[Bug 49393] New: Gag game crash
https://bugs.winehq.org/show_bug.cgi?id=49393 Bug ID: 49393 Summary: Gag game crash Product: Wine Version: 5.10 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winmm&mci Assignee: wine-bugs(a)winehq.org Reporter: axet(a)me.com Distribution: --- Hello! I'm trying to run 'Gag' game. And it's crashing winmm reading at zero memory address. I've tested few wine versions 5.0.0 .. 5.10 and all have same issue. https://en.wikipedia.org/wiki/GAG_The_Impotent_Mystery If you want trying to run the game, you gonna need start X server with 16-bit display like this: Xephyr :1 -ac -screen 800x600x16 & Crash output: 5.10 Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x639d7db6). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:639d7db6 ESP:016cf7c0 EBP:00000001 EFLAGS:00010246( R- -- I Z- -P- ) EAX:00000000 EBX:00ca3e08 ECX:016cf760 EDX:000001d0 ESI:00000000 EDI:014afb1c Stack dump: 0x016cf7c0: 009b38b8 639ec090 00000001 00000000 0x016cf7d0: 00ca3e24 00000000 00000000 639d85b5 0x016cf7e0: 00ca3ed4 00000008 000000e8 7ea09ea0 0x016cf7f0: 00000001 016cf810 016cf8cc 016cf820 0x016cf800: 0000001c 7ffc4000 0000003f 00ca0cf0 0x016cf810: 00ca0cf0 016cf830 639efe20 00ca3e08 Backtrace: =>0 0x639d7db6 EntryPoint+0xffffffff() in winmm (0x00000001) 1 0x639d8688 EntryPoint+0xffffffff() in winmm (0x00ca3ed4) 2 0x639da5b9 EntryPoint+0xffffffff() in winmm (0x016cf918) 3 0x7ea1bd0c in user32 (+0x9bd0b) (0x016cf918) 4 0x7ea1c35d in user32 (+0x9c35c) (0x016cf968) 5 0x7ea1e5a3 in user32 (+0x9e5a2) (0x016cf9b8) 6 0x7e9db0f2 in user32 (+0x5b0f1) (0x016cfa28) 7 0x7e9dd6c7 in user32 (+0x5d6c6) (0x016cfe48) 8 0x7e9e32df in user32 (+0x632de) (0x016cfea8) 9 0x639d9949 EntryPoint+0xffffffff() in winmm (0x016cff5c) 0x639d7db6 EntryPoint+0xffffffff in winmm: cmpw $1,0x0(%eax) 5.0.0 Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x639d7b36). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:639d7b36 ESP:0127f700 EBP:00000001 EFLAGS:00010246( R- -- I Z- -P- ) EAX:00000000 EBX:0089e300 ECX:0127f6a0 EDX:0089e678 ESI:00000000 EDI:0105fb0c Stack dump: 0x0127f700: 0089c3c8 639eb090 00000001 00000000 0x0127f710: 0089e31c 00000000 00000000 639d8335 0x0127f720: 0089e3cc 00000008 000000e8 0127f750 0x0127f730: 0000000c 00030038 0127f768 7e925c50 0x0127f740: 7ea78cc0 7ffc4000 0000003f 0089c9f0 0x0127f750: 0089c9f0 0127f770 639eee20 0089e300 Backtrace: =>0 0x639d7b36 EntryPoint+0xffffffff() in winmm (0x00000001) 1 0x639d8408 EntryPoint+0xffffffff() in winmm (0x0089e3cc) 2 0x639da339 EntryPoint+0xffffffff() in winmm (0x0127f858) 3 0x7e93863c in user32 (+0xa863b) (0x0127f858) 4 0x7e938cad in user32 (+0xa8cac) (0x0127f8a8) 5 0x7e93b113 in user32 (+0xab112) (0x0127f8f8) 6 0x7e8f635e in user32 (+0x6635d) (0x0127f968) 7 0x7e8f8a7f in user32 (+0x68a7e) (0x0127fe38) 8 0x7e8fedca in user32 (+0x6edc9) (0x0127fe98) 9 0x639d96c9 EntryPoint+0xffffffff() in winmm (0x0127ff4c) 0x639d7b36 EntryPoint+0xffffffff in winmm: cmpw $1,0x0(%eax) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49393 --- Comment #1 from Alexey Kuznetsov <axet(a)me.com> --- WINEDEBUG=+all wine 5.10 119460.329:0020:0158:trace:mmdevapi:MMDevice_AddRef Format is: "Refcount now %i\n" Refcount now 2 119460.329:0020:0158:trace:pulse:AudioClient_AddRef (0xa0d7a0) Refcount now 1 119460.329:0020:0158:Ret winepulse.drv.GetAudioEndpoint() retval=00000000 ret=70344cf7 119460.329:0020:0158:trace:mmdevapi:MMDevice_Activate Format is: "Returning %08x\n" Returning 00000000 119460.329:0020:0158:trace:seh:raise_exception code=c0000005 flags=0 addr=0x639d7db6 ip=639d7db6 tid=0158 119460.329:0020:0158:trace:seh:raise_exception info[0]=00000000 119460.329:0020:0158:trace:seh:raise_exception info[1]=00000000 119460.329:0020:0158:trace:seh:raise_exception eax=00000000 ebx=00a07a78 ecx=016cf2e0 edx=00000000 esi=00000000 edi=014afad4 119460.329:0020:0158:trace:seh:raise_exception ebp=00000001 esp=016cf770 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 119460.329:0020:0158:trace:seh:call_stack_handlers calling handler at 0x7bcc1d70 code=c0000005 flags=0 119460.329:0020:0158:Call ntdll.NtCreateEvent(016cf2c0,001f0003,016cf2c4,00000000,00000000) ret=7b01132d 119460.329:0020:0158:trace:heap:RtlAllocateHeap (0x110000,7000006a,00000010): returning 0x9fbde0 0158: create_event( access=001f0003, manual_reset=1, initial_state=0, objattr={rootdir=0000,attributes=00000002,sd={},name=L""} ) 0158: create_event() = 0 { handle=00e8 } 119460.331:0020:0158:trace:heap:RtlFreeHeap (0x110000,70000062,0x9fbde0): returning TRUE 119460.331:0020:0158:Ret ntdll.NtCreateEvent() retval=00000000 ret=7b01132d 119460.331:0020:0158:trace:heap:RtlAllocateHeap (0x110000,70000062,00000050): returning 0x9f0e88 119460.331:0020:0158:trace:heap:RtlFreeHeap (0x110000,70000062,0x9f0e88): returning TRUE 119460.331:0020:0158:trace:heap:RtlAllocateHeap (0x110000,70000062,0000001e): returning 0x9f0ee8 119460.331:0020:0158:trace:heap:RtlFreeHeap (0x110000,70000062,0x9f0ee8): returning TRUE 119460.331:0020:0158:trace:heap:RtlAllocateHeap (0x110000,70000062,0000005c): returning 0xa07958 119460.331:0020:0158:trace:heap:RtlFreeHeap (0x110000,70000062,0xa07958): returning TRUE wine: Unhandled page fault on read access to 00000000 at address 639D7DB6 (thread 0158), starting debugger... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=49393 Andrew Nguyen <arethusa26@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #2 from Andrew Nguyen <arethusa26@gmail.com> --- Testing with a copy of the game from https://archive.org/details/GAG_The_Impotent_Mystery_Russia, I can confirm it crashes on startup with wine-11.3. The game calls waveOutOpen with a NULL lpFormat: 0120:trace:winmm:waveOutOpen (004A0D30, 4294967295, 00000000, 4035c0, 0, 00030000) This results in a crash in the internal Wine function WINMM_OpenDevice because it assumes that lpFormat is never NULL. Testing on Windows indicates that calling waveOutOpen with a NULL lpFormat should only result in the error return value MMSYSERR_INVALPARAM instead of provoking a crash. If I patch Wine to avoid the crash, then the game is able to start successfully. Looking at the winmm traces for waveOutOpen with the change: 0120:trace:winmm:waveOutOpen (004A0D30, 4294967295, 00000000, 4035c0, 0, 00030000) 0130:trace:winmm:waveOutOpen (004A0D30, 4294967295, 00C26680, 4035c0, 0, 00030000) Thread 0120 that calls waveOutOpen improperly does not appear to do anything else with winmm besides call timeGetTime, so I suspect there's an application bug that is ultimately harmless on Windows. Thread 0130 successfully calls waveOutOpen as expected. I also see the same crash when exiting the game CD launcher, and when it is run on Windows, no audio is played on exit, so possibly the application bug is in code that is shared between the launcher and game. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=49393 --- Comment #3 from Andrew Nguyen <arethusa26@gmail.com> --- I submitted a fix for the crash: https://gitlab.winehq.org/wine/wine/-/merge_requests/10158 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=49393 Andrew Nguyen <arethusa26@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |e9bfa19f02ca1e493d1874147f0 | |b5a735d7ff26c Status|NEW |RESOLVED --- Comment #4 from Andrew Nguyen <arethusa26@gmail.com> --- Fixed by https://gitlab.winehq.org/wine/wine/-/commit/e9bfa19f02ca1e493d1874147f0b5a7... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
WineHQ Bugzilla -
WineHQ Bugzilla