[Bug 51873] New: Joy.cpl crashes on the FFB tab when the FFB device is selected in the drop down list

WineHQ Bugzilla wine-bugs at winehq.org
Wed Oct 13 08:38:57 CDT 2021 

https://bugs.winehq.org/show_bug.cgi?id=51873

            Bug ID: 51873
           Summary: Joy.cpl crashes on the FFB tab when the FFB device is
                    selected in the drop down list
           Product: Wine
           Version: 6.19
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: joy.cpl
          Assignee: wine-bugs at winehq.org
          Reporter: logos128 at gmail.com
                CC: rbernon at codeweavers.com
      Distribution: ArchLinux

Created attachment 70792
  --> https://bugs.winehq.org/attachment.cgi?id=70792
joy_cpl_6.19_crash.log

This happens when the wineprefix is configured through registry to use bus_udev
/ hidraw ("Enable SDL" = 0 and "DisableInput" = 1).
After some debugging found out that the supported number of buttons in Joy.cpl
is 32, while the device is reporting 128. In result state.rgbButtons
(main.c/ff_input_thread()) is being evaluated outside of its bounds, which
eventually leads to going through the check where the real crash happens in
IDirectInputEffect_SetParameters():775.
After fixing the out of bounds issue (attached a patch for that), now joy.cpl
doesn't crash immediately, but after choosing the desired FFB effect and
pushing a button on the wheel to start the test.

After some more debugging found out that joy->effects[chosen_effect].effect
(the first operand) is NULL, leading to the segmentation fault. So probably the
lpVtbl is not initialized for some reason. Other parts of that structure looked
OK IMO.

Otherwise the tracking of the steering wheel on the first tab worked properly
through HIDRAW, as well as the available buttons. So this is already very
positive :)
Have tried it also through the SDL bus ("Enable SDL" = 1), and it worked as
expected. The FFB test also partially worked. The sine wave effect was
functional, while the constant and conditional effect didn't react.

Also while debugging the above issue saw that joy->num_buttons is incorrectly
set to 134 buttons, while the device (Simucube 2 Sport) has 128. Appeared that
the PID State input report which includes several usages with report count 1,
is being parsed as a normal input report in
dinput/joystick_hid.c/enum_objects(), and those parameters are counted as
buttons. So attached a patch for this too.

Do you have any hints how to debug dinput properly for the lpVtbl issue? The
gdb script helps a lot BTW :)

(The attached crash log is after the first patch applied, but it was similar
before that.)

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list