diff --git a/README.md b/README.md index b5654411..4c4d4153 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Wine. All those differences are also documented on the Included bug fixes and improvements =================================== -**Bugfixes and features included in the next upcoming release [7]:** +**Bugfixes and features included in the next upcoming release [8]:** * Add stub for ntoskrnl.ExAcquireResourceExclusiveLite * Add stub for ntoskrnl.ExDeleteResourceLite @@ -46,6 +46,7 @@ Included bug fixes and improvements * Avoid race-conditions in NtReadFile() operations with write watches. * Avoid race-conditions with write watches in WS2_async_accept. * Basic handling of write watches triggered while we're on the signal stack. +* Do not access stack below ESP when restoring thread context. * Implement D3DXGetShaderOutputSemantics diff --git a/debian/changelog b/debian/changelog index 01c0e965..f4f1adbf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,7 @@ wine-staging (1.7.37) UNRELEASED; urgency=low * Added patch to add stub for ntoskrnl.ExAcquireResourceExclusiveLite. * Added patch to add stub for ntoskrnl.ExReleaseResourceForThread. * Added patch to add stub for ntoskrnl.ExDeleteResourceLite. + * Added patch to avoid accessing stack below ESP when restoring thread context. * Removed patches for UTF7 support (accepted upstream). * Removed patches for SIO_ADDRESS_LIST_CHANGE ioctl (accepted upstream). -- Sebastian Lackner Sun, 08 Feb 2015 20:29:38 +0100 diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 94e95da4..518e938b 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -182,6 +182,7 @@ patch_enable_all () enable_wine_inf_Performance="$1" enable_wineboot_HKEY_DYN_DATA="$1" enable_winebuild_LinkerVersion="$1" + enable_winebuild_Restore_Context="$1" enable_winecfg_Libraries="$1" enable_winecfg_Staging="$1" enable_wined3d_CSMT_Helper="$1" @@ -573,6 +574,9 @@ patch_enable () winebuild-LinkerVersion) enable_winebuild_LinkerVersion="$2" ;; + winebuild-Restore_Context) + enable_winebuild_Restore_Context="$2" + ;; winecfg-Libraries) enable_winecfg_Libraries="$2" ;; @@ -3146,6 +3150,18 @@ if test "$enable_winebuild_LinkerVersion" -eq 1; then ) >> "$patchlist" fi +# Patchset winebuild-Restore_Context +# | +# | Modified files: +# | * tools/winebuild/relay.c +# | +if test "$enable_winebuild_Restore_Context" -eq 1; then + patch_apply winebuild-Restore_Context/0001-winebuild-Do-not-access-memory-below-ESP-when-restor.patch + ( + echo '+ { "Sebastian Lackner", "winebuild: Do not access memory below ESP when restoring thread contexts.", 1 },'; + ) >> "$patchlist" +fi + # Patchset winecfg-Libraries # | # | This patchset fixes the following Wine bugs: diff --git a/patches/winebuild-Restore_Context/0001-winebuild-Do-not-access-memory-below-ESP-when-restor.patch b/patches/winebuild-Restore_Context/0001-winebuild-Do-not-access-memory-below-ESP-when-restor.patch new file mode 100644 index 00000000..754882a3 --- /dev/null +++ b/patches/winebuild-Restore_Context/0001-winebuild-Do-not-access-memory-below-ESP-when-restor.patch @@ -0,0 +1,83 @@ +From 2c9e4af027218dd83ee68bed4ff5ab277ce8948a Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Thu, 12 Feb 2015 11:09:34 +0100 +Subject: winebuild: Do not access memory below ESP when restoring thread + contexts. + +Based on a patch by John Reiser. +--- + tools/winebuild/relay.c | 49 +++++++++++++++++++++++++++++++++---------------- + 1 file changed, 33 insertions(+), 16 deletions(-) + +diff --git a/tools/winebuild/relay.c b/tools/winebuild/relay.c +index cc7dd37..aa7158e 100644 +--- a/tools/winebuild/relay.c ++++ b/tools/winebuild/relay.c +@@ -852,31 +852,48 @@ static void build_call_from_regs_x86(void) + + /* Restore the context structure */ + +- output( "2:\tpushl 0x94(%%ecx)\n"); /* SegEs */ ++ output( "2:\n" ); ++ ++ /* As soon as we have switched stacks the context structure could ++ * be invalid (when signal handlers are executed for example). Copy ++ * values on the target stack before changing ESP. */ ++ ++ output( "\tpushl 0xc8(%%ecx)\n" ); /* SegSs */ ++ output( "\tpopl %%es\n" ); ++ output( "\tmovl 0xc4(%%ecx),%%eax\n" ); /* Esp */ ++ output( "\tsubl $4*4, %%eax\n" ); ++ ++ output( "\tmovl 0xc0(%%ecx),%%edx\n" ); /* EFlags */ ++ output( "\t.byte 0x26\n\tmovl %%edx,3*4(%%eax)\n" ); ++ output( "\tmovl 0xbc(%%ecx),%%edx\n" ); /* SegCs */ ++ output( "\t.byte 0x26\n\tmovl %%edx,2*4(%%eax)\n" ); ++ output( "\tmovl 0xb8(%%ecx),%%edx\n" ); /* Eip */ ++ output( "\t.byte 0x26\n\tmovl %%edx,1*4(%%eax)\n" ); ++ output( "\tmovl 0xb0(%%ecx),%%edx\n" ); /* Eax */ ++ output( "\t.byte 0x26\n\tmovl %%edx,0*4(%%eax)\n" ); ++ ++ output( "\tpushl %%es\n" ); ++ output( "\tpushl 0x98(%%ecx)\n" ); /* SegDs */ ++ ++ output(" \tpushl 0x94(%%ecx)\n" ); /* SegEs */ + output( "\tpopl %%es\n" ); + output( "\tpushl 0x90(%%ecx)\n"); /* SegFs */ + output( "\tpopl %%fs\n" ); + output( "\tpushl 0x8c(%%ecx)\n"); /* SegGs */ + output( "\tpopl %%gs\n" ); + +- output( "\tmovl 0x9c(%%ecx),%%edi\n"); /* Edi */ +- output( "\tmovl 0xa0(%%ecx),%%esi\n"); /* Esi */ +- output( "\tmovl 0xa8(%%ecx),%%edx\n"); /* Edx */ +- output( "\tmovl 0xa4(%%ecx),%%ebx\n"); /* Ebx */ +- output( "\tmovl 0xb0(%%ecx),%%eax\n"); /* Eax */ +- output( "\tmovl 0xb4(%%ecx),%%ebp\n"); /* Ebp */ ++ output( "\tmovl 0x9c(%%ecx),%%edi\n" ); /* Edi */ ++ output( "\tmovl 0xa0(%%ecx),%%esi\n" ); /* Esi */ ++ output( "\tmovl 0xa4(%%ecx),%%ebx\n" ); /* Ebx */ ++ output( "\tmovl 0xa8(%%ecx),%%edx\n" ); /* Edx */ ++ output( "\tmovl 0xb4(%%ecx),%%ebp\n" ); /* Ebp */ ++ output( "\tmovl 0xac(%%ecx),%%ecx\n" ); /* Ecx */ + +- output( "\tpushl 0xc8(%%ecx)\n"); /* SegSs */ ++ output( "\tpopl %%ds\n" ); + output( "\tpopl %%ss\n" ); +- output( "\tmovl 0xc4(%%ecx),%%esp\n"); /* Esp */ ++ output( "\tmovl %%eax,%%esp\n" ); + +- output( "\tpushl 0xc0(%%ecx)\n"); /* EFlags */ +- output( "\tpushl 0xbc(%%ecx)\n"); /* SegCs */ +- output( "\tpushl 0xb8(%%ecx)\n"); /* Eip */ +- output( "\tpushl 0x98(%%ecx)\n"); /* SegDs */ +- output( "\tmovl 0xac(%%ecx),%%ecx\n"); /* Ecx */ +- +- output( "\tpopl %%ds\n" ); ++ output( "\tpopl %%eax\n" ); + output( "\tiret\n" ); + output_cfi( ".cfi_endproc" ); + output_function_size( "__wine_call_from_regs" ); +-- +2.2.2 + diff --git a/patches/winebuild-Restore_Context/definition b/patches/winebuild-Restore_Context/definition new file mode 100644 index 00000000..4b968c11 --- /dev/null +++ b/patches/winebuild-Restore_Context/definition @@ -0,0 +1 @@ +Fixes: Do not access stack below ESP when restoring thread context.