[Bug 46725] Sniper Elite 3 and Sniper Elite V2 crash when using FAudio

WineHQ Bugzilla wine-bugs at winehq.org
Thu Mar 19 11:58:09 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=46725

Paul Gofman <gofmanp at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gofmanp at gmail.com

--- Comment #7 from Paul Gofman <gofmanp at gmail.com> ---
Created attachment 66676
  --> https://bugs.winehq.org/attachment.cgi?id=66676
PoC patch for FAudio

I've tested the issue in Sniper Elite v2 demo where it is also reproducible. To
reproduce I just had to start the game and make a shot, it crashes immediately.

The immediate reason for the crash (which happens in
xaudio2_7/xaudio_dll.c:XAPO_Process()) is that vtbl for game's xapo
(This->xapo) was previously overwritten in application code during previous
_Process called for the same xapo. It does not happen during the many earlier
calls to _Process for the same xapo as the application actually skips the
actual processing until you shoot the gun.

When processing the buffer the game is using some intermediate buffer
previously allocated by HeapAlloc() with the size sufficient for 480 samples
while input / output buffer lengths are 512 samples. The same 512 samples were
specified in IXAPO_LockForProcess call for xapo, but the application seems to
ignore that. It  allocates that buffer before _LockForProcess is called, right
after _CreateSubmixVoice(). It happens that the allocated xapo object data
(with vtbl) goes right after that buffer for samples, thus it is overwritten.

The attached tweak fixes the crash. I observed which buffer lengths the
application gets on Windows for xapo _Process and it is 480. So it looks like
that on Windows the buffers might be limited to a smaller values and
application doesn't bother to mind _LockForProcess values and allocates "big
enough" buffer. I did not though make unit tests with those xapos so far.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list