[Bug 41977] New: Gunner3 always crashes due to wine having a different allocation scheme than windows
https://bugs.winehq.org/show_bug.cgi?id=41977
Bug ID: 41977 Summary: Gunner3 always crashes due to wine having a different allocation scheme than windows Product: Wine Version: 1.9.24 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: dark.shadow4@web.de Distribution: ArchLinux
Created attachment 56382 --> https://bugs.winehq.org/attachment.cgi?id=56382 Hack to get the game working, patch for the exe
Gunner 3 always crashes when selecting a level. According to my debugging, it's because the game allocates memory with RtlAllocateHeap and then accesses the area before that, aka undefined behavior. But note that it works just fine on all windows versions and ReactOS.
It's probably WONTFIX, but since it works on windows I'll provide a hack (and maybe a patch) for usage on linux.
Attached an patch for the gunner3.exe, make sure it has the MD5 4481bc4382bb00353edf0635516d904d.
https://bugs.winehq.org/show_bug.cgi?id=41977
--- Comment #1 from Bruno Jesus 00cpxxx@gmail.com --- Can you explain how you patched the exe? Like allocating more memory and pretending to return an offset higher then initial pointer to ensure there is enough memory for the erroneous attempts.
How far from the initial pointer the game attempts to read?
https://bugs.winehq.org/show_bug.cgi?id=41977
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- The game seems to turn an unsigned 16Bit integer into an 32Bit integer. Once the number is too big, it gets treated as negative and gets subtracted. The patch turns a "movsx" into a "movzx", essentially forcing unsigned mode and fixing the crashes.
Technically, it could read up to 32768 bytes before the allocated memory, but according to my tests a buffer of 5500 bytes is enough to avoid crashes.
https://bugs.winehq.org/show_bug.cgi?id=41977
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Fabian Maurer dark.shadow4@web.de --- Forgot to mention, command to patch the exe with the patch I provided: "bspatch gunner3.exe gunner3_patched.exe gunner3.bsdiff"
Since it's an application bug, I'll resolve this as invalid, but preserve this as workaround.
https://bugs.winehq.org/show_bug.cgi?id=41977
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=41977
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://thegamespage.com/dow | |nloads/games/gunner3.exe Keywords| |download
--- Comment #5 from Fabian Maurer dark.shadow4@web.de --- As of wine-8.20 this Game seems to work. Interesting.
https://bugs.winehq.org/show_bug.cgi?id=41977
--- Comment #6 from Fabian Maurer dark.shadow4@web.de --- FWIW, it works since commit a612ab6f2a45bc08f5b39e22edc58bb541b26ae1 Author: Tatsuyuki Ishi ishitatsuyuki@gmail.com Date: Mon Apr 10 17:43:28 2023 +0900
ntdll: Use log-linear bucketing for free lists.
But keep in mind that this is still an application bug that just happens to not crash now.
-
wine-bugs@winehq.org -
WineHQ Bugzilla