[Bug 34100] Artemis Spaceship Bridge Simulator (demo version 1.66) crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Sun May 11 12:48:04 CDT 2014


http://bugs.winehq.org/show_bug.cgi?id=34100

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Fixed by SHA1|                            |eeefed3dd02f5299e38d308ee6d
                   |                            |9ba6998722bdd
             Status|NEW                         |RESOLVED
                 CC|                            |focht at gmx.net
         Resolution|---                         |FIXED
            Summary|Crash trying to run Artemis |Artemis Spaceship Bridge
                   |demo.                       |Simulator (demo version
                   |                            |1.66) crashes on startup

--- Comment #7 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

I can't reproduce this too with Wine 1.7.18, built with gcc 4.8.x

Unfortunately no one here provided a WINEDEBUG=+tid,+seh,+relay,+d3d,+d3d9
trace which would have helped.

Starting with OP's backtrace I deduced it to the original code location.

--- snip ---
...
fixme:d3d:swapchain_init The application requested more than one back buffer,
this is not properly supported.
Please configure the application to use double buffering (1 back buffer) if
possible.
wine: Unhandled page fault on read access to 0x7bcd9000 at address 0x4b3a7a
(thread 0009), starting debugger...
Unhandled exception: page fault on read access to 0x7bcd9000 in 32-bit code
(0x004b3a7a).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:004b3a7a ESP:0033f880 EBP:0033f888 EFLAGS:00010212(  R- --  I   -A- - )
 EAX:82427c6d EBX:03a159cc ECX:019d3b1c EDX:00000000
 ESI:7bcd8ffd EDI:0305c140
Stack dump:
0x0033f880:  03a159a8 03a15a60 00000000 0041d643
0x0033f890:  02fba830 7bc376ed 067f0580 3812b986
0x0033f8a0:  03a159a8 0033f908 03a15a30 03a15a60
0x0033f8b0:  0033f8d8 004cef6b ffffffff 0041b41a
0x0033f8c0:  3812b9e2 00000000 0033f908 0033fb44
0x0033f8d0:  ffffffff 03a159a8 0033fb34 004d109b
Backtrace:
=>0 0x004b3a7a in artemis (+0xb3a7a) (0x0033f888)
0x004b3a7a: repe movsl    (%esi),%es:(%edi)
Modules:
Module    Address            Debug info    Name (113 modules)
PE      400000-  5a7000    Export          artemis
PE      5b0000-  7e8000    Deferred        d3dx9_24
PE    10000000-10039000    Deferred        ftd2xx
PE    71590000-71617000    Deferred        comctl32
ELF    79abe000-7b800000    Deferred        libnvidia-glcore.so.313.30
ELF    7b800000-7ba5b000    Deferred        kernel32<elf>
  \-PE    7b810000-7ba5b000    \               kernel32
ELF    7bc00000-7bcd9000    Deferred        ntdll<elf>
  \-PE    7bc10000-7bcd9000    \               ntdll
...
Threads:
process  tid      prio (all id:s are in hex)
00000008 (D) C:\Program Files\Artemis DEMO\Artemis.exe
    00000029   15
    00000027    0
    00000009    0 <==
...
--- snip ---

The code causing the fault (0x4b3a7a) looks like some inlined memcpy().

The last caller address is likely 0x0041d643
You can find it by doing a top-down search for valid EIP values in mapped
executable .text segment ranges in backtrace 'Stack dump'.

Armed with that info I found and debugged a loop in the game executable which
basically does this:

--- snip ---
call d3d9.d3d9_texture_2d_GetLevelDesc
call d3d9.d3d9_texture_2d_LockRect
call operator "new" for some object
call operator "new" for some object
call memcpy() ; (causes fault)
call d3d9.d3d9_texture_2d_UnlockRect
--- snip ---

Looking at Henry's comment in bug 34271
(http://bugs.winehq.org/show_bug.cgi?id=34271#c5)

--- quote ---
This is supposedly fixed by commit eeefed3dd02f5299e38d308ee6d9ba6998722bdd.
--- quote ---

The commit:
http://source.winehq.org/git/wine.git/commitdiff/eeefed3dd02f5299e38d308ee6d9ba6998722bdd

--- snip ---
--- a/dlls/d3d9/surface.c
+++ b/dlls/d3d9/surface.c
@@ -293,8 +293,11 @@ static HRESULT WINAPI
d3d9_surface_LockRect(IDirect3DSurface9 *iface,
     hr = wined3d_surface_map(surface->wined3d_surface, &map_desc, rect,
flags);
     wined3d_mutex_unlock();

-    locked_rect->Pitch = map_desc.row_pitch;
-    locked_rect->pBits = map_desc.data;
+    if (SUCCEEDED(hr))
+    {
+        locked_rect->Pitch = map_desc.row_pitch;
+        locked_rect->pBits = map_desc.data;
+    }

     return hr;
 }
--- snip ---

Hmm, that touches the code I've debugged in that loop before the crash.

I reverted the commit on top of current GIT (wine-1.7.18-92-gb01fc1a) and got
.
.
.
wine: Unhandled page fault on read access to 0x7dd52000 at address 0x4b3a7a
(thread 0035), starting debugger...

Yay! Case closed :)

$ sha1sum Artemis_demo_v1_66.exe 
c69fa260c6591ed6b4a218ebda896d821600e777  Artemis_demo_v1_66.exe

$ du -sh Artemis_demo_v1_66.exe 
31M    Artemis_demo_v1_66.exe

$ wine --version
wine-1.7.18-92-gb01fc1a

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.



More information about the wine-bugs mailing list