[Bug 35874] Warlock II - the Exiled (Steam Pre Release) crashes with native Visual C++ 2012 Redistributable

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Apr 29 16:16:28 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=35874

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

looking at the sparse information you gave (backtrace) this could be a
duplicate of bug 34480

I investigated bug 32559 'Warlock - Master of the Arcane 1.4' (Steam) which
turned out to be a dupe of bug 34480

--- snip ---
Unhandled exception: page fault on write access to 0x1c1fa000 in 32-bit code
(0x0600e4a8).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:0600e4a8 ESP:057df470 EBP:057df48c EFLAGS:00010202(  R- --  I   - - - )
 EAX:00000000 EBX:12799800 ECX:00000000 EDX:00000001
 ESI:12799f80 EDI:1c1f9fb0
Stack dump:
0x057df470:  1c1f9830 0fcc0040 0000007d 067b1dd1
0x057df480:  1c1f9830 12799800 00000800 057df520
0x057df490:  067b26d0 1c1f9830 12799800 00000800
0x057df4a0:  00000000 00000000 00000000 00000000
0x057df4b0:  16a679d0 00000200 00000200 00000800
0x057df4c0:  00040000 0df08950 00000200 00000200
Backtrace:
=>0 0x0600e4a8 in msvcr110 (+0xe4a8) (0x057df48c)
  1 0x067b26d0 in gameui (+0x426cf) (0x057df520)
...
  28 0x06790cba in gameui (+0x20cb9) (0x057dfab8)
  29 0x004cf4b4 in game (+0xcf4b3) (0x057dfac8)
...
  43 0x00519a64 in game (+0x119a63) (0x057dfddc)
  44 0x00519842 in game (+0x119841) (0x057dfdf0)
  45 0x0051a59c in game (+0x11a59b) (0x057dfe14)
  46 0x00a1bd26 in game (+0x61bd25) (0x057dfe60)
  47 0x7b85f3ac call_process_entry+0xb() in kernel32 (0x057dfe78)
...
0x0600e4a8: movq    %mm5,0x50(%edi)
Modules:
Module    Address            Debug info    Name (181 modules)
PE      240000-  3b9000    Deferred        fmodex
PE      3c0000-  3f2000    Deferred        curllib
PE      400000- 53d1000    Export          game
PE     57e0000- 5813000    Deferred        ssleay32
PE     5820000- 591e000    Deferred        libeay32
PE     5920000- 593b000    Deferred        openldap
PE     5940000- 5954000    Deferred        libsasl
PE     5960000- 5f67000    Deferred        bmcore
PE     5f70000- 5ff5000    Deferred        msvcp110
PE     6000000- 60d6000    Export          msvcr110
PE     60e0000- 65f6000    Deferred        gamelogic
PE     6600000- 676a000    Deferred        scriptengine
PE     6770000- 6c2f000    Export          gameui
PE     6c30000- 6c9c000    Deferred        fmod_event
PE     9f40000- a00c000    Deferred        steam
PE    10000000-101ff000    Deferred        d3dx9_43
PE    30000000-302c1000    Deferred        steam2
PE    38000000-38893000    Deferred        steamclient
PE    3b400000-3b41e000    Deferred        steam_api
...
Threads:
process  tid      prio (all id:s are in hex)
...
00000053 (D) C:\Program Files\Steam\SteamApps\common\Warlock 2\Game.exe
    0000005a    0
    00000059    0
    00000058    0
    00000057  -15
    00000054    0 <==
--- snip ---

Looking at the dlls mapped into crashing process address space and comparing it
to my installation of 'Warlock - Master of the Arcane 1.4':

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Steam/SteamApps/common/Warlock - Master
of the Arcane

$ ls -1 *.dll
BMCore.dll
fmod_event.dll
fmodex.dll
GameLogic.dll
GameUI.dll
ScriptEngine.dll
steam_api.dll
--- snip ---

Both have the same set of dlls.
So it's likely they share the same game engine.

Since you lack symbols my guess for the function in frame 0 would be memcpy()
(module is 'msvcr110.dll' and the instruction is typical for that).

The fault address 0x1c1fa000 is likely from heap (aligned -> page fault in
first page of unmapped area).
Some value in the thread stack such as 0x800 or 0x200 could be the copy count.

Since I can't buy every game off Steam just for having a look at it you need to
test the hypothesis.

Apply the following hack to recent Wine version (1.7.x) and report back.
Thanks.

--- snip ---
diff --git a/dlls/wined3d/resource.c b/dlls/wined3d/resource.c
index 999dc5c..255887c 100644
--- a/dlls/wined3d/resource.c
+++ b/dlls/wined3d/resource.c
@@ -200,8 +200,9 @@ BOOL wined3d_resource_allocate_sysmem(struct
wined3d_resource *resource)
     void **p;
     SIZE_T align = RESOURCE_ALIGNMENT - 1 + sizeof(*p);
     void *mem;
+    UINT size = resource->size*2;

-    if (!(mem = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, resource->size +
align)))
+    if (!(mem = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size + align)))
         return FALSE;

     p = (void **)(((ULONG_PTR)mem + align) & ~(RESOURCE_ALIGNMENT - 1)) - 1;
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list