[Bug 24249] New: Firestarter Demo crashes with page fault on read access on start
http://bugs.winehq.org/show_bug.cgi?id=24249 Summary: Firestarter Demo crashes with page fault on read access on start Product: Wine Version: 1.3.1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: andrew.millington(a)gmail.com Created an attachment (id=30527) --> (http://bugs.winehq.org/attachment.cgi?id=30527) The crash of Firestarter on start Lines that I considered notable but full log is attached. Backtrace: =>0 0x685e3b48 IWineD3DDeviceImpl_GetSamplerState+0x78(iface=0x160228, Sampler=0, Type=863265637, Value=0x6a40c0) [/home/andrew/wine-git/dlls/wined3d/device.c:3106] in wined3d (0x0032f034) 1 0x720021b3 IDirect3DDevice8Impl_GetTextureStageState+0xa2(iface=0x14c1d0, Stage=0, Type=32, pValue=0x6a40c0) [/home/andrew/wine-git/dlls/d3d8/device.c:1586] in d3d8 (0x006a4460) 0x685e3b48 IWineD3DDeviceImpl_GetSamplerState+0x78 [/home/andrew/wine-git/dlls/wined3d/device.c:3106] in wined3d: movl 0x0(%eax,%ecx,4),%eax 3106 *Value = This->stateBlock->samplerState[Sampler][Type]; Modules: -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 Andrew Millington <andrew.millington(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.gamershell.com/d | |ownload_4489.shtml --- Comment #1 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-03 02:05:15 CDT --- Fill in some details. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #2 from Rico <kgbricola(a)web.de> 2010-09-03 09:38:54 CDT --- Created an attachment (id=30530) --> (http://bugs.winehq.org/attachment.cgi?id=30530) Add argument check for the type in IDirect3DDevice8Impl_GetTextureStageState. Does the attached patch help? The game somehow queries all values for the Type(also not available ones) from 0 to 32 in IDirect3DDevice8::GetTextureStageState(), which seems a bit strange. The problem is that the tss_lookup table has only 29 entries, which returns random memory (or an access violation) in cases where the index >= table size. The patch prevents this. There might be another problem when WINED3DTSS_FORCE_DWORD is triggered (e.g. Type == 0). So it could happen that there is also an access violation on read access. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #3 from Henri Verbeet <hverbeet(a)gmail.com> 2010-09-03 10:22:32 CDT --- (In reply to comment #2)
There might be another problem when WINED3DTSS_FORCE_DWORD is triggered (e.g. Type == 0). So it could happen that there is also an access violation on read access.
Yeah, something like the following should work: if (Type >= sizeof(tss_lookup) / sizeof(*tss_lookup)) Type = 0; l = &tss_lookup[Type]; if (l->state == WINED3DTSS_FORCE_DWORD) { *pValue = 0; return D3D_OK; } Note that there are some more places with constructions like this, at the very least IDirect3DDevice8Impl_SetTextureStageState(). We probably don't want a test for this though, I think it's accessing beyond the end of the array on native as well, it's just that native probably doesn't have the extra level of indirection. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #4 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-03 22:12:50 CDT --- After applying http://bugs.winehq.org/attachment.cgi?id=30530 nearly everything works but *An error appears if you run directly from the the installer after it has finished. *Texture problems in the low levels of the complete benchmark. *The center mirror thing is a bit strange when you move around it. *Slow when you face of certain bad guys. *Crashes when you try and create a multi player server. I haven't got Windows machine available to confirm or deny but these are good candidates for a separate bug. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 Wylda <wylda(a)volny.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wylda(a)volny.cz --- Comment #5 from Wylda <wylda(a)volny.cz> 2010-09-04 15:14:01 CDT --- (In reply to comment #3)
...We probably don't want a test for this though, I think it's accessing beyond the end of the array on native as well...
Henri, do i understand that correctly, that this is WONTFIX or INVALID? Or should be done something to get this bug into better state? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #6 from Henri Verbeet <hverbeet(a)gmail.com> 2010-09-04 17:27:11 CDT --- (In reply to comment #5)
(In reply to comment #3)
...We probably don't want a test for this though, I think it's accessing beyond the end of the array on native as well...
Henri, do i understand that correctly, that this is WONTFIX or INVALID? Or should be done something to get this bug into better state?
No, we can fix it, I'm just not sure the 0xbaadcafe return value is reliable, or that we should care about it. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 Andrew Millington <andrew.millington(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch --- Comment #7 from Andrew Millington <andrew.millington(a)gmail.com> 2010-09-12 04:58:20 CDT --- After applying these patches Firestarter starts. http://source.winehq.org/patches/data/65989 http://source.winehq.org/patches/data/65990 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #8 from Rico <kgbricola(a)web.de> 2010-09-27 12:32:09 CDT --- Should be fixed by commit e6d52c0c8bd7f70fd0046508e0e76c66b525daf5. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 Wylda <wylda(a)volny.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED --- Comment #9 from Wylda <wylda(a)volny.cz> 2010-09-27 17:53:59 CDT ---
Should be fixed by commit e6d52c0c8bd7f70fd0046508e0e76c66b525daf5.
wine-1.3.1 crashes for me and wine-1.3.3-282-g440cf08 runs, i.e. fixed. Although it crashes on exit, but that looks like something completely different. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 --- Comment #10 from Wylda <wylda(a)volny.cz> 2010-09-27 23:57:14 CDT ---
Although it crashes on exit, but that looks like something completely different.
I filled in bug 24549. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24249 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #11 from Alexandre Julliard <julliard(a)winehq.org> 2010-10-01 13:57:40 CDT --- Closing bugs fixed in 1.3.4. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org