On Jun 30 17:05, Corinna Vinschen wrote:
> On Jun 30 16:23, Corinna Vinschen wrote:
> > On Jun 30 07:30, Nellis, Kenneth wrote:
> > > > From: Corinna Vinschen
> > > > Works fine for me. If I'm admin, writing works, if I'm not admin,
> > > > writing fails with permission denied. Could you please send your
> > > > cygcheck output per http://cygwin.com/problems.html as well as an
> > > > strace which shows what happens, like this:
> > > >
> > > > $ strace -o vim.trace vim-nox /etc/hosts
> > > > :wq!
> > >
> > > FWIW, I see the same problem as the OP. The strace command interferes
> > > with vim so that it won't recognize ESC to allow the ":" to be
> > > recognized, so I can't ":wq!" as requested. strace output nevertheless
> > > attached as is cygcheck -svr output.
> >
> > You strace shows nothing, it just stops at one point. Are you running
> > from a console or from mintty? When running in a console in default
> > notty mode, :w! or :wq! works fine. Can you try again? Perhaps with
> > other strace flags?
> >
> > strace -o vim.trace -m 0xffff vim-nox /etc/hosts
>
> I suddenly can reproduce the problem. For some reason it occurs only if
> both, vim and the Cygwin DLL, are compiled with -O2. Darn. This does
> not make debugging exactly easier :-P All I can say at this point is
> that the stack gets overwritten at one point.
FYI, I tracked it down to the place where the stack overwrite occurs.
This is most puzzeling. When typing :wq!, the following chain of functions
is called:
nv_colon
do_cmdline
ex_exit
do_write
open <- Here it calls into the Cygwin DLL
fhandler_base::open_with_arch
fhandler_base::open_fs
fhandler_base::open
NtCreateFile <--Here it calls into NTDLL.DLL
The open call tries to open the backup file "/etc/hosts~", not the
symlink itself.
In the optimized version of vim, the local variable "cap" in the
function nv_colon is kept in register $esi. When do_cmdline is called,
$esi is pushed onto the stack. Then everything goes its normal ways,
until NtCreateFile is called.
And here's the puzzler: This call to NtCreateFile overwrites the 4 byte
stack slot in which the "cap" pointer is saved with the value 0x10c!
After return from do_cmdline, nv_colon uses cap in an expression and
since cap is a pointer value, when dereferencing the pointer, vim
crashes.
I checked this situation a couple of times in assembler. The cap
value is fine up to the "call NtCreateFile@44", and it's changed to
0x10c when NtCreateFile returns.
I don't understand that. Not only that NtCreateFile is not supposed to
change values on the stack in the stack frame 8 functions above, I also
don't know what the value 0x10c is. It's not the HANDLE returned by
NtCreateFile, that's 0x1e4.
Well, that's it. I just had to vent a bit since I have no idea how
to proceed at this point. I can see and prove that the NtCreateFile
call overwrites the stack, but it's totally unlikely that NtCreateFile
would ever do that. The OS would be broken.
Oh, and here's a last-minute surprise: It does not happen if you run
gvim, rather than vim. Maybe I should just give up to provide packages.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
