[Bug 55773] New: Railroad Tycoon 2 Platinum (Steam, GOG) crashes when changing to 800X600 resolution
https://bugs.winehq.org/show_bug.cgi?id=55773
Bug ID: 55773 Summary: Railroad Tycoon 2 Platinum (Steam, GOG) crashes when changing to 800X600 resolution Product: Wine Version: 8.0-rc1 Hardware: x86-64 URL: https://store.steampowered.com/app/7620/Railroad_Tycoo n_II_Platinum/ OS: Linux Status: NEW Keywords: regression Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: gyebro69@gmail.com CC: rbernon@codeweavers.com Regression SHA1: 2f6b763fa90dd2ab622c583e2bf56392973e971e Distribution: ---
Created attachment 75256 --> https://bugs.winehq.org/attachment.cgi?id=75256 terminal output
When you start a new campaign or scenario there are 8 command icons on the main interface. The second icon from the bottom in the row is the control panel where you can change resolution to 800X600. However, choosing 800X600 will result in an immediate crash. (After crashing you may need to remove rt2_tsc.CFG from the game directory else the game won't start normally next time).
This happens since Wine-8.0-rc1. Previously, a the game changed resolution correctly. The result of the regression test:
2f6b763fa90dd2ab622c583e2bf56392973e971e is the first bad commit commit 2f6b763fa90dd2ab622c583e2bf56392973e971e Author: Rémi Bernon rbernon@codeweavers.com Date: Fri Nov 25 11:17:12 2022 +0100
ntdll: Find heap block region from its base offset.
Still present in wine-8.17-190-g8943fcbca49.
https://bugs.winehq.org/show_bug.cgi?id=55773
--- Comment #1 from Rémi Bernon rbernon@codeweavers.com --- This is actually a game bug, leading to wined3d resource heap pointer corruption.
When using 800x600 resolution, the game fills the frame by writing pixels to the locked resource memory, starting from the end. However it has an off by one error, and ends up overwriting one two bytes before the mapped address.
This overwrites ddraw heap pointer that was sneaked there to later be freed.
Previously the heap was able to detect that the corrupted pointer was not from any heap, but as we can't lock the whole heap on every free anymore, it isn't possible to detect.
Anyway, I think we should simply not hide a pointer there. Doing that fixes the crash, even if the heap block header gets corrupted (which is either detected or ignored).
https://bugs.winehq.org/show_bug.cgi?id=55773
Zeb Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com
--- Comment #2 from Zeb Figura z.figura12@gmail.com --- (In reply to Rémi Bernon from comment #1)
Anyway, I think we should simply not hide a pointer there. Doing that fixes the crash, even if the heap block header gets corrupted (which is either detected or ignored).
Well, we... kind of need to put that pointer somewhere.
Of course, there are other ways to solve that particular problem, but if we're going to tweak things around just to make the game work, I'd rather just explicitly add padding.
https://bugs.winehq.org/show_bug.cgi?id=55773
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |a6e969560b02ca776f987319db3 | |7e6550a1ecfec Status|NEW |RESOLVED
--- Comment #3 from Béla Gyebrószki gyebro69@gmail.com --- Fixed by e7d7ac77087ed33958047dae34a2e9d66c473c21 and a6e969560b02ca776f987319db37e6550a1ecfec
https://bugs.winehq.org/show_bug.cgi?id=55773
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 9.0-rc3.
-
WineHQ Bugzilla