[Bug 12874] The Master Genealogist 4.0d - Unhandled page fault on write access

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Jul 14 21:52:15 CDT 2010 

http://bugs.winehq.org/show_bug.cgi?id=12874


Andrew Nguyen <arethusa26 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1




--- Comment #21 from Andrew Nguyen <arethusa26 at gmail.com>  2010-07-14 21:52:14 ---
For the first crash:

trace:int31:DOSVM_Int31Handler get free memory information
trace:int31:DOSVM_Int31Handler resize memory block (0x00bf0000, 2148921344
bytes)
fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148921344
bytes), using non-linear growing...
fixme:int31:DPMI_xalloc failed to allocate any memory of 2148921344 bytes!
wine: Unhandled page fault on write access to 0x00000000 at address 0x681f35f6
(thread 001c), starting debugger...
Unhandled exception: page fault on write access to 0x00000000 in 32-bit code
(0x681f35f6).
...
Backtrace:
=>0 0x681f35f6 (0x00aedf68)
  1 0x685cfe3d DOSVM_Int31Handler+0x228b(context=0xbf0000)
[/home/arethusa/wine32/dlls/krnl386.exe16/../../../wine.git/dlls/krnl386.exe16/int31.c:1380]
in krnl386.exe16 (0x00aee268)
  2 0x685cfe3d DOSVM_Int31Handler+0x228b(context=0xaee2fc)
[/home/arethusa/wine32/dlls/krnl386.exe16/../../../wine.git/dlls/krnl386.exe16/int31.c:1380]
in krnl386.exe16 (0x00aee298)
...

What happens is that the application tries to resize a memory block, but the
DPMI_xrealloc helper calls DPMI_xalloc and assumes success in the block resize
case. The application passes an extremely large allocation size (around 2 GB),
so DPMI_xalloc fails and DPMI_xrealloc blindly uses the returned NULL pointer.
Making xrealloc recognize this condition seems to fix the crash.

For the next problem:

fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148921344
bytes), using non-linear growing...
fixme:int31:DPMI_xalloc failed to allocate any memory of 2148921344 bytes!
fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148511744
bytes), using non-linear growing...
fixme:int31:DPMI_xalloc failed to allocate any memory of 2148511744 bytes!
fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148102144
bytes), using non-linear growing...
fixme:int31:DPMI_xalloc failed to allocate any memory of 2148102144 bytes!
...

For some reason, the application uses the queried DPMI free memory information
to try to allocate all available memory, and it spends a huge amount of time
doing this until it crashes. Hacking DPMI_xalloc to reject allocation sizes
larger than 512 MB (or some reasonable arbitrary value) gets the application to
start. Perhaps the DPMI free memory information needs some hard limits for
applications like this one. There are many more issues after this, but that
would seem to belong in another bug report.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list