[Bug 34100] Artemis Spaceship Bridge Simulator (demo version 1.66) crashes on startup

http://bugs.winehq.org/show_bug.cgi?id=34100

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |eeefed3dd02f5299e38d308ee6d | |9ba6998722bdd Status|NEW |RESOLVED CC| |focht@gmx.net Resolution|--- |FIXED Summary|Crash trying to run Artemis |Artemis Spaceship Bridge |demo. |Simulator (demo version | |1.66) crashes on startup

--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,

I can't reproduce this too with Wine 1.7.18, built with gcc 4.8.x

Unfortunately no one here provided a WINEDEBUG=+tid,+seh,+relay,+d3d,+d3d9 trace which would have helped.

Starting with OP's backtrace I deduced it to the original code location.

--- snip --- ... fixme:d3d:swapchain_init The application requested more than one back buffer, this is not properly supported. Please configure the application to use double buffering (1 back buffer) if possible. wine: Unhandled page fault on read access to 0x7bcd9000 at address 0x4b3a7a (thread 0009), starting debugger... Unhandled exception: page fault on read access to 0x7bcd9000 in 32-bit code (0x004b3a7a). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:004b3a7a ESP:0033f880 EBP:0033f888 EFLAGS:00010212( R- -- I -A- - ) EAX:82427c6d EBX:03a159cc ECX:019d3b1c EDX:00000000 ESI:7bcd8ffd EDI:0305c140 Stack dump: 0x0033f880: 03a159a8 03a15a60 00000000 0041d643 0x0033f890: 02fba830 7bc376ed 067f0580 3812b986 0x0033f8a0: 03a159a8 0033f908 03a15a30 03a15a60 0x0033f8b0: 0033f8d8 004cef6b ffffffff 0041b41a 0x0033f8c0: 3812b9e2 00000000 0033f908 0033fb44 0x0033f8d0: ffffffff 03a159a8 0033fb34 004d109b Backtrace: =>0 0x004b3a7a in artemis (+0xb3a7a) (0x0033f888) 0x004b3a7a: repe movsl (%esi),%es:(%edi) Modules: Module Address Debug info Name (113 modules) PE 400000- 5a7000 Export artemis PE 5b0000- 7e8000 Deferred d3dx9_24 PE 10000000-10039000 Deferred ftd2xx PE 71590000-71617000 Deferred comctl32 ELF 79abe000-7b800000 Deferred libnvidia-glcore.so.313.30 ELF 7b800000-7ba5b000 Deferred kernel32<elf> -PE 7b810000-7ba5b000 \ kernel32 ELF 7bc00000-7bcd9000 Deferred ntdll<elf> -PE 7bc10000-7bcd9000 \ ntdll ... Threads: process tid prio (all id:s are in hex) 00000008 (D) C:\Program Files\Artemis DEMO\Artemis.exe 00000029 15 00000027 0 00000009 0 <== ... --- snip ---

The code causing the fault (0x4b3a7a) looks like some inlined memcpy().

The last caller address is likely 0x0041d643 You can find it by doing a top-down search for valid EIP values in mapped executable .text segment ranges in backtrace 'Stack dump'.

Armed with that info I found and debugged a loop in the game executable which basically does this:

--- snip --- call d3d9.d3d9_texture_2d_GetLevelDesc call d3d9.d3d9_texture_2d_LockRect call operator "new" for some object call operator "new" for some object call memcpy() ; (causes fault) call d3d9.d3d9_texture_2d_UnlockRect --- snip ---

Looking at Henry's comment in bug 34271 (http://bugs.winehq.org/show_bug.cgi?id=34271#c5)

--- quote --- This is supposedly fixed by commit eeefed3dd02f5299e38d308ee6d9ba6998722bdd. --- quote ---

The commit: http://source.winehq.org/git/wine.git/commitdiff/eeefed3dd02f5299e38d308ee6d...

--- snip --- --- a/dlls/d3d9/surface.c +++ b/dlls/d3d9/surface.c @@ -293,8 +293,11 @@ static HRESULT WINAPI d3d9_surface_LockRect(IDirect3DSurface9 *iface, hr = wined3d_surface_map(surface->wined3d_surface, &map_desc, rect, flags); wined3d_mutex_unlock();

- locked_rect->Pitch = map_desc.row_pitch; - locked_rect->pBits = map_desc.data; + if (SUCCEEDED(hr)) + { + locked_rect->Pitch = map_desc.row_pitch; + locked_rect->pBits = map_desc.data; + }

return hr; } --- snip ---

Hmm, that touches the code I've debugged in that loop before the crash.

I reverted the commit on top of current GIT (wine-1.7.18-92-gb01fc1a) and got . . . wine: Unhandled page fault on read access to 0x7dd52000 at address 0x4b3a7a (thread 0035), starting debugger...

Yay! Case closed :)

$ sha1sum Artemis_demo_v1_66.exe c69fa260c6591ed6b4a218ebda896d821600e777 Artemis_demo_v1_66.exe

$ du -sh Artemis_demo_v1_66.exe 31M Artemis_demo_v1_66.exe

$ wine --version wine-1.7.18-92-gb01fc1a

Regards