https://bugs.winehq.org/show_bug.cgi?id=51831
Bug ID: 51831 Summary: TrueDrive: On start shows an alert that the steering wheel is turned around too close to the bump stops, while the wheel is actually aligned on top center Product: Wine Version: 6.18 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: minor Priority: P2 Component: hid Assignee: wine-bugs@winehq.org Reporter: logos128@gmail.com CC: rbernon@codeweavers.com Regression SHA1: 8b434bdc7fe98e3bd97e180f31bc18d87161c05a Distribution: ArchLinux
Created attachment 70718 --> https://bugs.winehq.org/attachment.cgi?id=70718 0001-winebus.sys-Fix-possible-memory-access-error-in-bus_.patch
In addition to the summary, the in app steering wheel animation is indeed turned around usually on left, and the high torque mode of the Simucube 2 FFB wheel is also being disabled, as the alert warns. After closing the alert, the steering wheel animation resumes proper tracking of the real wheel.
After some regression testing found out that in bus_event_queue_pop() (winebus.sys/unixlib.c) the size for the memcpy operation is calculated on base of the event->input_report.length, and when the event operand is passed for first time to this function, its input_report.length is uninitialized. The bus_event structure is being allocated once per bus thread. This could lead to either insufficient bytes being copied to the event struct, or memory access error for an out of bounds copy operation of the tmp struct. The consecutive calls of this function use the event->input_report.length again, which in this case is just the length of the input buffer from the previous operation.
If the device uses multiple input reports with different ReportIDs and different lengths, this could lead to serious issues.
Attached a patch which fixes the issue (based on the current master)