http://bugs.winehq.org/show_bug.cgi?id=12874
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #21 from Andrew Nguyen arethusa26@gmail.com 2010-07-14 21:52:14 --- For the first crash:
trace:int31:DOSVM_Int31Handler get free memory information trace:int31:DOSVM_Int31Handler resize memory block (0x00bf0000, 2148921344 bytes) fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148921344 bytes), using non-linear growing... fixme:int31:DPMI_xalloc failed to allocate any memory of 2148921344 bytes! wine: Unhandled page fault on write access to 0x00000000 at address 0x681f35f6 (thread 001c), starting debugger... Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0x681f35f6). ... Backtrace: =>0 0x681f35f6 (0x00aedf68) 1 0x685cfe3d DOSVM_Int31Handler+0x228b(context=0xbf0000) [/home/arethusa/wine32/dlls/krnl386.exe16/../../../wine.git/dlls/krnl386.exe16/int31.c:1380] in krnl386.exe16 (0x00aee268) 2 0x685cfe3d DOSVM_Int31Handler+0x228b(context=0xaee2fc) [/home/arethusa/wine32/dlls/krnl386.exe16/../../../wine.git/dlls/krnl386.exe16/int31.c:1380] in krnl386.exe16 (0x00aee298) ...
What happens is that the application tries to resize a memory block, but the DPMI_xrealloc helper calls DPMI_xalloc and assumes success in the block resize case. The application passes an extremely large allocation size (around 2 GB), so DPMI_xalloc fails and DPMI_xrealloc blindly uses the returned NULL pointer. Making xrealloc recognize this condition seems to fix the crash.
For the next problem:
fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148921344 bytes), using non-linear growing... fixme:int31:DPMI_xalloc failed to allocate any memory of 2148921344 bytes! fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148511744 bytes), using non-linear growing... fixme:int31:DPMI_xalloc failed to allocate any memory of 2148511744 bytes! fixme:int31:DPMI_xalloc failed to allocate linearly growing memory (2148102144 bytes), using non-linear growing... fixme:int31:DPMI_xalloc failed to allocate any memory of 2148102144 bytes! ...
For some reason, the application uses the queried DPMI free memory information to try to allocate all available memory, and it spends a huge amount of time doing this until it crashes. Hacking DPMI_xalloc to reject allocation sizes larger than 512 MB (or some reasonable arbitrary value) gets the application to start. Perhaps the DPMI free memory information needs some hard limits for applications like this one. There are many more issues after this, but that would seem to belong in another bug report.