WineHQ
Bug Tracking Database – Bug 35021

 Bugzilla

 

Last modified: 2014-01-10 14:46:19 UTC  

League of Legends installer page faults in custom action during stackwalk (SymFromAddr with NULL displacement ptr)

First Last Prev Next    This bug is not in your last search results.
Bug 35021 - League of Legends installer page faults in custom action during stackwalk (SymFromAddr with NULL displacement ptr)
League of Legends installer page faults in custom action during stackwalk (Sy...
Status: CLOSED FIXED
AppDB: Show Apps affected by this bug
Product: Wine
Classification: Unclassified
Component: dbghelp
1.7.7
x86 Linux
: P2 normal
: ---
Assigned To: Mr. Bugs
http://signup.leagueoflegends.com/en/...
: download, Installer
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-11-30 05:20 UTC by Anastasius Focht
Modified: 2014-01-10 14:46 UTC (History)
0 users

See Also:
Regression SHA1:
Fixed by SHA1: 89832cde4eb2e8d2dc9570cf4840fcaff19b8429
Distribution: ---
Staged patchset:

Attachments
Add an attachment (back traces, logs, proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anastasius Focht 2013-11-30 05:20:32 UTC 
Hello folks,

I already mentioned this in bug 35011 ... not a big thing but it deserves it's own bug.

The context capture/stack walk in custom action is done on purpose.

--- snip ---
003b:trace:msi:ACTION_CallDllFunction calling L"OnAiRemoveFilesUndoable" 
...
003b:Call dbghelp.SymGetModuleBase(ffffffff,7d4fd3f7) ret=7e458574
003b:Ret  dbghelp.SymGetModuleBase() retval=7d4d0000 ret=7e458574
003b:Call dbghelp.SymFunctionTableAccess(ffffffff,7d4fd3f7) ret=7e458515
003b:Ret  dbghelp.SymFunctionTableAccess() retval=00000000 ret=7e458515
003b:Ret  dbghelp.StackWalk() retval=00000001 ret=003b337f
003b:Call ntdll.RtlAllocateHeap(00bb0000,00000000,00000020) ret=003c8570
003b:Ret  ntdll.RtlAllocateHeap() retval=00bb41d0 ret=003c8570
003b:Call dbghelp.SymFromAddr(ffffffff,7d4fd3f7,00000000,00000000,00bb39a0)
ret=003b3844
003b:Call ntdll.RtlReAllocateHeap(00110000,00000000,01300030,0000ad88)
ret=7e45be05
003b:Ret  ntdll.RtlReAllocateHeap() retval=01300030 ret=7e45be05
003b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7e45d158
ip=7e45d158 tid=003b
003b:trace:seh:raise_exception  info[0]=00000001
003b:trace:seh:raise_exception  info[1]=00000000
003b:trace:seh:raise_exception  eax=0000000b ebx=00000000 ecx=00000000
edx=00000000 esi=7d4fd3ec edi=00000000
003b:trace:seh:raise_exception  ebp=00ebca58 esp=00ebca20 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
003b:trace:seh:call_stack_handlers calling handler at 0x3d840d code=c0000005
flags=0 
...
003b:trace:seh:__regs_RtlUnwind handler at 0x3da946 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x3cb818 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x3cb818 returned 1
003b:trace:seh:__regs_RtlUnwind calling handler at 0x7bc81a26 code=c0000005
flags=2
003b:trace:seh:__regs_RtlUnwind handler at 0x7bc81a26 returned 3
003b:Ret  ntdll.RtlUnwind() retval=00000000 ret=7d566735
003b:  eax=00000000 ebx=7d5c7000 ecx=00eba318 edx=00eba318 esi=00ebe8d0
edi=7d56674a ebp=00eb9e08 esp=00eb9dd8 ds=002b es=002b fs=0063 gs=006b
flags=00200216
003b:err:msi:ACTION_CallDllFunction Custom action
(L"C:\\users\\focht\\Temp\\msi5823.tmp":L"OnAiRemoveFilesUndoable") caused a
page fault: c0000005
003b:trace:msi:MsiCloseHandle 6
003b:trace:msi:MsiCloseHandle handle 6 destroyed
003b:Call KERNEL32.FreeLibrary(00390000) ret=7d4fd812
003b:Ret  KERNEL32.FreeLibrary() retval=00000001 ret=7d4fd812
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:MsiCloseHandle handle 5 destroyed
003b:Call ntdll.RtlFreeHeap(00110000,00000000,00914c28) ret=7d532a5a
003b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7d532a5a
003b:Call oleaut32.SysFreeString(00914e24
L"C:\\users\\focht\\Temp\\msi5823.tmp") ret=7d4fd83c
003b:Ret  oleaut32.SysFreeString() retval=00000000 ret=7d4fd83c
003b:Call oleaut32.SysFreeString(0090404c L"OnAiRemoveFilesUndoable")
ret=7d4fd84a
003b:Ret  oleaut32.SysFreeString() retval=00000000 ret=7d4fd84a
003b:trace:msi:MsiCloseHandle 5
003b:trace:msi:DllThread custom action (3b) returned 0
003b:trace:msi:MsiCloseAllHandles  
--- snip ---

Wine unconditionally writes to the optional out parameter 'Displacement' in
SymFromAddr() for which the caller passes NULL, causing a page fault.

MSDN says:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms681323%28v=vs.85%29.aspx

--- quote ---
Displacement [out, optional]

    The displacement from the beginning of the symbol, or zero.
--- quote --- 

Source: http://source.winehq.org/git/wine.git/blob/836b682ed3bff439f1264bc9cee4ecce6ca88bb2:/dlls/dbghelp/symbol.c#l1219

(fault caused in line 1232)

--- snip ---
1219 BOOL WINAPI SymFromAddr(HANDLE hProcess, DWORD64 Address,
1220                         DWORD64* Displacement, PSYMBOL_INFO Symbol)
1221 {
1222     struct module_pair pair;
1223     struct symt_ht* sym;
1224
1225     pair.pcs = process_find_by_handle(hProcess);
1226     if (!pair.pcs) return FALSE;
1227     pair.requested = module_find_by_addr(pair.pcs, Address, DMT_UNKNOWN);
1228     if (!module_get_debug(&pair)) return FALSE;
1229     if ((sym = symt_find_nearest(pair.effective, Address)) == NULL) return FALSE;
1230
1231     symt_fill_sym_info(&pair, NULL, &sym->symt, Symbol);
1232     *Displacement = Address - Symbol->Address;
1233     return TRUE;
1234 }
--- snip ---

Regards
Comment 1 Anastasius Focht 2013-11-30 05:21:50 UTC 
Hello folks,

filling fields ...

$ sha1sum LeagueofLegends_EUW_Installer_06_12_13.exe 
2c3cd9431281086632005ca573807647df983ba9  LeagueofLegends_EUW_Installer_06_12_13.exe

$ du -sh LeagueofLegends_EUW_Installer_06_12_13.exe 
34M	LeagueofLegends_EUW_Installer_06_12_13.exe

$ wine --version
wine-1.7.7-208-g2b92a27

Regards
Comment 2 Anastasius Focht 2013-12-02 14:43:38 UTC 
Hello folks,

this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/89832cde4eb2e8d2dc9570cf4840fcaff19b8429

Thanks Stefan

Regards
Comment 3 Alexandre Julliard 2013-12-06 13:44:26 UTC 
Closing bugs fixed in 1.7.8.
Comment 4 Alexandre Julliard 2014-01-10 14:46:19 UTC 
Removing 1.6.x milestone from bugs included in 1.6.2.
First Last Prev Next    This bug is not in your last search results.

Privacy Policy
If you have a privacy inquiry regarding this site, please write to [email protected]

Hosted By CodeWeavers