Wireshark-bugs: [Wireshark-bugs] [Bug 12495] New version crash after openning file

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 13 Jun 2016 18:02:54 +0000

Comment # 6 on bug 12495 from 
It looks like an optimization issue on MSVC2013 with /Oxs. Based on the
disassemblies provided by Pascal, I see the following:

decode_user_exception:
  0000000000000000: 48 89 6C 24 08     mov         qword ptr [rsp+8],rbp
  0000000000000005: 48 89 74 24 10     mov         qword ptr [rsp+10h],rsi
  000000000000000A: 48 89 7C 24 18     mov         qword ptr [rsp+18h],rdi
  000000000000000F: 4C 89 74 24 20     mov         qword ptr [rsp+20h],r14
  0000000000000014: 41 57              push       r15
  0000000000000016: 48 83 EC 40        sub         rsp,40h
# MessageHeader *header at offset 28h + 8h + 40h = 30h + 40h = 70h
# this matches the expected value in dissect_cosnaming
  000000000000001A: 48 8B 7C 24 70     mov         rdi,qword ptr [rsp+70h]
  000000000000001F: 49 8B F1           mov         rsi,r9
  0000000000000022: 4D 8B F8           mov        r15,r8
if (!header->exception_id)
  0000000000000025: 48 83 7F 18 00     cmp         qword ptr [rdi+18h],0
  000000000000002A: 48 8B EA           mov         rbp,rdx
  000000000000002D: 4C 8B F1           mov        r14,rcx
  0000000000000030: 0F 84 AE 00 00 00  je          00000000000000E4

if (strcmp(header->exception_id,
"IDL:omg.org/CosNaming/NamingContext/NotFound:1.0") == 0)
  0000000000000036: 48 8B 4F 18        mov         rcx,qword ptr [rdi+18h]
  000000000000003A: 48 8D 15 00 00 00  lea        
rdx,[??_C@_0DB@PBHKNMGI@IDL?3omg?4org?1CosNaming?1NamingCont@]
                    00
  0000000000000041: E8 00 00 00 00     call        strcmp
  0000000000000046: 85 C0              test        eax,eax
  0000000000000048: 75 43              jne         000000000000008D
  000000000000004A: 4C 8B CE           mov        r9,rsi
  000000000000004D: 4D 8B C7           mov        r8,r15
  0000000000000050: 48 8B D5           mov         rdx,rbp
  0000000000000053: 49 8B CE           mov         rcx,r14
  0000000000000056: E8 00 00 00 00     call        start_dissecting
  000000000000005B: 8B 8C 24 80 00 00  mov         ecx,dword ptr [rsp+80h]
                    00
  0000000000000062: 4C 8B CE           mov        r9,rsi
  0000000000000065: 89 4C 24 30        mov         dword ptr [rsp+30h],ecx
  0000000000000069: 48 8B 4C 24 78     mov         rcx,qword ptr [rsp+78h]
  000000000000006E: 4C 8B C0           mov        r8,rax
  0000000000000071: 48 89 4C 24 28     mov         qword ptr [rsp+28h],rcx
  0000000000000076: 49 8B CE           mov         rcx,r14
  0000000000000079: 48 8B D5           mov         rdx,rbp
  000000000000007C: 48 89 7C 24 20     mov         qword ptr [rsp+20h],rdi
  0000000000000081: E8 00 00 00 00     call       
decode_ex_CosNaming_NamingContext_NotFound
  0000000000000086: B8 01 00 00 00     mov         eax,1
  000000000000008B: EB 59              jmp         00000000000000E6

f (strcmp(header->exception_id,
"IDL:omg.org/CosNaming/NamingContext/CannotProceed:1.0") == 0) {
  000000000000008D: 48 8B 4F 18        mov         rcx,qword ptr [rdi+18h]
  0000000000000091: 48 8D 15 00 00 00  lea        
rdx,[??_C@_0DG@MLOOGHPH@IDL?3omg?4org?1CosNaming?1NamingCont@]
                    00
  0000000000000098: E8 00 00 00 00     call        strcmp
  000000000000009D: 85 C0              test        eax,eax
  000000000000009F: 75 43              jne         00000000000000E4
  00000000000000A1: 4C 8B CE           mov        r9,rsi
  00000000000000A4: 4D 8B C7           mov        r8,r15
  00000000000000A7: 48 8B D5           mov         rdx,rbp
  00000000000000AA: 49 8B CE           mov         rcx,r14
  00000000000000AD: E8 00 00 00 00     call        start_dissecting
  00000000000000B2: 8B 8C 24 80 00 00  mov         ecx,dword ptr [rsp+80h]
                    00
  00000000000000B9: 4C 8B CE           mov        r9,rsi
  00000000000000BC: 89 4C 24 30        mov         dword ptr [rsp+30h],ecx
  00000000000000C0: 48 8B 4C 24 78     mov         rcx,qword ptr [rsp+78h]
  00000000000000C5: 4C 8B C0           mov        r8,rax
  00000000000000C8: 48 89 4C 24 28     mov         qword ptr [rsp+28h],rcx
  00000000000000CD: 49 8B CE           mov         rcx,r14
  00000000000000D0: 48 8B D5           mov         rdx,rbp
  00000000000000D3: 48 89 7C 24 20     mov         qword ptr [rsp+20h],rdi
  00000000000000D8: E8 00 00 00 00     call       
decode_ex_CosNaming_NamingContext_CannotProceed
  00000000000000DD: B8 01 00 00 00     mov         eax,1
  00000000000000E2: EB 02              jmp         00000000000000E6

  00000000000000E4: 33 C0              xor         eax,eax
  00000000000000E6: 48 8B 6C 24 50     mov         rbp,qword ptr [rsp+50h]
  00000000000000EB: 48 8B 74 24 58     mov         rsi,qword ptr [rsp+58h]
  00000000000000F0: 48 8B 7C 24 60     mov         rdi,qword ptr [rsp+60h]
  00000000000000F5: 4C 8B 74 24 68     mov        r14,qword ptr [rsp+68h]
  00000000000000FA: 48 83 C4 40        add         rsp,40h
  00000000000000FE: 41 5F              pop        r15
  0000000000000100: C3                 ret

Above you can see rdi+18h three times for exception_id, but that is off by
four:

    typedef struct MessageHeader {  // offsets
      guint8 magic[4];              // 00
      Version GIOP_version;         // 04
      guint8 flags;                 // 06
      guint8 message_type;          // 07
      guint32 message_size;         // 08

      guint32 req_id;               // 0c
      guint32 rep_status;           // 10
      gchar *exception_id;          // 14
    } MessageHeader;

You are receiving this mail because:
  • You are watching all bug changes.