[Bug 17893] New: The Alien Nations / Die Völker crashes : amstream GetFormat stub

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Mar 30 04:31:07 CDT 2009 

http://bugs.winehq.org/show_bug.cgi?id=17893

           Summary: The Alien Nations / Die Völker crashes: amstream
                    GetFormat stub
           Product: Wine
           Version: 1.1.17
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: quartz
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: hoehle at users.sourceforge.net


I'd rather split the bug entries for "Die Völker / The Alien Nations" and
Motocross Madness 2, bug 17836, comment 3, to warrant each application its own. 
Although the common cause is stubbed functionality in amstream, these apps
might be fixed independently.

At start, The Alien Nations tries to display two Intel Indeo videos, somewhat
differently. Unimplemented functionality in amstream and the app's not checking
for some return codes yields to an exception and crash. More specifically,
GetFormat() is expected to fill in a DDSURFACEDESC structure, which wine leaves
uninitialised, causing the application to use random uninitialised data.

The first crash is prevented by having GetFormat() in
dlls/amstream/mediastream.c fill in the dwWidth and dwHeight fields of the
DDSURFACEDESC structure (I used 1 as stub value). The code used seems similar
to that of
http://msdn.microsoft.com/en-us/library/ms787928(VS.85).aspx
except the app doesn't check the return code of GetFormat and hence proceeds
with uninitialised memory from these two fields.

These two values are not enough to avoid a crash when displaying the second
video. As the logs http://bugs.winehq.org/attachment.cgi?id=20129 in bug 17836,
comment 4 suggest, the app presumably reads more fields from GetFormat: Z
buffer depth and pixelformat, and passes that to ddraw.
Actually, whether the app crashes there depends on WINEDEBUG settings, as the
initialisation of the stack-based DDSURFACEDESC depends on former stack use.
I've been able to play the game using
WINEDEBUG=+all,-syslevel,-fixup,-dbghelp_dwarf,-heap,warn+heap,-gdi

I yet have to disassemble and see which other fields from DDSURFACEDESC are
used in the second case.

BTW, one needs to work past bug #15915 in order to see this crash in "Alien
Nations", which is a blocker for this issue. I did it by quickly hacking the
fourcc comparison test in iccvid.c.

There exists a demo for this application, but demos typically display no intro
videos, so I doubt it would exhibit this bug.


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list