Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UNINIT in NlsStrLenW called from GetMonitorInfoA on win7 calc.exe #996

Open
derekbruening opened this issue Nov 28, 2014 · 1 comment
Open

UNINIT in NlsStrLenW called from GetMonitorInfoA on win7 calc.exe #996

derekbruening opened this issue Nov 28, 2014 · 1 comment
Labels
Bug-FalsePositive Migrated OpSys-Windows Priority-Low

Comments

@derekbruening
Copy link
Contributor

From bruen...@google.com on August 29, 2012 18:43:39

xref issue #387 showed up in r694 (added NtUserCall* handling) on win7 laptop:

Dr.M Error #1: UNINITIALIZED READ: reading 0x0023e8d0-0x0023e8d2 2 byte(s)
Dr.M # 0 KERNELBASE.dll!NlsStrLenW +0x5e (0x75ed5168 <KERNELBASE.dll+0x35168>)
Dr.M # 1 USER32.dll!GetMonitorInfoA +0x154 (0x763a4568 <USER32.dll+0x24568>)
Dr.M # 2 gdiplus.dll!GdipCreateSolidFill +0x705e7 (0x677f7667 <gdiplus.dll+0xb7667>)
Dr.M # 3 USER32.dll!__ClientMonitorEnumProc +0x25 (0x763a44fd <USER32.dll+0x244fd>)
Dr.M # 4 ntdll.dll!KiUserCallbackDispatcher +0x2d (0x7752010a <ntdll.dll+0x1010a>)
Dr.M # 5 gdiplus.dll!GdipCreateSolidFill +0x13154 (0x6779a1d4 <gdiplus.dll+0x5a1d4>)
Dr.M # 6 gdiplus.dll!GdiplusStartup +0x55 (0x67765684 <gdiplus.dll+0x25684>)
Dr.M # 7 WinMain +0x2df (0x00641915 <calc.exe+0x1915>)
Dr.M Note: @0:00:05.198 in thread 7260
Dr.M Note: instruction: data16 cmp (%eax) %cx

Original issue: http://code.google.com/p/drmemory/issues/detail?id=996
@derekbruening
Copy link
Contributor Author

From bruen...@google.com on August 29, 2012 18:52:24

unknown system call #0x9a902a
system call #0x102a NtUserCallTwoParam

0 USER32.dll!GetMonitorInfoA+0x137 (0x7521454a <USER32.dll+0x2454a>) modid:0

1 fp=0x0012e97c parent=0x0012eb9c gdiplus.dll!DriverMulti::EnumDisplayMonitorsCallback+0x55

(0x68c17667 <gdiplus.dll+0xb7667>) modid:0

2 fp=0x0012eb9c parent=0x0012ebd0 USER32.dll!__ClientMonitorEnumProc+0x25 (0x752144fd <USER3

2.dll+0x244fd>) modid:0

3 fp=0x0012ebd0 parent=0x0012ec24 ntdll.dll!KiUserCallbackDispatcher+0x2d (0x7762010a <ntdll

.dll+0x1010a>) modid:0

4 fp=0x0012ec24 parent=0x0012ec5c gdiplus.dll!InternalGdiplusStartup+0x255 (0x68bba1d4 <gdip

lus.dll+0x5a1d4>) modid:0

5 fp=0x0012ec5c parent=0x0012ec74 gdiplus.dll!GdiplusStartup+0x55 (0x68b85684 <gdiplus.dll+0

x25684>) modid:0

6 fp=0x0012ec74 parent=0x0012f9ec WinMain +0x2df (0x00861915 <calc.exe+0x1915>) modid:0

    arg 0 = 0x10001
    arg 1 = 0x12e938
    arg 2 = 0x6a

processing pre system call #0x9a902a NtUserCallTwoParam.GETHDEVNAME
pre considering arg 0 0 0
WARNING: unhandled system call #0x9a902a
pre-unknown-syscall #0x9a902a: param 0 == 0x00010001
pre-unknown-syscall #0x9a902a: param 1 == 0x0012e938
pre-unknown-syscall #0x9a902a: param 1 == 0x0012e938 2048 bytes
pre-unknown-syscall #0x9a902a: param 2 == 0x0000006a
pre-unknown-syscall #0x9a902a: param 3 == 0x03411268
pre-unknown-syscall #0x9a902a: param 3 == 0x03411268 536 bytes
pre-unknown-syscall #0x9a902a: param 4 == 0x00000048
pre-unknown-syscall #0x9a902a: param 5 == 0x00010001
pre-unknown-syscall #0x9a902a: param 6 == 0x0012eb50
pre-unknown-syscall #0x9a902a: param 9 == 0x005424b0
pre-unknown-syscall #0x9a902a: param 9 == 0x005424b0 2048 bytes
processing post system call #0x102a.0x6a NtUserCallTwoParam.GETHDEVNAME res=0x1
post considering arg 0 0 0 0x00010001
set range 0x0012e938-0x0012e93c => 0x0
set range 0x0012e93c-0x0012e940 => 0x0
set range 0x0012e940-0x0012e944 => 0x0
set range 0x0012e944-0x0012e948 => 0x0
set range 0x0012e948-0x0012e94c => 0x0
set range 0x0012e94c-0x0012e950 => 0x0
unknown-syscall #0x9a902a: param 1 written 0x0012e938 24 bytes
set range 0x0012e960-0x0012e964 => 0x0
set range 0x0012e964-0x0012e968 => 0x0
set range 0x0012e968-0x0012e96c => 0x0
unknown-syscall #0x9a902a: param 1 written 0x0012e960 12 bytes
set range 0x0012e96c-0x0012e970 => 0x0
set range 0x0012e970-0x0012e974 => 0x0
unknown-syscall #0x9a902a: param 1 written 0x0012e96d 7 bytes
in event_basic_block(tag=0x7521454a)
in event_basic_block(tag=0x75214552)

BOOL GetMonitorInfo(
__in HMONITOR hMonitor,
__out LPMONITORINFO lpmi
);
typedef struct tagMONITORINFOEX {
DWORD cbSize;
RECT rcMonitor;
RECT rcWork;
DWORD dwFlags;
TCHAR szDevice[CCHDEVICENAME];
} MONITORINFOEX, *LPMONITORINFOEX;

struct tagMONITORINFOEXW, 2 elements, 0x68 bytes
+0x000 __BaseClass struct tagMONITORINFO, 4 elements, 0x28 bytes
+0x000 cbSize : Uint4B
+0x004 rcMonitor : struct tagRECT, 4 elements, 0x10 bytes
+0x014 rcWork : struct tagRECT, 4 elements, 0x10 bytes
+0x024 dwFlags : Uint4B
+0x028 szDevice : [32] Wchar

so GetMonitorInfo needs cbSize struct field set but syscall takes in size
as 3rd arg? size 0x6a is close but not same as 0x68: hmmm.

going w/ this instead of the UNKNOWN as it seems sufficient for a quick fix
to this regression (which is from unknown syscall handling differences)
but leaving the issue open for further investigation:

/* XXX issue #996: not 100% sure about this */
{0,"NtUserCallTwoParam.GETHDEVNAME", OK, 12, {{1,-2,W},}},

Labels: -Priority-Medium Priority-Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug-FalsePositive Migrated OpSys-Windows Priority-Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening