[Bug 20847] Touhou Hisoutenskou crashes in deck construction/end of battle

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jul 26 01:37:08 CDT 2010 

http://bugs.winehq.org/show_bug.cgi?id=20847





--- Comment #9 from Anastasius Focht <focht at gmx.net>  2010-07-26 01:37:08 ---
Hello,

my guess was correct, looks like Wine returns invalid glyphs which the app
doesn't expect.

--- snip ---
...
0023:Call
gdi32.CreateFontA(00000018,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000080,00000004,00000000,00000002,00000031,16711c1c
"\x82l\x82r \x83S\x83V\x83b\x83N") ret=0041171b
0023:trace:font:CreateFontIndirectExW (24 0 0 0 31 4 0 2 128) L"\ff2d\ff33
\30b4\30b7\30c3\30af"    => 0x468
0023:Ret  gdi32.CreateFontA() retval=00000468 ret=0041171b
0023:Call user32.GetDC(00010048) ret=0041172b
0023:trace:font:WineEngCreateFontInstance L"System", h=16, it=0, weight=400,
PandF=22, charset=128 orient 0 escapement 0 
...
0023:trace:font:WineEngCreateFontInstance returning cached gdiFont(0x146a88)
for hFont 0x7c
0023:trace:font:X11DRV_SelectFont hdc=0x428, hfont=0x7c
0023:trace:font:X11DRV_SelectFont gdiFont = 0x146a88
0023:trace:font:update_font_code_page charset 128 => cp 932
0023:Ret  user32.GetDC() retval=00000428 ret=0041172b
0023:Call gdi32.SelectObject(00000428,00000468) ret=00411738
0023:trace:font:WineEngCreateFontInstance L"\ff2d\ff33 \30b4\30b7\30c3\30af",
h=24, it=0, weight=400, PandF=31, charset=128 orient 0 escapement 0
0023:trace:font:WineEngCreateFontInstance DC transform 1.000000 0.000000
0.000000 1.000000
0023:trace:font:find_in_cache Found 0x92e4368 in unused list
0023:trace:font:WineEngCreateFontInstance returning cached gdiFont(0x92e4368)
for hFont 0x468
0023:trace:font:X11DRV_SelectFont hdc=0x428, hfont=0x468
0023:trace:font:X11DRV_SelectFont gdiFont = 0x92e4368
0023:trace:font:update_font_code_page charset 128 => cp 932
0023:Ret  gdi32.SelectObject() retval=0000007c ret=00411738
0023:Call gdi32.GetTextMetricsA(00000428,05f5e380) ret=00411749
0023:trace:font:GetTextMetricsW text metrics:
    Weight = 400     FirstChar = 32     AveCharWidth = 12
    Italic =   0     LastChar = 65518         MaxCharWidth = 24
    UnderLined = 0     DefaultChar = 31     Overhang = 0
    StruckOut = 0     BreakChar = 32     CharSet = 128
    PitchAndFamily = 36
    --------------------
    InternalLeading = 0
    Ascent = 21
    Descent = 3
    Height = 24
0023:Ret  gdi32.GetTextMetricsA() retval=00000001 ret=00411749 
...
0023:Call
gdi32.GetGlyphOutlineA(00000428,00008140,00000005,05f5e39c,00000000,00000000,00883ec4)
ret=004118f9
0023:trace:font:FONT_mbtowc mapped "\x81@" -> L"\3000"
0023:trace:font:GetGlyphOutlineW (0x428, 3000, 0005, 0x5f5e39c, 0, (nil),
0x883ec4)
0023:trace:font:WineEngGetGlyphOutline 0x92e4368, 3000, 00000005, 0x5f5e39c,
00000000, (nil), 0x883ec4
0023:trace:font:WineEngGetGlyphOutline font transform 1.000000 0.000000
0.000000 1.000000
0023:trace:font:WineEngGetGlyphOutline 0,0,(0,0),24,0
0023:Ret  gdi32.GetGlyphOutlineA() retval=00000000 ret=004118f9
...
0023:trace:seh:raise_exception code=c0000094 flags=0 addr=0x41190a ip=0041190a
tid=0023
0023:trace:seh:raise_exception  eax=00000000 ebx=00000000 ecx=00000000
edx=00000000 esi=16711c10 edi=00000006
0023:trace:seh:raise_exception  ebp=05f5e3dc esp=05f5e380 cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00210246
0023:trace:seh:call_vectored_handlers calling handler at 0x7e44c5a0
code=c0000094 flags=0
...
Unhandled exception: divide by zero in 32-bit code (0x0041190a).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:0041190a ESP:05f5e380 EBP:05f5e3dc EFLAGS:00210246(  R- --  I  Z- -P- )
 EAX:00000000 EBX:00000000 ECX:00000000 EDX:00000000
 ESI:16711c10 EDI:00000006
...
0x0041190a: divl    %ecx,%eax
--- snip ---

GetGlyphOutlineA() return value is most likely only checked for GDI_ERROR (-1)
but Wine returns 0 bytes (eax = 0) -> sloppy app coding.
Although this should not happen on a standard Windows box, the app could use
some sort of fallback glyph - but appearently this problem is never
anticipated.

The division by zero most likely results from returned GLYPHMETRICS params
being zero (gmBlackBoxY = 0 and the like).

This bug is also described at the support site I mentioned previously:

--- quote ---
    * Crashes in certain menus and when Sanae is picked 

    Symptoms: 
    When entering various menus in the game or entering any fight where Sanae
is involved, the game will immediately crash. 

    The bug: 
    th123's GetGlyphOutline() code does not check to see if it returned an
invalid glyph, since this never happens on Windows. So, whenever any text
includes a glyph that is returned as invalid by wine, such as a space, the game
will just crash with an integer divide by zero. 

    The fix: 
    Override GetGlyphOutline() and return a faked response for spaces. 
--- quote ---

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list