[Bug 36683] New: RPG Maker VX 1.02a: clicking menu item results in 'Out of memory' error message

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Jun 5 16:56:03 CDT 2014


https://bugs.winehq.org/show_bug.cgi?id=36683

            Bug ID: 36683
           Summary: RPG Maker VX 1.02a: clicking menu item results in 'Out
                    of memory' error message
           Product: Wine
           Version: 1.7.19
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: winmm&mci
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net

Hello folks,

found during investigation of other bugs.
Also mentioned in appdb entry without actual bug report.

Reproduce: click 'About ...' or any other main menu item.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Enterbrain/RPGVXAce

$ WINEDEBUG=+tid,+seh,+relay,+winmm,+mmio wine ./RPGVXAce.exe >>log.txt 2>&1
...
0023:Ret  window proc 0x5095b0
(hwnd=0x100c6,msg=WM_LBUTTONUP,wp=00000000,lp=00300038) retval=00000000
0023:Ret  user32.IsDialogMessageW() retval=00000001 ret=004fef38
...
0023:Call user32.DispatchMessageW(00169638) ret=004fdd84
0023:Call window proc 0x5095b0
(hwnd=0x2008e,msg=WM_COMMAND,wp=0000e140,lp=00000000)
0023:Call user32.GetParent(0002008e) ret=00509754
0023:Ret  user32.GetParent() retval=00000000 ret=00509754
0023:Call user32.GetCapture() ret=00402e34
0023:Ret  user32.GetCapture() retval=00000000 ret=00402e34
0023:Call user32.IsWindowEnabled(0002008e) ret=004ff0ca
0023:Ret  user32.IsWindowEnabled() retval=00000001 ret=004ff0ca
0023:Call KERNEL32.FindResourceW(10000000,0000150f,0000000a) ret=011cc46e
0023:Ret  KERNEL32.FindResourceW() retval=10009360 ret=011cc46e
0023:Call KERNEL32.SizeofResource(10000000,10009360) ret=0079a72e
0023:Ret  KERNEL32.SizeofResource() retval=0002b8bc ret=0079a72e
0023:Call KERNEL32.LoadResource(10000000,10009360) ret=0079a75b
0023:Ret  KERNEL32.LoadResource() retval=102991f8 ret=0079a75b
0023:Call KERNEL32.LockResource(102991f8) ret=011caff2
0023:Ret  KERNEL32.LockResource() retval=102991f8 ret=011caff2
0023:Call winmm.mmioOpenW(00000000,003392ec,00000000) ret=0079a7db
0023:trace:mmio:MMIO_Open ((null), 0x3392ec, 00000000, unicode);
0023:Call ntdll.RtlAllocateHeap(00110000,00000008,00000058) ret=7cb2f81c
0023:Ret  ntdll.RtlAllocateHeap() retval=0021ff50 ret=7cb2f81c
0023:trace:mmio:MMIO_SetBuffer (0x21ff50 0x102991f8 178364 0)
0023:warn:mmio:MMIO_SetBuffer Untested handling of huge mmio buffers (178364 >=
64k)
0023:trace:mmio:mmioMemIOProc (0x21ff50,0x0003,0x00000000,0x00000000)
0023:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7cb3047f
0023:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7cb3047f
0023:Ret  winmm.mmioOpenW() retval=00000005 ret=0079a7db
...
0023:Call winmm.mmioSeek(00000005,00000000,00000001) ret=00799b8c
0023:trace:mmio:mmioSeek (0x5, 00000000, 1);
0023:trace:mmio:mmioSeek => 0
0023:Ret  winmm.mmioSeek() retval=00000000 ret=00799b8c
0023:Call winmm.mmioSeek(00000005,00000000,00000002) ret=00799b8c
0023:trace:mmio:mmioSeek (0x5, 00000000, 2);
0023:Ret  winmm.mmioSeek() retval=ffffffff ret=00799b8c
0023:Call winmm.mmioSeek(00000005,00000000,00000000) ret=00799b8c
0023:trace:mmio:mmioSeek (0x5, 00000000, 0);
0023:trace:mmio:mmioSeek => 0
0023:Ret  winmm.mmioSeek() retval=00000000 ret=00799b8c
0023:Call ntdll.RtlDecodePointer(eadfb1c9) ret=0052dac1
0023:Ret  ntdll.RtlDecodePointer() retval=00000000 ret=0052dac1
0023:Call KERNEL32.GetLastError() ret=0052dc72
0023:Ret  KERNEL32.GetLastError() retval=00000000 ret=0052dc72
0023:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,003393d4)
ret=00528c71
0023:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83ac57
ip=7b83ac57 tid=0023
0023:trace:seh:raise_exception  info[0]=19930520
0023:trace:seh:raise_exception  info[1]=003393f0
0023:trace:seh:raise_exception  info[2]=008f9b00
0023:trace:seh:raise_exception  eax=7b826c7d ebx=7b8bb000 ecx=008f9b00
edx=00339320 esi=003393c0 edi=00339380
0023:trace:seh:raise_exception  ebp=00339358 esp=003392f4 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000287
0023:trace:seh:call_stack_handlers calling handler at 0x819a9a code=e06d7363
flags=1 
...
0023:Call user32.MessageBoxW(0002008e,0033880c L"Out of memory.",03a52e40 L"RPG
Maker VX Ace",00001030) ret=004fea7e 
--- snip ---

'mmioSeek( hmmio, 0, SEEK_END)' returning -1 doesn't look correct.

Debugger:

--- snip ---
Wine-dbg>bt
Backtrace:
=>0 0x7cb15c73 mmioSeek+0x97(hmmio=0x5, lOffset=0, iOrigin=0x2)
[/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:877] in winmm
(0x00339404)
  1 0x00799b8c in rpgvxace (+0x399b8b) (0x0033941c)
  2 0x00799ac1 in rpgvxace (+0x399ac0) (0x00339438)
  3 0x004b65ee in rpgvxace (+0xb65ed) (0x0033e370)
  4 0x004b60cc in rpgvxace (+0xb60cb) (0x0033e398)
  5 0x004a1819 in rpgvxace (+0xa1818) (0x0033e3b8)
  6 0x004d7159 in rpgvxace (+0xd7158) (0x0033e3e0)
  7 0x00402e5f in rpgvxace (+0x2e5e) (0x0033e6d4)
  8 0x004fd115 in rpgvxace (+0xfd114) (0x0033e6e4)

Wine-dbg>n
880        switch (iOrigin) {

Wine-dbg>n
888        offset = ((wm->info.fccIOProc == FOURCC_MEM)? wm->info.cchBuffer :
wm->dwFileSize) - lOffset;

Wine-dbg>p *wm
{info={dwFlags=0, fccIOProc=0x204d454d, pIOProc=(nil), wErrorRet=0,
hTask=(nil), cchBuffer=0x2b8bc, pchBuffer=" ■1", pchNext=" ■1", pchEndRead="",
pchEndWrite="", lBufOffset=0, lDiskOffset=0, adwInfo={0xffffffff, 0, 0},
dwReserved1=0, dwReserved2=0, hmmio=0x5}, lpNext=(nil), ioProc=0x7cbae374,
bTmpIOProc=0, bBufferLoaded=0x1, dwFileSize=0}

Wine-dbg>p offset
0x2b8bc

Wine-dbg>si
0x7cb15d9b mmioSeek+0x1bf
[/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:903] in winmm: jz   
0x7cb15df1 mmioSeek+0x215
[/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:908] in winmm
903        if ((wm->info.fccIOProc == FOURCC_MEM) ||

Wine-dbg>
0x7cb15df1 mmioSeek+0x215
[/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:908] in winmm: movl 
  $0xffffffff,%eax
908            return -1;
--- snip ---

Source:
http://source.winehq.org/git/wine.git/blob/a0ed65f5937e6eb13f6b2b345d8d27fbd4616c32:/dlls/winmm/mmio.c#l866

(whitespace and tabs are also messed up)

--- snip ---
866 LONG WINAPI mmioSeek(HMMIO hmmio, LONG lOffset, INT iOrigin)
867 {
868     LPWINE_MMIO wm;
869     LONG offset;
...
880     switch (iOrigin) {
881     case SEEK_SET:
882         offset = lOffset;
883         break;
884     case SEEK_CUR:
885         offset = wm->info.lBufOffset + (wm->info.pchNext -
wm->info.pchBuffer) + lOffset;
886         break;
887     case SEEK_END:
888         offset = ((wm->info.fccIOProc == FOURCC_MEM)? wm->info.cchBuffer :
wm->dwFileSize) - lOffset;
889         break;
890     default:
891     return -1;
892     }
893
894     /* stay in same buffer ? */
895     /* some memory mapped buffers are defined with -1 as a size */
896     if ((wm->info.cchBuffer > 0) &&
897         ((offset < wm->info.lBufOffset) ||
898         (offset >= wm->info.lBufOffset + wm->info.cchBuffer) ||
899         (offset > wm->dwFileSize && wm->info.fccIOProc != FOURCC_MEM) ||
900         !wm->bBufferLoaded)) {
901
902         /* condition to change buffer */
903         if ((wm->info.fccIOProc == FOURCC_MEM) ||
904             MMIO_Flush(wm, 0) != MMSYSERR_NOERROR ||
905         /* this also sets the wm->info.lDiskOffset field */
906             send_message(wm->ioProc, &wm->info, MMIOM_SEEK,
907                     offset, SEEK_SET, FALSE) == -1)
908             return -1;
909         wm->info.lBufOffset = offset;
910         wm->bBufferLoaded = FALSE;
911         wm->info.pchNext = wm->info.pchEndRead = wm->info.pchBuffer;
912     }
...
--- snip ---

Tidbit: The app is protected with 'Armadillo' DRM scheme (not a problem here).

--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\Enterbrain\RPGVXAce\RPGVXAce.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4737368 (0484958h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0483000h, size : 01958h / 06488
byte(s)
[File Heuristics] -> Flag : 00000000000000001100001000000111 (0x0000C207)
[Entrypoint Section Entropy] : 7.01
[!] Armadillo v8 or higher detected !
- Scan Took : 0.489 Second(s) [0000001E9h tick(s)] [533 scan(s) done]
--- snip ---

$ sha1sum RPGVXAce_Multi.exe 
97a1ee6390b702519091130eecd6f6b806a77dcb  RPGVXAce_Multi.exe

$ du -sh RPGVXAce_Multi.exe 
223M    RPGVXAce_Multi.exe

$ wine --version
wine-1.7.19-70-gd6a59f7

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


More information about the wine-bugs mailing list