[Bug 41977] New: Gunner3 always crashes due to wine having a different allocation scheme than windows
https://bugs.winehq.org/show_bug.cgi?id=41977 Bug ID: 41977 Summary: Gunner3 always crashes due to wine having a different allocation scheme than windows Product: Wine Version: 1.9.24 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs(a)winehq.org Reporter: dark.shadow4(a)web.de Distribution: ArchLinux Created attachment 56382 --> https://bugs.winehq.org/attachment.cgi?id=56382 Hack to get the game working, patch for the exe Gunner 3 always crashes when selecting a level. According to my debugging, it's because the game allocates memory with RtlAllocateHeap and then accesses the area before that, aka undefined behavior. But note that it works just fine on all windows versions and ReactOS. It's probably WONTFIX, but since it works on windows I'll provide a hack (and maybe a patch) for usage on linux. Attached an patch for the gunner3.exe, make sure it has the MD5 4481bc4382bb00353edf0635516d904d. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 --- Comment #1 from Bruno Jesus <00cpxxx(a)gmail.com> --- Can you explain how you patched the exe? Like allocating more memory and pretending to return an offset higher then initial pointer to ensure there is enough memory for the erroneous attempts. How far from the initial pointer the game attempts to read? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 --- Comment #2 from Fabian Maurer <dark.shadow4(a)web.de> --- The game seems to turn an unsigned 16Bit integer into an 32Bit integer. Once the number is too big, it gets treated as negative and gets subtracted. The patch turns a "movsx" into a "movzx", essentially forcing unsigned mode and fixing the crashes. Technically, it could read up to 32768 bytes before the allocated memory, but according to my tests a buffer of 5500 bytes is enough to avoid crashes. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #3 from Fabian Maurer <dark.shadow4(a)web.de> --- Forgot to mention, command to patch the exe with the patch I provided: "bspatch gunner3.exe gunner3_patched.exe gunner3.bsdiff" Since it's an application bug, I'll resolve this as invalid, but preserve this as workaround. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Austin English <austinenglish(a)gmail.com> --- Closing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://thegamespage.com/dow | |nloads/games/gunner3.exe Keywords| |download --- Comment #5 from Fabian Maurer <dark.shadow4(a)web.de> --- As of wine-8.20 this Game seems to work. Interesting. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41977 --- Comment #6 from Fabian Maurer <dark.shadow4(a)web.de> --- FWIW, it works since commit a612ab6f2a45bc08f5b39e22edc58bb541b26ae1 Author: Tatsuyuki Ishi <ishitatsuyuki(a)gmail.com> Date: Mon Apr 10 17:43:28 2023 +0900 ntdll: Use log-linear bucketing for free lists. But keep in mind that this is still an application bug that just happens to not crash now. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla