[Bug 33055] New: Fishdom 2 crashes during the initial loading stage
http://bugs.winehq.org/show_bug.cgi?id=33055 Bug #: 33055 Summary: Fishdom 2 crashes during the initial loading stage Product: Wine Version: 1.5.3 Platform: x86 URL: http://www.playrix.com/download/pc/fishdom-2/ OS/Version: Linux Status: NEW Keywords: download, regression Severity: normal Priority: P2 Component: directx-d3d AssignedTo: wine-bugs(a)winehq.org ReportedBy: gyebro69(a)gmail.com CC: hverbeet(a)gmail.com Classification: Unclassified Regression SHA1: 83761d20a8654a616b557ecdb2869436beae7f95 Created attachment 43695 --> http://bugs.winehq.org/attachment.cgi?id=43695 terminal output This is the game from bug #27733. When you start the game from the launcher, it crashes after the logo screen, just when the 'loading...' screen should appear. The strange is that if you launch the game with a working Wine version (e.g. 1.4.1), allow it to load to the menu, exit the game, upgrade the wineprefix to a recent version and restart the game, then the crash will no longer occur. The result of the regression test: 83761d20a8654a616b557ecdb2869436beae7f95 is the first bad commit commit 83761d20a8654a616b557ecdb2869436beae7f95 Author: Henri Verbeet <hverbeet(a)codeweavers.com> Date: Wed Apr 18 20:51:26 2012 +0200 d3d8: Get rid of IDirect3DBaseTexture8Impl. Steps to reproduce the problem with the trial version: 1. download and install the demo. 2. start it with fishdom.exe. In the launcher click on <Play trial version> button, skip the Playrix logo screen by pressing the left mouse button...this is where the game crashes. Fedora 18 Nvidia 250 / driver 313.18 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com --- Comment #1 from Austin English <austinenglish(a)gmail.com> 2013-02-25 13:26:27 CST --- I get this as well. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |27733 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #2 from Rico <kgbricola(a)web.de> 2013-04-03 08:56:25 CDT --- Created attachment 44074 --> http://bugs.winehq.org/attachment.cgi?id=44074 +d3d8 log The game sets an already freed texture. 0009:trace:d3d8:d3d8_device_CreateTexture iface 0x147a18, width 174, height 600, levels 1, usage 0, format 0x15, pool 0x1, texture 0x1af137c. 0009:trace:d3d8:device_parent_create_texture_surface device_parent 0x147a1c, container_parent 0x1e1c08, width 174, height 600, format 0x72, usage 0, pool 0x1, sub_resource_idx 0, surface 0x32f37c. 0009:trace:d3d8:d3d8_device_create_surface device 0x147a18, width 174, height 600, format 0x15, lockable 0x1, discard 0, surface 0x32f2cc, usage 0, pool 0x1, multisample_type 0, multisample_quality 0. 0009:trace:d3d8:d3d8_device_AddRef 0x147a18 increasing refcount to 10. 0009:trace:d3d8:d3d8_device_create_surface Created surface 0x1e1d78. 0009:trace:d3d8:d3d8_device_Release 0x147a18 decreasing refcount to 9. 0009:trace:d3d8:d3d8_surface_Release iface 0x1e1d78. 0009:trace:d3d8:d3d8_surface_Release 0x1e1d78 decreasing refcount to 0. 0009:trace:d3d8:d3d8_device_AddRef 0x147a18 increasing refcount to 10. 0009:trace:d3d8:d3d8_device_CreateTexture Created texture 0x1e1c08. ... 0009:trace:d3d8:d3d8_device_SetTexture iface 0x147a18, stage 0, texture 0x1e1c08. ... 0009:trace:d3d8:d3d8_texture_2d_Release 0x1e1c08 decreasing refcount to 0. 0009:trace:d3d8:d3d8_device_Release 0x147a18 decreasing refcount to 26. ... 0009:trace:d3d8:d3d8_device_SetTexture iface 0x147a18, stage 0, texture (nil). ... 0009:trace:d3d8:d3d8_device_SetTexture iface 0x147a18, stage 0, texture 0x1e1c08. ../../../git/dlls/d3d8/texture.c:1160: unsafe_impl_from_IDirect3DBaseTexture8: Assertion `iface->lpVtbl == (const IDirect3DBaseTexture8Vtbl *)&Direct3DTexture8_Vtbl || iface->lpVtbl == (const IDirect3DBaseTexture8Vtbl *)&Direct3DCubeTexture8_Vtbl || iface->lpVtbl == (const IDirect3DBaseTexture8Vtbl *)&Direct3DVolumeTexture8_Vtbl' failed. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #3 from Rico <kgbricola(a)web.de> 2013-04-03 09:30:43 CDT --- Created attachment 44075 --> http://bugs.winehq.org/attachment.cgi?id=44075 dirty workaround It seems you are allowed to pass junk to SetTexture, as long as you don't draw all seems to be fine. Well, that of course needs a test. The game goes further if you disable the assert and return NULL. (log part is not from the same run a previous log) // use the freed texture, but don't use it, why would anyone do this? 0009:trace:d3d8:d3d8_device_SetTexture iface 0x147a18, stage 0, texture 0x1e1c08. 0009:fixme:d3d8:unsafe_impl_from_IDirect3DBaseTexture8 stupid app 0009:trace:d3d8:d3d8_device_GetTransform iface 0x147a18, state 0x100, matrix 0x32f390. 0009:trace:d3d8:d3d8_device_MultiplyTransform iface 0x147a18, state 0x100, matrix 0x32f38c. 0009:trace:d3d8:d3d8_device_MultiplyTransform iface 0x147a18, state 0x100, matrix 0x32f398. // set a new one 0009:trace:d3d8:d3d8_device_SetTexture iface 0x147a18, stage 0, texture 0x81a1730. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #4 from Henri Verbeet <hverbeet(a)gmail.com> 2013-04-04 06:31:19 CDT --- Created attachment 44088 --> http://bugs.winehq.org/attachment.cgi?id=44088 patch I propose the attached. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #5 from Rico <kgbricola(a)web.de> 2013-04-04 09:20:49 CDT --- No, if we pass garbage to wined3d_device_set_texture it will crash there - this is where texture_impl->wined3d_texture points to, that's why I think we have to use NULL. The texture variable contains freed memory, which could be already overwritten. The game also crashes with your patch. Unhandled exception: divide by zero in 32-bit code (0x7e265420). =>0 0x7e265420 wined3d_buffer_preload+0x2e0(buffer=<couldn't compute location>) [/mnt/raid0/software/wine/build/dlls/wined3d/../../../git/dlls/wined3d/buffer.c:884] in wined3d (0x0033f0d8) 1 0x7e2674f5 wined3d_buffer_unmap+0xb4(buffer=0x1e1bd8) [/mnt/raid0/software/wine/build/dlls/wined3d/../../../git/dlls/wined3d/buffer.c:1173] in wined3d (0x0033f158) 2 0x7e381521 d3d8_device_DrawPrimitiveUP+0x150(iface=0x147650, primitive_type=D3DPT_TRIANGLESTRIP, primitive_count=0x2, data=0x33f1e4, stride=0x18) [/mnt/raid0/software/wine/build/dlls/d3d8/../../../git/dlls/d3d8/device.c:1969] in d3d8 (0x0033f1c4) 3 0x0059c3de in game.run (+0x19c3dd) (0x0033f244) Passing freed memory around doesn't seem to be a good idea... Maybe I missed something while testing? This happens only on the first start. If you started the app once sucessfully, you have to reinstall it to trigger the bug. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #6 from Henri Verbeet <hverbeet(a)gmail.com> 2013-04-04 09:47:59 CDT --- (In reply to comment #5)
No, if we pass garbage to wined3d_device_set_texture it will crash there - this is where texture_impl->wined3d_texture points to, that's why I think we have to use NULL. The texture variable contains freed memory, which could be already overwritten. The game also crashes with your patch.
The idea was to keep GetTexture() working as well, but that's not going to work anyway because of the AddRef() in there, so NULL is probably the right thing to return. It's a bit curious that it would work before 83761d20a8654a616b557ecdb2869436beae7f95 though, since it would pass the same uninitialized memory to wined3d_device_set_texture() in that case. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 Rico <kgbricola(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aeikum(a)codeweavers.com --- Comment #7 from Rico <kgbricola(a)web.de> 2013-04-07 09:49:23 CDT --- Removing the assert and using only the warning (http://bugs.winehq.org/attachment.cgi?id=44088) or reverting to the old behavior will work till patch: 2c6087457b97e815ee094e7ed75ca79317a5d14a is the first bad commit commit 2c6087457b97e815ee094e7ed75ca79317a5d14a Author: Andrew Eikum <aeikum(a)codeweavers.com> Date: Mon May 14 12:31:01 2012 -0500 dsound: Remove minlen, since we always mix full chunks anyway. :040000 040000 52dc0b21b6cd59b8407f39442fb156e3d6112091 32eb1f192f1ec78aafee2cec32e739e78f874a17 M dlls After that using the dirty workaround is needed! So 2c6087457b97e815ee094e7ed75ca79317a5d14a introduces something which really breaks - regardless of the regression by 83761d20a8654a616b557ecdb2869436beae7f95. Maybe the app puts also some garbage values in there? Andrew could you have a look please? I think using the dirty workaround is still the way to go, but we should take a look not introducing some other problem with 2c6087457b97e815ee094e7ed75ca79317a5d14a. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #8 from Rico <kgbricola(a)web.de> 2013-04-07 14:06:40 CDT --- Using "device->mixpos = writepos + maxq;" instead of "device->mixpos = writepos + frag;" makes the culprit. Thus it does "if (prebuff_left >= device->fraglen)" instead of the else case. After a little bit of trying commenting out "if(DSOUND_PrimaryPlay(device) != DS_OK){" lets the app load fine. To solve the 2c6087457b97e815ee094e7ed75ca79317a5d14a regression use: WINEDLLOVERRIDES="dsound=" and using the warning patch OR using the dirty workaround -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #9 from Andrew Eikum <aeikum(a)codeweavers.com> 2013-04-08 10:29:23 CDT --- (In reply to comment #7)
Removing the assert and using only the warning (http://bugs.winehq.org/attachment.cgi?id=44088) or reverting to the old behavior will work till patch:
It seems to work fine for me with this patch applied. Can you attach a log with the channels from <http://wiki.winehq.org/Sound>? Maybe we should be ignoring some return value in DSOUND_PrimaryPlay(). -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #10 from Rico <kgbricola(a)web.de> 2013-04-09 02:01:21 CDT --- Created attachment 44127 --> http://bugs.winehq.org/attachment.cgi?id=44127 +dsound log WINEDEBUG=+tid,+mmdevapi,+winmm,+driver,+midi,+dsound,+dsound3d,+dmusic,+mci,+oss,+alsa,+coreaudio,+dmime,+dmloader,+dmfile,+dmfileraw,+dmdump,+dmband,+dmcompos,+dmscript,+dmstyle,+dmsynth,+dmusic32,+dswave wine 1.5.27, with a patch similar to http://bugs.winehq.org/attachment.cgi?id=44088 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #11 from Andrew Eikum <aeikum(a)codeweavers.com> 2013-04-09 08:04:33 CDT --- This looks kind of like Bug 29431. That had a crash around RecalcVolPan, too. I think commit 4adfb787f4e8c36 was supposed to fix this problem. Does it help here, too? You could also try building with "-mstackrealign -mincoming-stack-boundary=2" in CFLAGS. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #12 from Rico <kgbricola(a)web.de> 2013-04-09 09:55:09 CDT --- No these CFLAGS don't seem to help. Also wine 1.5.27 has already patch 4adfb787f4e8c36. Out of curiosity... Gyb and Austin does the the patch http://bugs.winehq.org/attachment.cgi?id=44088 work with wine git for you? Or do you get the same crash as I get? This is just to eliminate that my system configuration is broken. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #13 from Austin English <austinenglish(a)gmail.com> 2013-04-09 12:26:58 CDT --- (In reply to comment #12)
No these CFLAGS don't seem to help. Also wine 1.5.27 has already patch 4adfb787f4e8c36.
Out of curiosity... Gyb and Austin does the the patch http://bugs.winehq.org/attachment.cgi?id=44088 work with wine git for you? Or do you get the same crash as I get? This is just to eliminate that my system configuration is broken.
That patch works fine for me with wine-1.5.27-182-g77ed56c. Without the patch, game still crashes on start. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 --- Comment #14 from Henri Verbeet <hverbeet(a)gmail.com> 2013-04-23 02:20:36 CDT --- Should be fixed by 1486bdd99ff0d0d7fa39042517736d645ce02675. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |1486bdd99ff0d0d7fa390425177 | |36d645ce02675 Status|NEW |RESOLVED Resolution| |FIXED --- Comment #15 from Austin English <austinenglish(a)gmail.com> 2013-04-23 12:26:19 CDT --- (In reply to comment #14)
Should be fixed by 1486bdd99ff0d0d7fa39042517736d645ce02675.
Yep, works fine in wine-1.5.28-141-gf663683, thanks! -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=33055 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #16 from Alexandre Julliard <julliard(a)winehq.org> 2013-04-26 13:15:22 CDT --- Closing bugs fixed in 1.5.29. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org