9
    #17 0x0001400550a7 in dbg_parse .../wine/programs/winedbg/dbg.y
    #18 0x00014005766c in parser_handle .../wine/programs/winedbg/dbg.y:625:4
    #19 0x000140050eff in dbg_start_interactive .../wine/programs/winedbg/winedbg.c:644:5
    #20 0x0001400516b1 in main .../wine/programs/winedbg/winedbg.c:800:5
    #21 0x0001400ed22c in mainCRTStartup .../wine/dlls/msvcrt/crt_main.c:62:11
    #22 0x6fffffc377e0 in BaseThreadInitThunk .../wine/dlls/kernel32/thread.c:61:24
    #23 0x6fffffdc0532 in RtlUserThreadStart (C:\windows\system32\ntdll.dll+0x170050532)
0x7eea4db09d15 is located 0 bytes after 5-byte region [0x7eea4db09d10,0x7eea4db09d15)
allocated by thread T0 here:
    #0 0x6ffffe85bc41 in malloc /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt\lib/asan/asan_malloc_win.cpp:80:3
    #1 0x000140057c67 in lexeme_alloc_size .../wine/programs/winedbg/debug.l:48:43
    #2 0x0001400398b8 in fill_sym_lvalue .../wine/programs/winedbg/symbol.c:157:34
    #3 0x000140039436 in symbol_print_localvalue .../wine/programs/winedbg/symbol.c:705:9
    #4 0x000140036832 in sym_enum_cb .../wine/programs/winedbg/stack.c:254:9
    #5 0x6ffffac1baee in send_symbol .../wine/dlls/dbghelp/symbol.c:892:13
    #6 0x6ffffac1b760 in symt_enum_locals_helper .../wine/dlls/dbghelp/symbol.c:1194:21
    #7 0x6ffffac1b08f in symt_enum_locals .../wine/dlls/dbghelp/symbol.c:1227:16
    #8 0x6ffffac1abd8 in sym_enum .../wine/dlls/dbghelp/symbol.c:1353:20
    #9 0x6ffffac0f529 in doSymEnumSymbols .../wine/dlls/dbghelp/symbol.c:1419:12
    #10 0x6ffffac0f360 in SymEnumSymbols .../wine/dlls/dbghelp/symbol.c:1450:11
    #11 0x000140036507 in stack_print_addr_and_args .../wine/programs/winedbg/stack.c:290:9
    #12 0x00014003584d in backtrace .../wine/programs/winedbg/stack.c:319:9
    #13 0x000140034fc7 in stack_backtrace .../wine/programs/winedbg/stack.c:450:9
    #14 0x0001400550a7 in dbg_parse .../wine/programs/winedbg/dbg.y
    #15 0x00014005766c in parser_handle .../wine/programs/winedbg/dbg.y:625:4
    #16 0x000140050eff in dbg_start_interactive .../wine/programs/winedbg/winedbg.c:644:5
    #17 0x0001400516b1 in main .../wine/programs/winedbg/winedbg.c:800:5
    #18 0x0001400ed22c in mainCRTStartup .../wine/dlls/msvcrt/crt_main.c:62:11
    #19 0x6fffffc377e0 in BaseThreadInitThunk .../wine/dlls/kernel32/thread.c:61:24
    #20 0x6fffffdc0532 in RtlUserThreadStart (C:\windows\system32\ntdll.dll+0x170050532)
SUMMARY: AddressSanitizer: heap-buffer-overflow .../wine/programs/winedbg/memory.c:107:13 in memory_read_value
Shadow bytes around the buggy address:
  0x7eea4db09a80: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
  0x7eea4db09b00: fa fa fd fa fa fa 00 00 fa fa fd fa fa fa 00 00
  0x7eea4db09b80: fa fa 00 fa fa fa 00 00 fa fa fd fa fa fa fd fd
  0x7eea4db09c00: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
  0x7eea4db09c80: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd
=>0x7eea4db09d00: fa fa[05]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7eea4db09d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7eea4db09e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7eea4db09e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7eea4db09f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7eea4db09f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
013c:0140:fixme:dbghelp_dwarf:compute_location Unhandled attr op: 5
  2 0x006fffffdc18dc LdrInitializeThunk+0x1c(context=<internal error>, unk2=0xbe00000000, unk3=<internal error>, unk4=<internal error>) in ntdll (0x007ffffe1ffae0)
Wine-dbg>```
</details>
--
  v3: winedbg: Reserve more memory for symbol value. (ASan).
https://gitlab.winehq.org/wine/wine/-/merge_requests/8944

2025

2024

2023

2022

[PATCH v3 0/1] MR8944: winedbg: Reserve more memory for symbol value. (ASan).