Changeset 21645 for trunk/src

Timestamp:

Jun 22, 2011, 11:43:22 PM (14 years ago)

Author:

dmik

Message:

kernel32: SEH: Fixed crashes at process termination (exceptions c0010001 and c0010002 in POPUPLOG.OS2) caused by attempting to unwind the Win32 exception chain twice, the second time after destroying the Win32 TEB block.

Location:

trunk/src/kernel32

Files:

• exceptions.cpp (modified) (2 diffs)
• seh/sehutil.s (modified) (2 diffs)

trunk/src/kernel32/exceptions.cpp

@@ -468 +468 @@
   dprintf(("KERNEL32: RtlUnwind pEndFrame=%08X, unusedEip=%08X, pRecord=%08X, returnEax=%#x\n", pEndFrame, unusedEip, pRecord, returnEax));
 
+  TEB *winteb = GetThreadTEB();
+  if (!winteb)
+  {
+      /* We're being called from __seh_handler called upon unwinding the OS/2
+       * exception chain after the Win32 TIB structure is destroyed. This for
+       * example happens when we terminate the thread or the process from within
+       * the __try block. Just ignore this call retur (note that the Win32
+       * exception chain should be already unwound by this moment). */
+      dprintf(("KERNEL32: RtlUnwind returning due to zero Win32 TEB.\n"));
+      return 0;
+  }
 
   memset(&context, 0, sizeof(context));
@@ -504 +515 @@
 
   /* get chain of exception frames */
-  TEB *winteb = GetThreadTEB();
   frame       = (PWINEXCEPTION_FRAME)winteb->except;
 

trunk/src/kernel32/seh/sehutil.s

@@ -76 +76 @@
     popl %fs
 
-    /* check if we could successfully switch to Win32 FS. A failure means the
-     * Win32 thread is about to exit and TIB has been already destroyed. */
-    movl (%esp), %ecx   /* (%esp) is OS/2 FS pushed above */
-    movl %fs, %eax
-    cmpw %cx, %ax
-    je ___seh_handler_Skip_Win32_Unwind
-
     pushl $0        /* DWORD (unused) */
     pushl $0        /* PEXCEPTION_RECORD */
@@ -89 +82 @@
     call _RtlUnwind@16 /* _stdcall, rtl, callee cleans stack */
 
-___seh_handler_Skip_Win32_Unwind:
     popl %fs