More Info and a call for help

Robert Lunnon bob at yarrabee.net.au
Mon Jun 23 08:21:18 CDT 2003


I am having problems with this Program, Little Fighter II, and also the 
installer that comes with the Worms II demo, both internet downloadable. 
Anyway both of these faults might be due to stack overflows or overwrites, 
especially the Worms II one below. What variable controls the size of the 
stack allocated to a thread ?

More info below


Worms II
http://www.worms2.com/main.html?page=good&area=demo&file=3

LF2 
http://www.littlefighter.com/

Worms II fails during setup with a seg fault  here

0xddb2484a:                     popw    %es
0xddb2484c:                     popw    %fs
0xddb2484f:                     popw    %gs
0xddb24852:                     orl     %eax,%eax
0xddb24854:                     lret    $0xc
> ::stack
0xddb2484a()
This is part of relay16.s in ntdll in part reproduced below

	movzwl (112), %esp
	.byte 0x64
	popl (112)
	popl %edx
	popl %ecx
	popl %ebp
	popw %ds
	popw %es
	popw %fs
	popw %gs
	orl %eax, %eax
	lret $12
And Has this machine state

%cs = 0x0017            %eax = 0x00000000
%ds = 0x023f            %ebx = 0x0000000e
%ss = 0x023f            %ecx = 0x00000436
%es = 0x001f            %edx = 0x03a703a7
%fs = 0x0227            %esi = 0x0000056d
%gs = 0x0000            %edi = 0x00005ddd

 %eip = 0xddb2484a
 %ebp = 0x000054e2
%kesp = 0xeeb18fe4

%eflags = 0x00010246
  id=0 vip=0 vif=0 ac=0 vm=0 rf=1 nt=0 iopl=0x0
  status=<of,df,IF,tf,sf,ZF,af,PF,cf>

   %esp = 0x00005416
%trapno = 0xd
   %err = 0x3a4

With these memory mappings    
BASE    LIMIT     SIZE NAME
       0    10000    10000 [ anon ]
   10000   110000   100000 [ anon ]
 8042000  8048000     6000 [ stack ]
 8050000  8051000     1000 /export/home/local/bin/wine
 8060000  8061000     1000 /export/home/local/bin/wine
 8061000  8105000    a4000 [ heap ]
65430000 65530000   100000 tmpfs.0.2.472492402
dc6a0000 dc6a1000     1000 [ anon ]
dc6b0000 dc6c0000    10000 /export/home/local/lib/wine/ctl3d32.dll.so
dc6c0000 dc6c1000     1000 [ anon ]
dc6c1000 dc6c4000     3000 /export/home/local/lib/wine/ctl3d32.dll.so
dc6d3000 dc6d5000     2000 /export/home/local/lib/wine/ctl3d32.dll.so
dc6e0000 dc6f0000    10000 /export/home/local/lib/wine/lz32.dll.so
dc6f0000 dc6f1000     1000 [ anon ]
dc6f1000 dc6f5000     4000 /export/home/local/lib/wine/lz32.dll.so
dc704000 dc705000     1000 /export/home/local/lib/wine/lz32.dll.so
dc710000 dc720000    10000 /export/home/local/lib/wine/version.dll.so
dc720000 dc721000     1000 [ anon ]
dc721000 dc728000     7000 /export/home/local/lib/wine/version.dll.so
dc737000 dc739000     2000 /export/home/local/lib/wine/version.dll.so
dc740000 dc741000     1000 [ anon ]
dc741000 dc841000   100000 [ anon ]
dc841000 dc843000     2000 [ anon ]
dc843000 dc965000   122000 [ anon ]
dc980000 dc990000    10000 /export/home/local/lib/wine/midimap.drv.so
dc990000 dc991000     1000 [ anon ]
dc991000 dc994000     3000 /export/home/local/lib/wine/midimap.drv.so
dc9a3000 dc9a4000     1000 /export/home/local/lib/wine/midimap.drv.so
dc9b0000 dc9c0000    10000 [ anon ]
dc9c0000 dcac0000   100000 [ anon ]
dcae0000 dcaf0000    10000 /export/home/local/lib/wine/msacm32.dll.so
dcaf0000 dcaf1000     1000 [ anon ]
dcaf1000 dcafe000     d000 /export/home/local/lib/wine/msacm32.dll.so
dcb0d000 dcb0f000     2000 /export/home/local/lib/wine/msacm32.dll.so
dcb20000 dcb21000     1000 [ anon ]
dcb30000 dcb40000    10000 /export/home/local/lib/wine/msacm.drv.so
dcb40000 dcb41000     1000 [ anon ]
dcb41000 dcb46000     5000 /export/home/local/lib/wine/msacm.drv.so
dcb55000 dcb56000     1000 /export/home/local/lib/wine/msacm.drv.so
dcb60000 dcb66000     6000 /opt/cfw/gcc322/lib/libgcc_s.so.1
dcb75000 dcb77000     2000 /opt/cfw/gcc322/lib/libgcc_s.so.1
dcb80000 dcbd9000    59000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2
dcbe8000 dcbfd000    15000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2
dcbfd000 dcc01000     4000 /opt/cfw/gcc322/lib/libstdc++.so.5.0.2
dcc10000 dcc16000     6000 /export/home/local/lib/libaudioio.0.4.so
dcc25000 dcc26000     1000 /export/home/local/lib/libaudioio.0.4.so
dcc26000 dcc29000     3000 /export/home/local/lib/libaudioio.0.4.so
dcc30000 dcc40000    10000 /export/home/local/lib/wine/wineaudioio.drv.so
dcc40000 dcc41000     1000 [ anon ]
dcc41000 dcc51000    10000 /export/home/local/lib/wine/wineaudioio.drv.so
dcc60000 dcc62000     2000 /export/home/local/lib/wine/wineaudioio.drv.so
dcc70000 dcc80000    10000 /export/home/local/lib/wine/winmm.dll.so
dcc80000 dcc81000     1000 [ anon ]
dcc81000 dccd0000    4f000 /export/home/local/lib/wine/winmm.dll.so
dccdf000 dcce5000     6000 /export/home/local/lib/wine/winmm.dll.so
dccf0000 dccf1000     1000 [ anon ]
dcd00000 dcd02000     2000 /usr/X11R6/lib/X11/locale/common/xlcDef.so.2
dcd11000 dcd12000     1000 /usr/X11R6/lib/X11/locale/common/xlcDef.so.2
dcd20000 dcd30000    10000 [ anon ]
dcd40000 dcd41000     1000 [ anon ]
dcd50000 dcd54000     4000 /usr/X11R6/lib/libXrender.so.1.1
dcd63000 dcd64000     1000 /usr/X11R6/lib/libXrender.so.1.1
dcd70000 dcd71000     1000 [ anon ]
dcd80000 dce3b000    bb000 /usr/X11R6/lib/libX11.so.6.2
dce4a000 dce4d000     3000 /usr/X11R6/lib/libX11.so.6.2
dce50000 dce5c000     c000 /usr/X11R6/lib/libXext.so.6.4
dce6b000 dce6c000     1000 /usr/X11R6/lib/libXext.so.6.4
dce70000 dce85000    15000 /usr/X11R6/lib/libICE.so.6.3
dce94000 dce95000     1000 /usr/X11R6/lib/libICE.so.6.3
dce95000 dce97000     2000 /usr/X11R6/lib/libICE.so.6.3
dcea0000 dcea7000     7000 /usr/X11R6/lib/libSM.so.6.0
dceb6000 dceb8000     2000 /usr/X11R6/lib/libSM.so.6.0
dcec0000 dced0000    10000 /export/home/local/lib/wine/x11drv.dll.so
dced0000 dced1000     1000 [ anon ]
dced1000 dcf23000    52000 /export/home/local/lib/wine/x11drv.dll.so
dcf32000 dcf36000     4000 /export/home/local/lib/wine/x11drv.dll.so
dcf36000 dcf37000     1000 /export/home/local/lib/wine/x11drv.dll.so
dcf40000 dcf76000    36000 /usr/X11R6/lib/libfreetype.so.6.2
dcf85000 dcf89000     4000 /usr/X11R6/lib/libfreetype.so.6.2
dcf90000 dcf91000     1000 [ anon ]
dcfa0000 dcfd0000    30000 /export/home/local/lib/wine/kernel32.dll.so
dcfd0000 dcfd1000     1000 [ anon ]
dcfd1000 dd04a000    79000 /export/home/local/lib/wine/kernel32.dll.so
dd059000 dd071000    18000 /export/home/local/lib/wine/kernel32.dll.so
dd080000 dd090000    10000 /export/home/local/lib/wine/advapi32.dll.so
dd090000 dd091000     1000 [ anon ]
dd091000 dd0a8000    17000 /export/home/local/lib/wine/advapi32.dll.so
dd0b7000 dd0bb000     4000 /export/home/local/lib/wine/advapi32.dll.so
dd0c0000 dd0e0000    20000 /export/home/local/lib/wine/gdi32.dll.so
dd0e0000 dd0e1000     1000 [ anon ]
dd0e1000 dd11c000    3b000 /export/home/local/lib/wine/gdi32.dll.so
dd12b000 dd134000     9000 /export/home/local/lib/wine/gdi32.dll.so
dd134000 dd144000    10000 /export/home/local/lib/wine/gdi32.dll.so
dd150000 dd170000    20000 /export/home/local/lib/wine/user32.dll.so
dd170000 dd171000     1000 [ anon ]
dd171000 dd218000    a7000 /export/home/local/lib/wine/user32.dll.so
dd227000 dd239000    12000 /export/home/local/lib/wine/user32.dll.so
dd239000 dd27c000    43000 /export/home/local/lib/wine/user32.dll.so
dd280000 dd290000    10000 /export/home/local/lib/wine/winedos.dll.so
dd290000 dd291000     1000 [ anon ]
dd291000 dd2bd000    2c000 /export/home/local/lib/wine/winedos.dll.so
dd2cc000 dd2ce000     2000 /export/home/local/lib/wine/winedos.dll.so
dd2ce000 dd2d0000     2000 /export/home/local/lib/wine/winedos.dll.so
dd2e0000 dd2e1000     1000 [ anon ]
dd2e1000 dd3e1000   100000 [ anon ]
dd3e1000 dd3e3000     2000 [ anon ]
dd3e3000 dd4f3000   110000 [ anon ]
dd500000 dd501000     1000 [ anon ]
dd510000 dd520000    10000 /export/home/local/lib/wine/winevdm.exe.so
dd520000 dd521000     1000 [ anon ]
dd521000 dd523000     2000 /export/home/local/lib/wine/winevdm.exe.so
dd532000 dd533000     1000 /export/home/local/lib/wine/winevdm.exe.so
dd540000 dd541000     1000 [ anon ]
dd550000 dd551000     1000 [ anon ]
dd560000 dd610000    b0000 [ anon ]
dd610000 dd670000    60000 [ anon ]
dd680000 dd681000     1000 [ anon ]
dd690000 dd691000     1000 [ anon ]
dd6a0000 dd6a3000     3000 /usr/lib/libmp.so.2
dd6b3000 dd6b4000     1000 /usr/lib/libmp.so.2
dd6c0000 dd6c2000     2000 /usr/lib/libmd5.so.1
dd6d2000 dd6d3000     1000 /usr/lib/libmd5.so.1
dd6e0000 dd6e8000     8000 /usr/lib/libaio.so.1
dd6f8000 dd6f9000     1000 /usr/lib/libaio.so.1
dd6f9000 dd6fa000     1000 /usr/lib/libaio.so.1
dd700000 dd701000     1000 [ anon ]
dd710000 dd711000     1000 [ anon ]
dd720000 dd72d000     d000 /usr/lib/libm.so.1
dd73c000 dd73d000     1000 /usr/lib/libm.so.1
dd740000 dd7c9000    89000 /usr/lib/libnsl.so.1
dd7d9000 dd7de000     5000 /usr/lib/libnsl.so.1
dd7de000 dd7e6000     8000 /usr/lib/libnsl.so.1
dd7f0000 dd7fb000     b000 /usr/lib/libsocket.so.1
dd80b000 dd80c000     1000 /usr/lib/libsocket.so.1
dd810000 dd811000     1000 [ anon ]
dd820000 dd853000    33000 /usr/lib/libresolv.so.2
dd863000 dd866000     3000 /usr/lib/libresolv.so.2
dd866000 dd867000     1000 /usr/lib/libresolv.so.2
dd870000 dd876000     6000 /usr/lib/librt.so.1
dd886000 dd887000     1000 /usr/lib/librt.so.1
dd890000 dd92d000    9d000 /usr/lib/libc.so.1
dd93d000 dd943000     6000 /usr/lib/libc.so.1
dd943000 dd944000     1000 /usr/lib/libc.so.1
dd950000 dda30000    e0000 /export/home/local/lib/libwine_unicode.so.1
dda3f000 dda40000     1000 /export/home/local/lib/libwine_unicode.so.1
dda50000 dda51000     1000 [ anon ]
dda60000 dda64000     4000 /export/home/local/lib/libwine.so.1
dda73000 dda74000     1000 /export/home/local/lib/libwine.so.1
dda74000 dda87000    13000 /export/home/local/lib/libwine.so.1
dda90000 ddac0000    30000 /export/home/local/lib/wine/ntdll.dll.so
ddac0000 ddac1000     1000 [ anon ]
ddac1000 ddb3d000    7c000 /export/home/local/lib/wine/ntdll.dll.so
ddb4c000 ddb57000     b000 /export/home/local/lib/wine/ntdll.dll.so
ddb57000 ddb79000    22000 /export/home/local/lib/wine/ntdll.dll.so
ddb80000 ddb81000     1000 /usr/lib/libdl.so.1
ddb90000 ddbda000    4a000 /usr/lib/ld.so.1
ddbea000 ddbee000     4000 /usr/lib/ld.so.1
ddbee000 ddbf0000     2000 /usr/lib/ld.so.1


The Fault indicates that the exception occurs at eip 0xddb2484a: and the 
address of the fault indicates it also is at 0xddb2484a which would indicate 
that it had trouble fetching the instruction ???

Also Note the very low value of esp, Its also possible there has been a stack 
overflow here. My question is simply. Does This also occur under Linux ????, 
can Someone try it for me

LF2 Faults creating the first thread as documented here before. Could someone 
also test this under Linux as it would be useful to know whether this problem 
is solaris specific, or is related to wine generally EG a stack overflow or 
improperly allocated/protected  segment 

Thanks in advance


Bob



More information about the wine-devel mailing list