[Bug 45473] Rogue Squadron 3D crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Jul 25 07:43:56 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=45473

Andrew Eikum <aeikum at codeweavers.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aeikum at codeweavers.com

--- Comment #6 from Andrew Eikum <aeikum at codeweavers.com> ---
I don't think the mixer thread is involved. Just glancing through the comments
and the log, it looks like the object is being destroyed on thread 0074 while
it is being used on thread 0070: 

    0070:trace:dsound:IDirectSoundBufferImpl_GetCurrentPosition playpos =
237256, writepos = 238136, buflen=705600 (0x16a950, time=40528520) 
    0074:trace:dsound:IDirectSoundNotifyImpl_Release (0x16a950) ref is now 0 
    0074:trace:dsound:DirectSoundDevice_RemoveBuffer (0x15c4b8, 0x16a950) 
    0074:trace:dsound:DirectSoundDevice_RemoveBuffer buffer count is now 0 
    0074:trace:dsound:secondarybuffer_destroy (0x16a950) released 
    0074:trace:dsound:IDirectSoundBufferImpl_Release (0x16a950) ref is now 0 
    wine: Unhandled page fault on read access to 0x00000024 at address 0x59729f
(thread 0070), starting debugger... 
    Backtrace: 
    =>0 0x0059729f in rogue squadron (+0x19729f) (0x021efea0) 
      1 0x00597618 in rogue squadron (+0x197617) (0x021efed0) 
      2 0x00597869 in rogue squadron (+0x197868) (0x021efedc) 
      3 0x7bc88be8 call_thread_func_wrapper+0xb() in ntdll (0x021efeec) 
      4 0x7bc8bf99 call_thread_func+0xcb()
[/home/alesliehughes/source/wine-alesliehughes/dlls/ntdll/signal_i386.c:2772]
in ntdll (0x021effdc) 
      5 0x7bc88bda call_thread_entry+0x9() in ntdll (0x021effec) 

Thread 0070 isn't the mixer thread, it's some game thread (the mixer thread is
006f). It looks like a use-after-free error in the game. Possibly we're missing
a reference that we should be holding, or the game is looking for some
notification of destruction that we're never sending. I'd write a test
duplicating this behavior on native, checking refcount values and notify
callback behavior.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list