[Bug 21828] Unable to launch Mercenaries 2

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Feb 25 02:24:49 CST 2010 

http://bugs.winehq.org/show_bug.cgi?id=21828





--- Comment #19 from Anastasius Focht <focht at gmx.net>  2010-02-25 02:24:49 ---
Hello,

the winhttp problem might be related to SSL data processing (reads).

--- snip ---
0009:Call winhttp.WinHttpQueryDataAvailable(00000003,02a0fbbc) ret=10008856
0009:trace:winhttp:WinHttpQueryDataAvailable 0x3, 0x2a0fbbc
0009:trace:winhttp:addref_object 0x1d1a38 -> refcount = 2
0009:trace:winhttp:grab_object handle 0x3 -> 0x1d1a38
0009:Call ntdll.RtlAllocateHeap(00110000,00000000,00001001) ret=7d0b38f9
0009:Ret  ntdll.RtlAllocateHeap() retval=033bc618 ret=7d0b38f9
...
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf7509d56
ip=f7509d56 tid=0009
0009:trace:seh:raise_exception  info[0]=00000001
0009:trace:seh:raise_exception  info[1]=033cc000
0009:trace:seh:raise_exception  eax=00000003 ebx=7d0c1ff4 ecx=3fffc185
edx=001d1a8c esi=02a1e474 edi=033cc000
0009:trace:seh:raise_exception  ebp=02a0ea48 esp=02a0e9f8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
0009:trace:seh:call_vectored_handlers calling handler at 0x7e0480e0
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7e0480e0 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x1002610a code=c0000005
flags=0
--- snip ---

Deduced corresponding source:

WinHttpQueryDataAvailable -> query_data -> netconn_recv

--- snip dlls/winhttp/request.c ---
static BOOL query_data( request_t *request, LPDWORD available, BOOL async )
{
    BOOL ret;
    DWORD num_bytes;

    if ((ret = netconn_query_data_available( &request->netconn, &num_bytes )))
    {
        if (request->content_read < request->content_length)
        {
            if (!num_bytes)
            {
                char buffer[4096];
                size_t to_read = min( sizeof(buffer), request->content_length -
request->content_read );

                ret = netconn_recv( &request->netconn, buffer, to_read,
MSG_PEEK, (int *)&num_bytes );
                if (ret && !num_bytes) WARN("expected more data to be
available\n");
            }
        }
        else if (num_bytes)
        {
            WARN("extra data available %u\n", num_bytes);
            ret = FALSE;
        }
    } 
    TRACE("%u bytes available\n", num_bytes);
...
}
--- snip dlls/winhttp/request.c ---

4097 bytes get allocated -> (sizeof( supplied stack buffer)+1):

--- snip dlls/winhttp/net.c ---
BOOL netconn_recv( netconn_t *conn, void *buf, size_t len, int flags, int
*recvd )
{
    *recvd = 0;
    if (!netconn_connected( conn )) return FALSE;
    if (!len) return TRUE;

    if (conn->secure)
    {
#ifdef SONAME_LIBSSL
        if (flags & ~(MSG_PEEK | MSG_WAITALL))
            FIXME("SSL_read does not support the following flags: %08x\n",
flags);

        /* this ugly hack is all for MSG_PEEK */
        if (flags & MSG_PEEK && !conn->peek_msg)
        {
            if (!(conn->peek_msg = conn->peek_msg_mem = heap_alloc( len + 1 )))
return FALSE;
        }
        else if (flags & MSG_PEEK && conn->peek_msg)
        {
            if (len < conn->peek_len) FIXME("buffer isn't big enough, should we
wrap?\n");
            *recvd = min( len, conn->peek_len );
            memcpy( buf, conn->peek_msg, *recvd );
            return TRUE;
        }
        else if (conn->peek_msg)
        {
            *recvd = min( len, conn->peek_len );
            memcpy( buf, conn->peek_msg, *recvd );
            conn->peek_len -= *recvd;
            conn->peek_msg += *recvd;

            if (conn->peek_len == 0)
            {
                heap_free( conn->peek_msg_mem );
                conn->peek_msg_mem = NULL;
                conn->peek_msg = NULL;
            }
            /* check if we have enough data from the peek buffer */
            if (!(flags & MSG_WAITALL) || (*recvd == len)) return TRUE;
        }
        *recvd += pSSL_read( conn->ssl_conn, (char *)buf + *recvd, len - *recvd
);
        if (flags & MSG_PEEK) /* must copy into buffer */
        {
            conn->peek_len = *recvd;
            if (!*recvd)
            {
                heap_free( conn->peek_msg_mem );
                conn->peek_msg_mem = NULL;
                conn->peek_msg = NULL;
            }
            else memcpy( conn->peek_msg, buf, *recvd );
        }
        if (*recvd < 1 && len) return FALSE;
        return TRUE;
#else
        return FALSE;
#endif 
...
}
--- snip dlls/winhttp/net.c ---

The problem most likely starts with pSSL_read() but since there is no trace
available it's only guessing.
Could be a heap corruption/buggy native ssl call.

Please rerun the game in clean WINEPREFIX using following:

remove old log: 
$ rm log.txt

new log: 
$ WINEDEBUG=+tid,+seh,+winhttp,+heap wine Mercenaries2.exe >>log.txt 2>&1

Beware: due to heap checking enabled the game startup will be slow and the log
produced might be large - be patient until it fails.

*** strip your private data from winhttp traces as described in previous
comments ***

Compress and attach the resulting log.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list