Check for correct funtion entry address in munge_threadfunc

* init.cc (munge_threadfunc): Check that we're actually replacing
	the correct original function address on the stack.
	* ntdll.h (enum _THREADINFOCLASS): Add ThreadQuerySetWin32StartAddress.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/ChangeLog

@@ -1,3 +1,9 @@
+2015-10-29  Qian Hong  <qhong@codeweavers.com>
+
+	* init.cc (munge_threadfunc): Check that we're actually replacing
+	the correct original function address on the stack.
+	* ntdll.h (enum _THREADINFOCLASS): Add ThreadQuerySetWin32StartAddress.
+
 2015-08-21  Jon Turney  <jon.turney@dronecode.org.uk>
 
 	* cygwin-cxx.h: Remove execute permissions.

winsup/cygwin/init.cc

@@ -55,12 +55,17 @@ munge_threadfunc ()
 
   if (threadfunc_ix[0])
     {
-      char *threadfunc = ebp[threadfunc_ix[0]];
+      char *threadfunc = NULL;
+
+      NtQueryInformationThread (NtCurrentThread (),
+				ThreadQuerySetWin32StartAddress,
+				&threadfunc, sizeof threadfunc, NULL);
       if (!search_for || threadfunc == search_for)
 	{
 	  search_for = NULL;
 	  for (i = 0; threadfunc_ix[i]; i++)
-	    ebp[threadfunc_ix[i]] = (char *) threadfunc_fe;
+	    if (!threadfunc || ebp[threadfunc_ix[i]] == threadfunc)
+	       ebp[threadfunc_ix[i]] = (char *) threadfunc_fe;
 	  TlsSetValue (_my_oldfunc, threadfunc);
 	}
     }

winsup/cygwin/ntdll.h

@@ -1162,7 +1162,8 @@ typedef enum _THREADINFOCLASS
 {
   ThreadBasicInformation = 0,
   ThreadTimes = 1,
-  ThreadImpersonationToken = 5
+  ThreadImpersonationToken = 5,
+  ThreadQuerySetWin32StartAddress = 9
 } THREADINFOCLASS, *PTHREADINFOCLASS;
 
 /* Checked on 64 bit. */

winsup/cygwin/release/2.3.0

@@ -50,3 +50,6 @@ Bug Fixes
 
 - Avoid SEGV when handling SIDs with 0 subauthorities.
   Addresses: https://cygwin.com/ml/cygwin/2015-10/msg00141.html
+
+- Fix a potential SEGV on (at least) Wine.
+  Addresses: https://cygwin.com/ml/cygwin/2015-10/msg00018.html