Bug 264785 - wine's crypt32 message tests crash under valgrind, because of a jump to NULL
Summary: wine's crypt32 message tests crash under valgrind, because of a jump to NULL
Status: REPORTED
Alias: None
Product: valgrind
Classification: Unclassified
Component: general (show other bugs)
Version: 3.7 SVN
Platform: Unlisted Binaries Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: Julian Seward
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-29 20:19 UTC by Austin English
Modified: 2011-08-16 20:08 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
full output for valgrinding that test (10.67 KB, text/plain)
2011-01-29 20:19 UTC, Austin English
Details
valgrind output (9.96 KB, text/plain)
2011-08-16 07:11 UTC, Austin English
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Austin English 2011-01-29 20:19:08 UTC
Created attachment 56631 [details]
full output for valgrinding that test

Version:           3.7 SVN
OS:                Linux

From the Wine crypt32 developer:
"This crash is a bug in valgrind:  it's a jump to NULL, which is
because we attempt to call a NULL function pointer.  This exception
should be caught by an exception handler in Wine, and reported as a
suppressable error, but it isn't when run under valgrind."

If more details are needed, please let me know and I'll ask Juan for more info :-).

Reproducible: Always

Steps to Reproduce:
# Get wine source code:
$ git clone git://source.winehq.org/git/wine.git
# compile
$ cd wine && ./configure && make
# run the test with valgrind:
$ ./wine winemine &
$ cd dlls/crypt32/tests
$ wget https://winezeug.googlecode.com/svn/trunk/valgrind/valgrind-suppressions
$ export VALGRIND_OPTS="-q --trace-children=yes --track-origins=yes --gen-suppressions=all --suppressions=valgrind-suppressions --leak-check=full --num-callers=20  --workaround-gcc296-bugs=yes --vex-iropt-precise-memory-exns=yes"
$ export WINETEST_TIMEOUT=600
$ export WINETEST_WRAPPER=valgrind
$ export WINE_HEAP_TAIL_REDZONE=32
$ make msk.ok

Actual Results:  
The tests crashes:
Unhandled exception: illegal instruction in 32-bit code (0x00000000).
Register dump:
 CS:0073 SS:007b DS:007b ES:0000 FS:000b GS:0013
 EIP:00000000 ESP:7f22facc EBP:7f22fbf8 EFLAGS:00000000(   - --      - - - )
 EAX:00000000 EBX:04865ad0 ECX:00000011 EDX:7f00c798
 ESI:00000000 EDI:00000000
Stack dump:
0x7f22facc:  04832eaa 00000000 7f00c798 00000011
0x7f22fadc:  00000000 00000000 7bca8b70 7f22fb68
0x7f22faec:  7bc4bb14 7f000060 00000034 0000000c
0x7f22fafc:  7f22fef8 048573f7 7f01b000 04865ad0
0x7f22fb0c:  80070057 00000000 7f22fbf8 25a1a7f4
0x7f22fb1c:  6634f503 00000000 00000000 00000000
Backtrace:
=>0 0x00000000 (0x7f22fbf8)
  1 0x0483a9fa CryptMsgUpdate+0x9f(hCryptMsg=0x7f00c750, pbData="", cbData=0x4, fFinal=0) [/home/austin/wine-git/dlls/crypt32/msg.c:3596] in crypt32 (0x7f22fc38)
  2 0x0483a9fa CryptMsgUpdate+0x9f(hCryptMsg=0x7f00c750, pbData="", cbData=0x4, fFinal=0) [/home/austin/wine-git/dlls/crypt32/msg.c:3596] in crypt32 (0x7f22fce8)
  3 0x04791c62 test_data_msg_update+0x5e5() [/home/austin/wine-git/dlls/crypt32/tests/msg.c:445] in crypt32_test (0x7f22fcf8)
  4 0x04792ce6 test_data_msg+0xf() [/home/austin/wine-git/dlls/crypt32/tests/msg.c:704] in crypt32_test (0x7f22fd18)
  5 0x047a1aaf func_msg+0xc5() [/home/austin/wine-git/dlls/crypt32/tests/msg.c:3757] in crypt32_test (0x7f22fd78)
  6 0x047b658b run_test+0x9e(name="msg.c") [/home/austin/wine-git/dlls/crypt32/tests/../../../include/wine/test.h:556] in crypt32_test (0x7f22fe28)
  7 0x047b697d main+0x217(argc=<couldn't compute location>, argv=<couldn't compute location>) [/home/austin/wine-git/dlls/crypt32/tests/../../../include/wine/test.h:624] in crypt32_test (0x7f22fe60)
  8 0x047b69fa __wine_spec_exe_entry+0x69(peb=0x7ffdf000) [/home/austin/wine-git/dlls/winecrt0/exe_entry.c:36] in crypt32_test (0x7f22fe78)
  9 0x7b85dbcc call_process_entry+0xb() in kernel32 (0x7f22fec8)
  10 0x7b85dd12 start_process+0x143(peb=0x7ffdf000) [/home/austin/wine-git/dlls/kernel32/process.c:1086] in kernel32 (0x7f22fed8)
  11 0x7bc7c13c call_thread_func+0xb() in ntdll (0x7f22ffb8)
  12 0x7bc7c17a call_thread_entry_point+0x33(entry=0x7b85dbce, arg=0x7ffdf000) [/home/austin/wine-git/dlls/ntdll/signal_i386.c:2475] in ntdll (0x7f22ffe8)
  13 0x7bc54208 start_process+0x2f(kernel_start=0x7b85dbce) [/home/austin/wine-git/dlls/ntdll/loader.c:2606] in ntdll (0x00000000)

Expected Results:  
Wine should handle the exception and a valgrind warning should be produced for the wine code, with a sample suppression listed.

svn revision: 11510 (can easily update, if needed)
Comment 1 Tom Hughes 2011-08-15 11:05:37 UTC
So what exception was wine expecting to see? It looks like we gave it SIGILL which seems reasonable if the instruction at address zero wasn't valid.

It would also help if you showed us the valgrind output so we could say what valgrind said about what it was doing at that point.
Comment 2 Austin English 2011-08-16 07:09:45 UTC
(In reply to comment #1)
> It would also help if you showed us the valgrind output so we could say what
> valgrind said about what it was doing at that point.

It was attached (https://bugs.kde.org/attachment.cgi?id=56631). I'm attaching the output of current svn (r11914).

There's a valgrind assertion failure though, that's bug 275673.
Comment 3 Austin English 2011-08-16 07:11:05 UTC
Created attachment 62862 [details]
valgrind output
Comment 4 Tom Hughes 2011-08-16 07:28:01 UTC
So that mostly looks fine - we are throwing wine a SIGILL at address zero.

If that isn't what wine is expecting then what sort of exception does it want?
Comment 5 Austin English 2011-08-16 20:08:29 UTC
(In reply to comment #4)
> So that mostly looks fine - we are throwing wine a SIGILL at address zero.
> 
> If that isn't what wine is expecting then what sort of exception does it want?

[12:55] <jhgf2> austin_laptop: short answere is sigsegv
[12:57] <jhgf2> austin_laptop: long answere is more complicated
[12:57] <jhgf2> austin_laptop: most likely, you will at least need to set the correct trap code (no idea how to do this)
[12:59] <jhgf2> austin_laptop: actually, looking at the code, sigill should also do the trick, as long as the trap code is correct
[13:02] <jhgf2> austin_laptop: take a look here: http://source.winehq.org/source/dlls/ntdll/signal_i386.c#L1854 (for valgrind)