[Bug 33376] Stick soldier 2 crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=33376

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |msvcp Summary|Stick soldier 2 crash on |Stick soldier 2 crashes on |startup |startup

--- Comment #12 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming, still present.

--- snip --- $ WINEDEBUG=+tid,+seh,+loaddll,+process,+msvcrt,+msvcp wine ./Stick\ Soldiers\ II.exe >>log.txt 2>&1 ... 0027:trace:msvcp:basic_filebuf_char_open (0x33faf8 Data\SSents.etb 1 64) 0027:trace:msvcp:basic_filebuf_char_open_wchar (0x33faf8 L"Data\SSents.etb" 1 64) 0027:trace:msvcp:basic_filebuf_char_is_open (0x33faf8) 0027:trace:msvcp:_Fiopen_wchar (L"Data\SSents.etb" 1 64) 0027:trace:msvcrt:MSVCRT__wfsopen (L"Data\SSents.etb",L"r") 0027:trace:msvcrt:msvcrt_get_flags L"r" 0027:trace:msvcrt:MSVCRT__wsopen_s fd*: 0x33f658 :file (L"Data\SSents.etb") oflags: 0x0000 shflags: 0x0040 pmode: 0x0000 0027:trace:msvcrt:msvcrt_alloc_fd :handle (0x74) allocating fd (6) 0027:trace:msvcrt:MSVCRT__wsopen_s :fd (6) handle (0x74) 0027:trace:msvcrt:msvcrt_init_fp :fd (6) allocating FILE* 0027:trace:msvcrt:msvcrt_init_fp :got FILE* (0x7e0d2380) 0027:trace:msvcrt:MSVCRT__wfsopen :fd (6) mode (L"r") FILE* (0x7e0d2380) 0027:trace:msvcrt:MSVCRT__wfsopen :got (0x7e0d2380) 0027:trace:msvcp:basic_filebuf_char__Init (0x33faf8 0x7e0d2380 1) 0027:trace:msvcp:basic_streambuf_char__Init_empty (0x33faf8) 0027:trace:msvcp:basic_streambuf_char_setp_next (0x33faf8 (nil) (nil) (nil)) 0027:trace:msvcp:basic_streambuf_char_setg (0x33faf8 (nil) (nil) (nil)) 0027:trace:msvcp:basic_streambuf_char__Init (0x33faf8 0x7e0d2388 0x7e0d2380 0x7e0d2384 0x7e0d2388 0x7e0d2380 0x7e0d2384) 0027:trace:msvcp:locale_id_operator_size_t (0x7e1f84f8) 0027:trace:msvcp:locale__Getfacet_bool (0x33fb2c 1) 0027:trace:msvcp:basic_filebuf_char__Initcvt_cvt (0x33faf8 0x5b23b8) 0027:trace:msvcp:codecvt_base_always_noconv (0x5b23b8) 0027:trace:msvcp:codecvt_base_do_always_noconv (0x5b23b8) 0027:trace:msvcp:basic_ifstream_char_is_open (0x33faf0) 0027:trace:msvcp:basic_filebuf_char_is_open (0x33faf8) 0027:trace:msvcp:MSVCP_basic_string_char_ctor_alloc 0x33fb90 0x33fa98 0027:trace:msvcp:basic_string_char__Tidy (0x33fb90 0) 0027:trace:msvcp:MSVCP_basic_string_char_ctor_cstr_alloc 0x33fb80 "UNDEFINED" 0027:trace:msvcp:basic_string_char__Tidy (0x33fb80 0) 0027:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x33fb80 "UNDEFINED" 9 0027:trace:msvcrt:MSVCRT_operator_new (11) returning 0x5b70b8 0027:trace:msvcp:basic_string_char__Tidy (0x33fb80 1) 0027:trace:msvcp:ios_base_eof (0x33fb4c) 0027:trace:msvcp:basic_istream_char_getline_delim (0x33faf0 0x33fba0 ff ) 0027:trace:msvcp:basic_ios_char_rdbuf_get (0x33fb4c) 0027:trace:msvcp:basic_streambuf_char__Lock (0x33faf8) 0027:trace:msvcp:basic_istream_char__Ipfx (0x33faf0 1) 0027:trace:msvcp:ios_base_good (0x33fb4c) 0027:trace:msvcp:basic_ios_char_tie_get (0x33fb4c) 0027:trace:msvcp:ios_base_good (0x33fb4c) 0027:trace:msvcp:basic_ios_char_rdbuf_get (0x33fb4c) 0027:trace:msvcp:basic_streambuf_char_sbumpc (0x33faf8) 0027:trace:msvcp:basic_streambuf_char__Gnavail (0x33faf8) 0027:trace:msvcp:basic_filebuf_char_uflow (0x33faf8) 0027:trace:msvcp:basic_filebuf_char_is_open (0x33faf8) 0027:trace:msvcp:basic_streambuf_char_gptr (0x33faf8) 0027:trace:msvcp:basic_streambuf_char_egptr (0x33faf8) 0027:trace:msvcrt:_lock (34) 0027:trace:msvcrt:read_i :fd (6) handle (0x74) buf (0x5b6050) len (4096) 0027:trace:msvcrt:read_i :EOF "" 0027:trace:msvcrt:read_i (0), "" 0027:trace:msvcrt:_unlock (34) 0027:trace:msvcp:basic_ios_char_rdbuf_get (0x33fb4c) 0027:trace:msvcp:basic_streambuf_char__Unlock (0x33faf8) 0027:trace:msvcp:basic_ios_char_setstate_reraise (0x33fb4c 3 0) 0027:trace:msvcp:basic_ios_char_clear_reraise (0x33fb4c 3 0) 0027:trace:msvcp:ios_base_clear_reraise (0x33fb4c 3 0) 0027:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x33fb90 "" 0 0027:trace:msvcp:MSVCP_basic_string_char_operator_at 0x33fb90 0 0027:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4119e7 ip=004119e7 tid=0027 0027:trace:seh:raise_exception info[0]=00000000 0027:trace:seh:raise_exception info[1]=00000000 0027:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=005b114f edi=f75c6000 0027:trace:seh:raise_exception ebp=0033fcac esp=0033fa18 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 --- snip ---

@Fabian

--- quote --- If you track that function, one call is with an empty string (this->size == 0 and more important this->ptr == NULL) at position 0. The return value is then this->ptr+pos == NULL, which then causes the page fault. Such a call shouldn't happen, or does it work to access an empty string at position 0 under Windows. --- quote ---

Yes, it should work.

'std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator[](uint)' must return 'Nullstr()' reference in this case.

Source: https://source.winehq.org/git/wine.git/blob/a0e8d62a8ebd24e4ae474c262ddbc7d1...

--- snip --- 1413 /* ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z */ 1414 /* ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAD_K@Z */ 1415 /* ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z */ 1416 /* ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAAEBD_K@Z */ 1417 DEFINE_THISCALL_WRAPPER(MSVCP_basic_string_char_operator_at, 8) 1418 char* __thiscall MSVCP_basic_string_char_operator_at( 1419 basic_string_char *this, MSVCP_size_t pos) 1420 { 1421 TRACE("%p %lu\n", this, pos); 1422 1423 assert(this->size >= pos); 1424 return this->ptr+pos; 1425 } --- snip ---

Same applies for wide-character version.

$ sha1sum ss2.zip 9bfd26b015a0dbc60cc199f42fd5e2a0325a7754 ss2.zip

$ du -sh ss2.zip 832K ss2.zip

$ wine --version wine-1.7.45-127-g172e08e

Regards