winebuild: Do not access memory below ESP when restoring thread contexts.

Based on a patch by John Reiser.

winebuild: Do not access memory below ESP when restoring thread contexts.
44fbc018 · Sebastian Lackner · Alexandre Julliard · 6bec132c · 44fbc018
Commit 44fbc018 authored Feb 12, 2015 by Sebastian Lackner Committed by Alexandre Julliard Feb 27, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 16 deletions

relay.c tools/winebuild/relay.c +33 -16

No files found.
--- a/tools/winebuild/relay.c
+++ b/tools/winebuild/relay.c
@@ -852,31 +852,48 @@ static void build_call_from_regs_x86(void)

    /* Restore the context structure */

-    output( "2:\tpushl 0x94(%%ecx)\n");     /* SegEs */
+    output( "2:\n" );
+
+    /* As soon as we have switched stacks the context structure could
+     * be invalid (when signal handlers are executed for example). Copy
+     * values on the target stack before changing ESP. */
+
+    output( "\tpushl 0xc8(%%ecx)\n" );      /* SegSs */
+    output( "\tpopl %%es\n" );
+    output( "\tmovl 0xc4(%%ecx),%%eax\n" ); /* Esp */
+    output( "\tleal -4*4(%%eax),%%eax\n" );
+
+    output( "\tmovl 0xc0(%%ecx),%%edx\n" ); /* EFlags */
+    output( "\t.byte 0x26\n\tmovl %%edx,3*4(%%eax)\n" );
+    output( "\tmovl 0xbc(%%ecx),%%edx\n" ); /* SegCs */
+    output( "\t.byte 0x26\n\tmovl %%edx,2*4(%%eax)\n" );
+    output( "\tmovl 0xb8(%%ecx),%%edx\n" ); /* Eip */
+    output( "\t.byte 0x26\n\tmovl %%edx,1*4(%%eax)\n" );
+    output( "\tmovl 0xb0(%%ecx),%%edx\n" ); /* Eax */
+    output( "\t.byte 0x26\n\tmovl %%edx,0*4(%%eax)\n" );
+
+    output( "\tpushl %%es\n" );
+    output( "\tpushl 0x98(%%ecx)\n" );      /* SegDs */
+
+    output(" \tpushl 0x94(%%ecx)\n" );      /* SegEs */
    output( "\tpopl %%es\n" );
    output( "\tpushl 0x90(%%ecx)\n");       /* SegFs */
    output( "\tpopl %%fs\n" );
    output( "\tpushl 0x8c(%%ecx)\n");       /* SegGs */
    output( "\tpopl %%gs\n" );

-    output( "\tmovl 0x9c(%%ecx),%%edi\n");  /* Edi */
-    output( "\tmovl 0xa0(%%ecx),%%esi\n");  /* Esi */
-    output( "\tmovl 0xa8(%%ecx),%%edx\n");  /* Edx */
-    output( "\tmovl 0xa4(%%ecx),%%ebx\n");  /* Ebx */
-    output( "\tmovl 0xb0(%%ecx),%%eax\n");  /* Eax */
-    output( "\tmovl 0xb4(%%ecx),%%ebp\n");  /* Ebp */
+    output( "\tmovl 0x9c(%%ecx),%%edi\n" ); /* Edi */
+    output( "\tmovl 0xa0(%%ecx),%%esi\n" ); /* Esi */
+    output( "\tmovl 0xa4(%%ecx),%%ebx\n" ); /* Ebx */
+    output( "\tmovl 0xa8(%%ecx),%%edx\n" ); /* Edx */
+    output( "\tmovl 0xb4(%%ecx),%%ebp\n" ); /* Ebp */
+    output( "\tmovl 0xac(%%ecx),%%ecx\n" ); /* Ecx */

-    output( "\tpushl 0xc8(%%ecx)\n");       /* SegSs */
+    output( "\tpopl %%ds\n" );
    output( "\tpopl %%ss\n" );
-    output( "\tmovl 0xc4(%%ecx),%%esp\n");  /* Esp */
+    output( "\tmovl %%eax,%%esp\n" );

-    output( "\tpushl 0xc0(%%ecx)\n");       /* EFlags */
-    output( "\tpushl 0xbc(%%ecx)\n");       /* SegCs */
-    output( "\tpushl 0xb8(%%ecx)\n");       /* Eip */
-    output( "\tpushl 0x98(%%ecx)\n");       /* SegDs */
-    output( "\tmovl 0xac(%%ecx),%%ecx\n");  /* Ecx */
-
-    output( "\tpopl %%ds\n" );
+    output( "\tpopl %%eax\n" );
    output( "\tiret\n" );
    output_cfi( ".cfi_endproc" );
    output_function_size( "__wine_call_from_regs" );