http://bugs.winehq.org/show_bug.cgi?id=7036

Jim Cameron jim_24601@btinternet.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |jim_24601@btinternet.com

--- Comment #10 from Jim Cameron jim_24601@btinternet.com 2008-08-21 04:13:50 --- Investigated using winedbg under Wine 1.1.2 on Ubuntu 8.04.

There is a bug here, but not in Wine ... it is a bug in the Doom 3 executable itself. The game is trying to allocate space on the stack for a dynamically-sized array, padded to be a multiple of 16 bytes and to start on a 16-byte boundary in memory. Unfortunately it gets the calculation of how much padding it needs a bit wrong. If the stack pointer at a particular point in the code happens to equal 4 modulo 16, the function will overwrite one of its saved registers and the program will crash.

This appears to happen at a couple of places in the code. I was able to patch out the offending instructions with a hex editor to give it a bit of extra padding. The demo thus patched ran perfectly happily and I could play the game. (It's sort of grey.)

I don't know what change in Wine caused this bug to manifest. I tried to run a regression test, but regressing much past about 0.9.50 on a modern Linux distro is rich in fail, and I gave up. I imagine that a change in the startup code caused the stack to be set up slightly differently. It might be worth padding the stack on startup to match Windows' alignment, or even making stack alignment an option in case different Windows versions differ, and to see if other programs have similar bugs.