[Bug 22000] New: Gallium + Indexed rendering = Null pointer dereference
http://bugs.winehq.org/show_bug.cgi?id=22000 Summary: Gallium + Indexed rendering = Null pointer dereference Product: Wine Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: directx-d3d AssignedTo: wine-bugs(a)winehq.org ReportedBy: MostAwesomeDude(a)gmail.com Created an attachment (id=26727) --> (http://bugs.winehq.org/attachment.cgi?id=26727) Failed device.ok test in d3d9 First off, I *am* upstream (Mesa/Gallium), so assume they've been contacted. :3 Gallium and indexed rendering are not very happy with each other. I get some fairly solidly reliable segfaults with both a d3d9 DLL test (device.ok) and Civ4 (Steam version). Hardware is a Radeon R580 (X1900), driver is r300g from Mesa git. I'm attaching four logs. The first two are the original test and Civ4 logs; the second two are the same, but edited to show the juicy bits. My current guess, based on the Mesa debug info I dumped, is that the indexed rendering code is slightly baked and maybe trusting the underlying GL driver a bit too much. get_arrays_bounds: Handling 2 attrs attr 0: stride 16 size 12 start (nil) end 0xfffffffc attr 1: stride 16 size 4 start 0xc end (nil) buffer range: (nil) 0xfffffffc range -4 max index 4294967295 So right here (from device.ok) we have interleaved userspace VBO, that is being prepped inside core Mesa. Two delightful things here; the first attr seems way off-base, it shouldn't dare be giving us bad pointers, and the second attr's pointers don't even line up! Compare to a sane program (Mesa's drawarrays): get_arrays_bounds: Handling 2 attrs attr 0: stride 16 size 12 start 0x8087020 end 0x808705c attr 1: stride 16 size 4 start 0x808702c end 0x8087060 buffer range: 0x8087020 0x8087060 range 64 max index 3 r300g doesn't really care. The kernel drops the rendering on the floor for a variety of reasons, not least being the ridiculous max_index. But then it segfaults, and I have zero idea why. I'd guess it's something to do with tossing around NULL pointers like candy, but I'm honestly not sure and I haven't really dug into the DLL code yet. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #1 from Corbin Simpson <MostAwesomeDude(a)gmail.com> 2010-03-10 06:39:45 --- Created an attachment (id=26728) --> (http://bugs.winehq.org/attachment.cgi?id=26728) Civ4 log/backtrace -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #2 from Dmitry Timoshkov <dmitry(a)codeweavers.com> 2010-03-10 07:44:23 --- Please specify your Wine version. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 Corbin Simpson <MostAwesomeDude(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|unspecified |1.1.38 --- Comment #3 from Corbin Simpson <MostAwesomeDude(a)gmail.com> 2010-03-10 07:46:05 --- (In reply to comment #2)
Please specify your Wine version.
Set to 1.1.38, the version in my Fedora. Also happens with git. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #4 from Corbin Simpson <MostAwesomeDude(a)gmail.com> 2010-03-12 05:57:08 --- Partially fixed. The bad indices were an internal Mesa issue and I've already committed a fix, but the segfaults remain. There's definite heap corruption during the d3d9 tests, during context destruction. Steam straight-up segfaults while trying to launch Civ4. I think the two are related and have the same origin, but I haven't nailed it down yet. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #5 from Austin English <austinenglish(a)gmail.com> 2010-03-12 11:09:57 --- (In reply to comment #4)
Partially fixed. The bad indices were an internal Mesa issue and I've already committed a fix, but the segfaults remain. There's definite heap corruption during the d3d9 tests, during context destruction. Steam straight-up segfaults while trying to launch Civ4. I think the two are related and have the same origin, but I haven't nailed it down yet.
Have you tried running with 'WINEDEBUG=+heap make device.ok' ? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #6 from Corbin Simpson <MostAwesomeDude(a)gmail.com> 2010-03-22 05:05:01 --- (In reply to comment #5)
Have you tried running with 'WINEDEBUG=+heap make device.ok' ?
Yes, attaching that log now. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 Wylda <wylda(a)volny.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wylda(a)volny.cz --- Comment #7 from Wylda <wylda(a)volny.cz> 2010-04-23 11:40:58 --- (In reply to comment #6)
Yes, attaching that log now.
Lost in space? :) -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #8 from Corbin Simpson <MostAwesomeDude(a)gmail.com> 2010-04-23 12:24:23 --- Sorry for not responding quickly; I kind of wandered off and forgot about this. Anyway, the log is at http://paste.pocoo.org/show/205399/. Can't attach it, it's too big. Looks impossible-to-read from my point of view, but maybe you guys can interpret it better. :3 I'll make a better effort to not take a month to respond next time. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 joaopa <jeremielapuree(a)yahoo.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree(a)yahoo.fr --- Comment #9 from joaopa <jeremielapuree(a)yahoo.fr> 2011-06-09 13:35:14 CDT --- still a bug in currentt git? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 --- Comment #10 from joaopa <jeremielapuree(a)yahoo.fr> 2011-07-09 09:10:25 CDT --- no news since 1 year. This bug could be closed as ABANDONED. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |ABANDONED --- Comment #11 from Austin English <austinenglish(a)gmail.com> 2011-07-10 14:07:32 CDT --- (In reply to comment #10)
no news since 1 year. This bug could be closed as ABANDONED.
Abandoned. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=22000 Jeff Zaroyko <jeffz(a)jeffz.name> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #12 from Jeff Zaroyko <jeffz(a)jeffz.name> 2011-07-11 16:24:26 CDT --- Closing abandoned. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org