Closed Bug 845098 Opened 12 years ago Closed 12 years ago

Windows write poisoning doesn't catch all writes

Categories

(Core :: XPCOM, defect, P3)

Product:
Core
Component:
XPCOM
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: BenWa, Assigned: espindola)

References

Details

We originally though that NtFlushBuffersFile would cover all the writes but apparently it does not. FileSync->NtFlushBuffersFile but fclose does not call NtFlushBuffersFile.
The stack we got was: > ntdll.dll!_NtWriteFile@36() KernelBase.dll!_WriteFile@20() + 0x113 bytes kernel32.dll!_WriteFileImplementation@20() + 0x4a bytes msvcr100.dll!__write_nolock() + 0x553 bytes msvcr100.dll!__write() + 0x74 bytes msvcr100.dll!__flush() + 0x3b bytes msvcr100.dll!__fclose_nolock() + 0x21 bytes msvcr100.dll!_fclose() + 0x3d bytes xul.dll!mozilla::ShutdownXPCOM(nsIServiceManager * servMgr) Line 634 + 0x7 bytes C++ xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 1129 C++ xul.dll!XREMain::XRE_main(int argc, char * * argv, const nsXREAppData * aAppData) Line 3982 + 0xe bytes C++ xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData, unsigned int aFlags) Line 4160 + 0x12 bytes C++ firefox.exe!do_main(int argc, char * * argv, nsIFile * xreDirectory) Line 233 + 0x13 bytes C++ firefox.exe!NS_internal_main(int argc, char * * argv) Line 546 + 0xe bytes C++ firefox.exe!wmain(int argc, wchar_t * * argv) Line 112 C++ firefox.exe!__tmainCRTStartup() Line 552 + 0x17 bytes C kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes We will poison ntdll.dll!_NtWriteFile@36, but does anyone know a way to find out if we need to poison anything else?
Assignee: nobody → respindola
Status: NEW → ASSIGNED
(In reply to Rafael Ávila de Espíndola (:espindola) from comment #1) > The stack we got was: > > > ntdll.dll!_NtWriteFile@36() > KernelBase.dll!_WriteFile@20() + 0x113 bytes > kernel32.dll!_WriteFileImplementation@20() + 0x4a bytes > msvcr100.dll!__write_nolock() + 0x553 bytes > msvcr100.dll!__write() + 0x74 bytes > msvcr100.dll!__flush() + 0x3b bytes > msvcr100.dll!__fclose_nolock() + 0x21 bytes > msvcr100.dll!_fclose() + 0x3d bytes > xul.dll!mozilla::ShutdownXPCOM(nsIServiceManager * servMgr) Line 634 + > 0x7 bytes C++ > xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 1129 C++ > xul.dll!XREMain::XRE_main(int argc, char * * argv, const nsXREAppData * > aAppData) Line 3982 + 0xe bytes C++ > xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData, > unsigned int aFlags) Line 4160 + 0x12 bytes C++ > firefox.exe!do_main(int argc, char * * argv, nsIFile * xreDirectory) Line > 233 + 0x13 bytes C++ > firefox.exe!NS_internal_main(int argc, char * * argv) Line 546 + 0xe > bytes C++ > firefox.exe!wmain(int argc, wchar_t * * argv) Line 112 C++ > firefox.exe!__tmainCRTStartup() Line 552 + 0x17 bytes C > kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes > ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes > ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes > > We will poison ntdll.dll!_NtWriteFile@36, but does anyone know a way to find > out if we need to poison anything else? I suggest looking at the Wine source code as a first step.
Priority: -- → P3
We now poison NtWriteFile and NtWriteFileGather
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.