http://bugs.winehq.org/show_bug.cgi?id=59541 --- Comment #13 from tolis <cnc3onlinekw@proton.me> --- (In reply to tolis from comment #12)
The crash is caused by the software by an uninitialized pointer. see this do while loop: do { piVar3 = (int *)FUN_00463124(*(int *)PTR_DAT_0046e068,uVar6,uVar5); (**(code **)(*piVar3 + 0xc))(piVar3,iVar9,&local_54); thunk_FUN_00406154(local_54,(int *)L"Segoe Script"); if ((bool)uVar11) { DAT_004744d4 = '\x01'; } iVar9 = iVar9 + 1; iVar4 = iVar4 + -1; uVar11 = iVar4 == 0; uVar5 = extraout_ECX_07; uVar6 = extraout_EDX_05; } while (!(bool)uVar11); at the end of the loop Ivar4 becomes 0 and uVar11 gets set 1 and the program exits and DAT_004744d4 never gets set to 1 by the if statement . next we have this broken if statement that always executes as a result of if ((bool)uVar11) { DAT_004744d4 = '\x01'; } never succeeding : if (DAT_004744d4 == '\0') { FUN_00427690(*(int **)(*(int *)(*(int *)PTR_DAT_0046e000 + 900) + 100),(LPCSTR)L"MS Sans Serif") ; FUN_00427690(*(int **)(*(int *)(*(int *)PTR_DAT_0046e000 + 0x388) + 100), (LPCSTR)L"MS Sans Serif"); }. the problem with this is that it uses an uninitialized pointer leading to an exception code : EXCEPTION_ACESS_VIOLATION. The software is broken removing the if statement and always setting DAT_004744d4 = '\x01';. fixes the problem because the bad code never runs and the program continues normally
and this is what the patched loop looks like in ghidra : do { piVar3 = (int *)FUN_00463124(*(int *)PTR_DAT_0046e068,uVar6,uVar5); (**(code **)(*piVar3 + 0xc))(piVar3,iVar9,&local_54); thunk_FUN_00406154(local_54,(int *)L"Segoe Script"); DAT_004744d4 = '\x01'; iVar9 = iVar9 + 1; iVar4 = iVar4 + -1; uVar5 = extraout_ECX_07; uVar6 = extraout_EDX_05; } while (iVar4 != 0);. notice that the if statement is removed and we instead just set DAT_004744d4 equal to 1. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.