http://bugs.winehq.org/show_bug.cgi?id=21828
--- Comment #19 from Anastasius Focht focht@gmx.net 2010-02-25 02:24:49 --- Hello,
the winhttp problem might be related to SSL data processing (reads).
--- snip --- 0009:Call winhttp.WinHttpQueryDataAvailable(00000003,02a0fbbc) ret=10008856 0009:trace:winhttp:WinHttpQueryDataAvailable 0x3, 0x2a0fbbc 0009:trace:winhttp:addref_object 0x1d1a38 -> refcount = 2 0009:trace:winhttp:grab_object handle 0x3 -> 0x1d1a38 0009:Call ntdll.RtlAllocateHeap(00110000,00000000,00001001) ret=7d0b38f9 0009:Ret ntdll.RtlAllocateHeap() retval=033bc618 ret=7d0b38f9 ... 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf7509d56 ip=f7509d56 tid=0009 0009:trace:seh:raise_exception info[0]=00000001 0009:trace:seh:raise_exception info[1]=033cc000 0009:trace:seh:raise_exception eax=00000003 ebx=7d0c1ff4 ecx=3fffc185 edx=001d1a8c esi=02a1e474 edi=033cc000 0009:trace:seh:raise_exception ebp=02a0ea48 esp=02a0e9f8 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210206 0009:trace:seh:call_vectored_handlers calling handler at 0x7e0480e0 code=c0000005 flags=0 0009:trace:seh:call_vectored_handlers handler at 0x7e0480e0 returned 0 0009:trace:seh:call_stack_handlers calling handler at 0x1002610a code=c0000005 flags=0 --- snip ---
Deduced corresponding source:
WinHttpQueryDataAvailable -> query_data -> netconn_recv
--- snip dlls/winhttp/request.c --- static BOOL query_data( request_t *request, LPDWORD available, BOOL async ) { BOOL ret; DWORD num_bytes;
if ((ret = netconn_query_data_available( &request->netconn, &num_bytes ))) { if (request->content_read < request->content_length) { if (!num_bytes) { char buffer[4096]; size_t to_read = min( sizeof(buffer), request->content_length - request->content_read );
ret = netconn_recv( &request->netconn, buffer, to_read, MSG_PEEK, (int *)&num_bytes ); if (ret && !num_bytes) WARN("expected more data to be available\n"); } } else if (num_bytes) { WARN("extra data available %u\n", num_bytes); ret = FALSE; } } TRACE("%u bytes available\n", num_bytes); ... } --- snip dlls/winhttp/request.c ---
4097 bytes get allocated -> (sizeof( supplied stack buffer)+1):
--- snip dlls/winhttp/net.c --- BOOL netconn_recv( netconn_t *conn, void *buf, size_t len, int flags, int *recvd ) { *recvd = 0; if (!netconn_connected( conn )) return FALSE; if (!len) return TRUE;
if (conn->secure) { #ifdef SONAME_LIBSSL if (flags & ~(MSG_PEEK | MSG_WAITALL)) FIXME("SSL_read does not support the following flags: %08x\n", flags);
/* this ugly hack is all for MSG_PEEK */ if (flags & MSG_PEEK && !conn->peek_msg) { if (!(conn->peek_msg = conn->peek_msg_mem = heap_alloc( len + 1 ))) return FALSE; } else if (flags & MSG_PEEK && conn->peek_msg) { if (len < conn->peek_len) FIXME("buffer isn't big enough, should we wrap?\n"); *recvd = min( len, conn->peek_len ); memcpy( buf, conn->peek_msg, *recvd ); return TRUE; } else if (conn->peek_msg) { *recvd = min( len, conn->peek_len ); memcpy( buf, conn->peek_msg, *recvd ); conn->peek_len -= *recvd; conn->peek_msg += *recvd;
if (conn->peek_len == 0) { heap_free( conn->peek_msg_mem ); conn->peek_msg_mem = NULL; conn->peek_msg = NULL; } /* check if we have enough data from the peek buffer */ if (!(flags & MSG_WAITALL) || (*recvd == len)) return TRUE; } *recvd += pSSL_read( conn->ssl_conn, (char *)buf + *recvd, len - *recvd ); if (flags & MSG_PEEK) /* must copy into buffer */ { conn->peek_len = *recvd; if (!*recvd) { heap_free( conn->peek_msg_mem ); conn->peek_msg_mem = NULL; conn->peek_msg = NULL; } else memcpy( conn->peek_msg, buf, *recvd ); } if (*recvd < 1 && len) return FALSE; return TRUE; #else return FALSE; #endif ... } --- snip dlls/winhttp/net.c ---
The problem most likely starts with pSSL_read() but since there is no trace available it's only guessing. Could be a heap corruption/buggy native ssl call.
Please rerun the game in clean WINEPREFIX using following:
remove old log: $ rm log.txt
new log: $ WINEDEBUG=+tid,+seh,+winhttp,+heap wine Mercenaries2.exe >>log.txt 2>&1
Beware: due to heap checking enabled the game startup will be slow and the log produced might be large - be patient until it fails.
*** strip your private data from winhttp traces as described in previous comments ***
Compress and attach the resulting log.
Regards