From: Paul Gofman <pgofman@codeweavers.com>
Subject: [PATCH] ntdll: Don't reset rsp to context->Rsp until exception data is copied.
Message-Id: <20200702080604.544894-1-pgofman@codeweavers.com>
Date: Thu,  2 Jul 2020 11:06:04 +0300

Context record may be stored on stack below context stack. This
happens, e. g., with RtlRaiseException().

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
---
 dlls/ntdll/unix/signal_x86_64.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/dlls/ntdll/unix/signal_x86_64.c b/dlls/ntdll/unix/signal_x86_64.c
index 5334a4d7cc6..264d20de0cd 100644
--- a/dlls/ntdll/unix/signal_x86_64.c
+++ b/dlls/ntdll/unix/signal_x86_64.c
@@ -1979,17 +1979,21 @@ __ASM_GLOBAL_FUNC( user_exception_dispatcher_trampoline,
 
 void WINAPI do_call_user_exception_dispatcher(EXCEPTION_RECORD *rec, CONTEXT *context, struct stack_layout *stack)
 {
-    memcpy(&stack->context, context, sizeof(*context));
+    memmove(&stack->context, context, sizeof(*context));
     memcpy(&stack->rec, rec, sizeof(*rec));
 
     user_exception_dispatcher_trampoline( stack, pKiUserExceptionDispatcher );
 }
 
 __ASM_GLOBAL_FUNC( call_user_exception_dispatcher,
-                   "movq 0x98(%rdx),%rsp\n\t" /* context->Rsp */
-                   "and $~0xf,%rsp\n\t"
-                   "sub $0x630,%rsp\n\t" /* sizeof(struct stack_layout) */
-                   "movq %rsp,%r8\n\t"
+                   "movq 0x98(%rdx),%r8\n\t" /* context->Rsp */
+                   "andq $~0xf,%r8\n\t"
+                   "subq $0x630,%r8\n\t" /* sizeof(struct stack_layout) */
+                   "cmpq %r8,%rsp\n\t"
+                   "jae done\n\t"
+                   "movq %r8,%rsp\n\t"
+
+                   "done:"
                    "jmp " __ASM_NAME("do_call_user_exception_dispatcher") "\n\t")
 
 /***********************************************************************

-- 
2.26.2