Bug 380119

Summary: Kbanking plugin crashes on opening aqbanking settings
Product: [Applications] kmymoney Reporter: Ralf Habacker <ralf.habacker>
Component: onlinebankingAssignee: KMyMoney Devel Mailing List <kmymoney-devel>
Status: RESOLVED FIXED    
Severity: major    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed In: 4.8.1
Sentry Crash Report:
Bug Depends on:    
Bug Blocks: 380075    

Description Ralf Habacker 2017-05-23 13:01:07 UTC
KMymoney for Windows for the coming 4.8.1 (git commit d29f4a2) crashes on opening the aqbanking settings.
Comment 1 Ralf Habacker 2017-05-23 13:16:35 UTC
For the record:

The crash happens on returning from  GWEN_Gui_ReadDialogPrefs. 

GWEN_Gui_ReadDialogPrefs:
   0x62d944d0 <+0>:     mov    0x62dbb1bc,%eax
   0x62d944d5 <+5>:     test   %eax,%eax
   0x62d944d7 <+7>:     je     0x62d94510 <GWEN_Gui_ReadDialogPrefs+64>
   0x62d944d9 <+9>:     mov    0x54(%eax),%edx
   0x62d944dc <+12>:    test   %edx,%edx
   0x62d944de <+14>:    je     0x62d94510 <GWEN_Gui_ReadDialogPrefs+64>
   0x62d944e0 <+16>:    sub    $0x1c,%esp
   0x62d944e3 <+19>:    mov    0x28(%esp),%ecx
   0x62d944e7 <+23>:    mov    %eax,(%esp)
   0x62d944ea <+26>:    mov    %ecx,0xc(%esp)
   0x62d944ee <+30>:    mov    0x24(%esp),%ecx
   0x62d944f2 <+34>:    mov    %ecx,0x8(%esp)
   0x62d944f6 <+38>:    mov    0x20(%esp),%ecx
   0x62d944fa <+42>:    mov    %ecx,0x4(%esp)
   0x62d944fe <+46>:    call   *%edx      --> calls AB_Gui_ReadDialogPrefs
   0x62d94500 <+48>:    sub    $0x10,%esp --> clean up stack of called function indicates stdcall
   0x62d94503 <+51>:    add    $0x1c,%esp
   0x62d94506 <+54>:    ret               --> crash happens here
   0x62d94507 <+55>:    mov    %esi,%esi
   0x62d94509 <+57>:    lea    0x0(%edi,%eiz,1),%edi
   0x62d94510 <+64>:    mov    $0xffffffbd,%eax
   0x62d94515 <+69>:    ret

It turned out that the call back functions in gwenhywfar were declared with stdcall (calling function cleans up the stack) while aqbanking is compiled with cdecl (stack is cleaned up inside the called function). Therefore on  returning from GWEN_Gui_ReadDialogPrefs the stack pointer points to a wrong address.

The fix is to remove stdcall from the call back function with the following patch applied to the gwenhywfar package at https://build.opensuse.org/package/show/home:rhabacker:branches:windows:mingw:win32:kmymoney/mingw32-gwenhywfar

--- a/src/gwenhywfarapi.h	2017-05-23 07:38:51.911107998 +0000
+++ b/src/gwenhywfarapi.h	2017-05-23 07:38:57.319127655 +0000
@@ -84,7 +84,7 @@
 #endif
 
 #if GWENHYWFAR_SYS_IS_WINDOWS
-# define GWENHYWFAR_CB __stdcall
+# define GWENHYWFAR_CB
 #else
 # define GWENHYWFAR_CB
 #endif

A recompile with the patch applied indeed shows that the call to "sub    $0x10,%es" has been removed.

Dump of assembler code for function GWEN_Gui_ReadDialogPrefs:
   0x62d943a0 <+0>:     mov    0x62dbb1bc,%eax
   0x62d943a5 <+5>:     test   %eax,%eax
   0x62d943a7 <+7>:     je     0x62d943d4 <GWEN_Gui_ReadDialogPrefs+52>
   0x62d943a9 <+9>:     mov    0x54(%eax),%edx
   0x62d943ac <+12>:    test   %edx,%edx
   0x62d943ae <+14>:    je     0x62d943d4 <GWEN_Gui_ReadDialogPrefs+52>
   0x62d943b0 <+16>:    sub    $0x1c,%esp
   0x62d943b3 <+19>:    mov    0x28(%esp),%ecx
   0x62d943b7 <+23>:    mov    %eax,(%esp)
   0x62d943ba <+26>:    mov    %ecx,0xc(%esp)
   0x62d943be <+30>:    mov    0x24(%esp),%ecx
   0x62d943c2 <+34>:    mov    %ecx,0x8(%esp)
   0x62d943c6 <+38>:    mov    0x20(%esp),%ecx
   0x62d943ca <+42>:    mov    %ecx,0x4(%esp)
   0x62d943ce <+46>:    call   *%edx
   0x62d943d0 <+48>:    add    $0x1c,%esp
   0x62d943d3 <+51>:    ret
   0x62d943d4 <+52>:    mov    $0xffffffbd,%eax
   0x62d943d9 <+57>:    ret
Comment 2 Ralf Habacker 2017-06-27 20:19:41 UTC
in May 2017 the problem has been reported to the aqbanking project by a private mail from Thomas Baungart to Martin Preuss, who confirmed that probably some GWENHYWFAR_CB are missing. After that has been fixed the patch mentioned in this bug could be removed from mingw32|64 gwenhywfar package.

BTW: As long as no 3rdparty compiled gwengywfar plugin binaries are bundled with aqbanking compiled for kmymoney on Windows there is no problem.