[Bug 33275] Far Cry: Segmentation Fault on start

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Sep 16 20:45:55 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=33275

--- Comment #14 from Sebastian Lackner <sebastian at fds-team.de> ---
Ah, nice. Since it wasn't that expensive I just bought the GOG version, and I
can indeed also reproduce the same issue. The big advantage of this version: No
DRM and weird anti-debugging tricks, which (hopefully) allows to use some
better tools to track this down.

When running without strace the crash happens on the thread termination (in the
close syscall), as already mentioned in my previous message:

--- snip ---
003f:Starting thread proc 0x3650140a (arg=0x36661c)
003f:Call KERNEL32.GetPriorityClass(ffffffff) ret=365012ff
003f:Ret  KERNEL32.GetPriorityClass() retval=00000020 ret=365012ff
003f:Call KERNEL32.GetThreadPriority(fffffffe) ret=36501311
003f:Ret  KERNEL32.GetThreadPriority() retval=00000000 ret=36501311
[...]
003f:Call msvcr71.strncpy(00366694,0077e97c "AMD Phenom(tm) II X4 840
Processor",00000040) ret=36501c65
003f:Ret  msvcr71.strncpy() retval=00366694 ret=36501c65
003f:Call msvcr71.strncat(00366694 "AMD Phenom(tm) II X4 840
Processor",3656a7f5 "",00000040) ret=36501c71
003f:Ret  msvcr71.strncat() retval=00366694 ret=36501c71
[...]
003f:Call msvcr71._stricmp(0077e97c "AMD Phenom(tm) II X4 840
Processor",3656a608 "WinChip2") ret=36502180
003f:Ret  msvcr71._stricmp() retval=ffffffea ret=36502180
[...]
003f:Call PE DLL (proc=0x7ed5c3c3,module=0x7ecb0000
L"user32.dll",reason=THREAD_DETACH,res=(nil))
003f:Ret  PE DLL (proc=0x7ed5c3c3,module=0x7ecb0000
L"user32.dll",reason=THREAD_DETACH,res=(nil)) retval=1
* crash *
--- snip ---

When running with strace the crash happens earlier, shortly after the thread
was created, but is very similar:

--- snip ---
[pid   719] [f77e4d85] write(2, "003a:Starting thread proc 0x3650"...,
52003a:Starting thread proc 0x3650140a (arg=0x36661c)
) = 52
[pid   719] [f77e4d85] write(2, "003a:Call KERNEL32.GetPriorityCl"...,
59003a:Call KERNEL32.GetPriorityClass(ffffffff) ret=365012ff
) = 59
[pid   719] [f77e4d85] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL,
si_addr=0} ---
[pid   719] [7bc7d3a8] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL,
si_addr=0} ---
[pid   719] [????????????????] +++ killed by SIGSEGV (core dumped) +++
[????????????????] +++ killed by SIGSEGV (core dumped) +++
--- snip ---

Like in the case without running with strace there are two segment violations,
the first one after the write syscall opcode, and the second address
corresponds to the beginning of the segv_handler:

--- snip ---
(gdb) bt
#0  segv_handler (signal=11, siginfo=0x7ffd7c8c, sigcontext=0x7ffd7d0c) at
signal_i386.c:1957 <---- second segfault
#1  <signal handler called>
#2  0xf77e4d85 in __kernel_vsyscall () <---- first segfault
#3  0xf75d363b in write () from /usr/lib32/libpthread.so.0
#4  0x7bc39d60 in NTDLL_dbg_vprintf (format=0x7bca20ad ") ret=%08lx\n",
args=0x77e884 "\377\022P6") at debugtools.c:147
#5  0xf760cd45 in wine_dbg_printf (format=0x7bca20ad ") ret=%08lx\n") at
debug.c:223
#6  0x7bc67f95 in relay_trace_entry (descr=0x7b8bd5a0, idx=66091,
stack=0x77e908) at relay.c:348
#7  0x7bc68180 in relay_call () at relay.c:378
#8  0x7b823119 in __wine_spec_relay_entry_points () from
/home/sebastian/projects/wine/dlls/kernel32/kernel32.dll.so
#9  0x365012ff in ?? ()
#10 0xffffffff in ?? ()
#11 0x0000000f in ?? ()
#12 0x0036661c in ?? ()
#13 0x3650169d in ?? ()
#14 0x0036671c in ?? ()
#15 0x7bc7e658 in call_thread_func_wrapper () at signal_i386.c:2578
#16 0x7bc7e69f in call_thread_func (entry=0x3650140a, arg=0x36661c,
frame=0x77eb28) at signal_i386.c:2637
#17 0x7bc7e636 in call_thread_entry_point () at signal_i386.c:2578
#18 0x7bc85213 in start_thread (info=0x7ffd4fb8) at thread.c:429
#19 0xf75cc096 in start_thread () from /usr/lib32/libpthread.so.0
#20 0xf74eea7e in clone () from /usr/lib32/libc.so.6
--- snip ---

Please note that all registers (including segment registers) of the crashing
thread seem to be set properly, so those instructions definitely shouldn't
cause arbitrary segfaults. I guess it will be necessary to take a look at
kernel code, to figure out under which situations close()/write() can cause
such a critical segfault, and why strace modifies the behaviour.

This time tested with:

$ sha1sum ~/.wine-farcry-nodrm/drive_c/GOG\ Games/Far\ Cry/Bin32/FarCry.exe 
a227baecf56a75219511594048379cb11721749a 
/home/sebastian/.wine-farcry-nodrm/drive_c/GOG Games/Far Cry/Bin32/FarCry.exe

Since the kernel version could make a difference:

$ uname -a
Linux dalek 3.16.2-1-ARCH #1 SMP PREEMPT Sat Sep 6 13:12:51 CEST 2014 x86_64
GNU/Linux

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list