http://bugs.winehq.org/show_bug.cgi?id=25362
Summary: Error running Return to Castle Wolfenstein Product: WineHQ Apps Database Version: unspecified Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: appdb-unknown AssignedTo: wine-bugs@winehq.org ReportedBy: mrfort@centurytel.net
Created an attachment (id=32259) --> (http://bugs.winehq.org/attachment.cgi?id=32259) debugger report
Installed ok. Allowed setup preferences such as graphics and audio preferences. When I try to run in single player I get this error: Error in file "/home/name/.local/share/applications/clamtk.desktop": "vms/exe" is an invalid MIME type ("vms" is an unregistered media type).
I assume it is an easy fix but cannot locate any information online or in your repository.
http://bugs.winehq.org/show_bug.cgi?id=25362
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|appdb-unknown |-unknown Product|WineHQ Apps Database |Wine
--- Comment #1 from Andrew Nguyen arethusa26@gmail.com 2010-11-30 12:38:30 CST --- This is not an AppDB bug. Please specify the Wine version that you are using.
(In reply to comment #0)
Installed ok. Allowed setup preferences such as graphics and audio preferences. When I try to run in single player I get this error: Error in file "/home/name/.local/share/applications/clamtk.desktop": "vms/exe" is an invalid MIME type ("vms" is an unregistered media type).
That message doesn't come from Wine, and it has nothing to do with the crash anyway. How are you launching the game?
http://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download Status|UNCONFIRMED |RESOLVED URL| |http://www.brothersoft.com/ | |games/return-to-castle-wolf | |enstein-single-player-downl | |oad.html CC| |focht@gmx.net Version|unspecified |1.3.8 Resolution| |WONTFIX Summary|Error running Return to |Return to Castle |Castle Wolfenstein |Wolfenstein 1.0.x crashes | |(returned GL_EXTENSION > | |4096 bytes, truncation code | |buggy, corrupts stack)
--- Comment #2 from Anastasius Focht focht@gmx.net 2011-06-18 04:42:42 CDT --- Hello,
confirming:
--- snip --- ... 0021:Ret window proc 0x444940 (hwnd=0x1007a,msg=WM_COMMAND,wp=03000064,lp=0001008a) retval=00000000 0021:Ret window proc 0x7569b9e8 (hwnd=0x1008a,msg=EM_REPLACESEL,wp=00000000,lp=019b5820) retval=00000001 0021:Ret user32.SendMessageA() retval=00000001 ret=00444edc 0021:trace:seh:raise_exception code=c0000005 flags=0 addr=0x5f746e65 ip=5f746e65 tid=0021 0021:trace:seh:raise_exception info[0]=00000000 0021:trace:seh:raise_exception info[1]=5f746e65 0021:trace:seh:raise_exception eax=676f7270 ebx=7b893ff4 ecx=019be808 edx=019bf84a esi=00defc9c edi=019bf8bd 0021:trace:seh:raise_exception ebp=019bfcc4 esp=019bf840 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010206 0021:trace:seh:call_vectored_handlers calling handler at 0x687ecde9 code=c0000005 flags=0 0021:trace:seh:call_vectored_handlers handler at 0x687ecde9 returned 0 0021:trace:seh:call_stack_handlers calling handler at 0x4c82fc code=c0000005 flags=0 ... Unhandled exception: page fault on read access to 0x5f746e65 in 32-bit code (0x5f746e65). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:5f746e65 ESP:019bf840 EBP:019bfcc4 EFLAGS:00010206( R- -- I - -P- ) EAX:676f7270 EBX:7b893ff4 ECX:019be808 EDX:019bf84a ESI:00defc9c EDI:019bf8bd Stack dump: 0x019bf840: 676f7270 5f6d6172 000a706f 00000000 0x019bf850: 004edc58 01171940 00000000 004edc68 0x019bf860: 01171140 00000000 004edc94 01171540 0x019bf870: 004ebed0 00501330 00000000 01171159 0x019bf880: 004ebb50 004ebb48 004edc88 004edc7c 0x019bf890: 00447c3b 00000000 00000001 00004000 Backtrace: =>0 0x5f746e65 (0x019bfcc4) 1 0x00442246 in wolfspdemo (+0x42245) (0x019bfe60) 2 0x7b85fa50 call_process_entry+0xb() in kernel32 (0x019bfe78) ... 0x5f746e65: -- no code accessible -- Modules: Module Address Debug info Name (74 modules) PE 400000- 11bc000 Export wolfspdemo ELF 20000000-200b8000 Deferred opengl32<elf> -PE 20020000-200b8000 \ opengl32 ELF 200b8000-200ba000 Deferred libnvidia-tls.so.260.19.06 ELF 200ba000-21757000 Deferred libnvidia-glcore.so.260.19.06 --- snip ---
It's a bug in the game itself. The RTCW code collects system/graphics card specs and uses 4096 byte buffer on stack for sprintf-like formatting. Unfortunately when it comes to OpenGL extensions, the extension string returned is a bit longer on various systems.
--- snip --- ... 0044762A 68 40111701 PUSH OFFSET 01171140 ; ASCII "GeForce GT 425M/PCI/SSE2" 0044762F 68 68DC4E00 PUSH OFFSET 004EDC68 ; ASCII "GL_RENDERER: %s " 00447634 6A 00 PUSH 0 00447636 FF15 00211601 CALL DWORD PTR DS:[1162100] ; sprintf like formtting 0044763C 68 40191701 PUSH OFFSET 01171940 ; ASCII "4.1.0 NVIDIA 260.19.06" 00447641 68 58DC4E00 PUSH OFFSET 004EDC58 ; ASCII "GL_VERSION: %s " 00447646 6A 00 PUSH 0 00447648 FF15 00211601 CALL DWORD PTR DS:[1162100] ; sprintf like formtting 0044764E 68 401D1701 PUSH OFFSET 01171D40 ; ASCII " GL_ARB_blend_func_extended GL_ARB_color_buffer_float GL_ARB_compatibility GL_ARB_copy_buffer GL_ARB_depth_buffer_float GL_ARB_depth_clamp GL_ARB_depth_texture GL_ARB_draw_buffers GL_ARB_draw_buffers_blend GL_ARB_draw_indirect GL_ARB_dra"... 00447653 68 44DC4E00 PUSH OFFSET 004EDC44 ; ASCII "GL_EXTENSIONS: %s " 00447658 6A 00 PUSH 0 ; <goes boom upon return due to stack corruption> 0044765A FF15 00211601 CALL DWORD PTR DS:[1162100] ; sprintf like formtting ; not reached --- snip ---
My OpenGL extensions string is ~5600 bytes. The game code allocates 4096 bytes on stack and "truncates" any longer string - not very elegant. Unfortunately it calculates the buffer bounds wrong by 0x10 bytes excess and this leads to overwrite of return address while truncating. It doesn't happen if the OpenGL extension string is < 4096 bytes.
Return address overwritten before return: ==> indicates ESP:
--- snip --- $-10 6D617267 $-C 5F4C4720 $-8 665F564E $-4 6D676172 $ ==> /5F746E65 ; damaged, should be return address $+4 |676F7270 ; damaged, should be NULL $+8 |5F6D6172 ; damaged, should be format string $+C |000A706F ; damaged, should be GL_EXTENSIONS string ptr $+10 |00000000 $+14 |004EDC58 ; ASCII "GL_VERSION: %s" $+18 |01171940 ; ASCII "4.1.0 NVIDIA 260.19.06" $+1C |00000000 $+20 |004EDC68 ; ASCII "GL_RENDERER: %s" $+24 |01171140 ; ASCII "GeForce GT 425M/PCI/SSE2" $+28 |00000000 $+2C |004EDC94 ; ASCII 0A,"GL_VENDOR:" $+30 |01171540 ; ASCII "NVIDIA Corporation" $+34 |004EBED0 ; ASCII "sys_cpustring" $+38 |00501330 $+3C |00000000 $+40 |01171159 $+44 |004EBB50 ; ASCII "disabled" $+48 |004EBB48 ; ASCII "enabled" $+4C |004EDC88 ; ASCII "windowed" $+50 |004EDC7C ; ASCII "fullscreen" $+54 |00447C3B ; RETURN from WolfSPDemo.004475E0 to WolfSPDemo.00447C3B --- snip ---
Truncating GL_EXTENSION string to be returned to length < 4096 doesn't make sense.
Either get a patch for the game (if it exists) or patch the game executable which isn't feasible for such old game.
Demo version: Wolf Demo 1.0.1
$ sha1sum wolf_spdemo.exe wine --68aa8b7df1bf197fabc4f762d74ca41b3bb2b0b7 wolf_spdemo.exe
$ wine --version wine-1.3.22-164-g17e6d75
Regards
http://bugs.winehq.org/show_bug.cgi?id=25362
--- Comment #3 from Anastasius Focht focht@gmx.net 2011-06-18 14:33:33 CDT --- Hello,
well I found my analysis confirmed ;-)
Found this link: http://www.rtcwmap.de/index.php?option=com_remository&Itemid=73&func...
--- quote --- "RTCW PATCH: RTCW SINGLEPLAYER OPEN GL FIX FOR WINDOWS 7"
Open GL Fix for the RtCW Singleplayer under Windows 7. Extract the Patch and replace the Files and play SP ! --- quote ---
RTCW_GL_ext_string_fix.zip
Regards
http://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Return to Castle |Return to Castle |Wolfenstein 1.0.x crashes |Wolfenstein 1.0.x crashes |(returned GL_EXTENSION > |(GL_EXTENSION string |4096 bytes, truncation code |truncation/overflow bug, |buggy, corrupts stack) |__GL_ExtensionStringVersion | |workaround)
--- Comment #4 from Anastasius Focht focht@gmx.net 2011-06-18 15:19:12 CDT --- Hello again,
I've learned from "kevlarman" on IRC #winehq there exist "__GL_ExtensionStringVersion" environment variable that forces the nvidia driver to limit the returned gl extension string.
Indeed, googling for nvidia documentation brings this up:
--- quote --- Some applications, such as Quake 3, crash after querying the OpenGL extension string
Some applications have bugs that are triggered when the extension string is longer than a certain size. As more features are added to the driver, the length of this string increases and can trigger these sorts of bugs.
You can limit the extensions listed in the OpenGL extension string to the ones that appeared in a particular version of the driver by setting the __GL_ExtensionStringVersion environment variable to a particular version number. For example,
__GL_ExtensionStringVersion=17700 quake3
will run Quake 3 with the extension string that appeared in the 177.* driver series. Limiting the size of the extension string can work around this sort of application bug. --- quote ---
Run the game/demo as follows:
$ __GL_ExtensionStringVersion=17700 wine ./WolfSPDemo.exe
to prevent the overflow. Case closed ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=25362
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Austin English austinenglish@gmail.com 2011-07-07 16:16:29 CDT --- Closing.
http://bugs.winehq.org/show_bug.cgi?id=25362
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |odziomek91@gmail.com
--- Comment #6 from Dan Kegel dank@kegel.com 2012-06-01 17:07:05 CDT --- *** Bug 30812 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |legluondunet@free.fr
--- Comment #7 from Anastasius Focht focht@gmx.net --- *** Bug 34992 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=25362
--- Comment #8 from Béla Gyebrószki gyebro69@gmail.com --- *** Bug 34992 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |grsfdhj@tiscali.it
--- Comment #9 from Anastasius Focht focht@gmx.net --- *** Bug 26636 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Return to Castle |Multiple broken games crash |Wolfenstein 1.0.x crashes |on startup due to OpenGL |(GL_EXTENSION string |extension string |truncation/overflow bug, |truncation/overflow |__GL_ExtensionStringVersion |(__GL_ExtensionStringVersio |workaround) |n is a workaround)
--- Comment #10 from Anastasius Focht focht@gmx.net --- Hello folks,
refining summary to have this bug serve as collector for all broken games suffering from this specific overflow.
Please don't resolve those as 'invalid' but rather mark them as dupe here. Thanks.
Regards
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |david.gamiz@gmail.com
--- Comment #11 from Anastasius Focht focht@gmx.net --- *** Bug 36410 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple broken games crash |Multiple broken games crash |on startup due to OpenGL |on startup due to OpenGL |extension string |extension string |truncation/overflow |truncation/overflow |(__GL_ExtensionStringVersio |(__GL_ExtensionStringVersio |n is a workaround) |n, MESA_EXTENSION_MAX_YEAR | |is a workaround)
--- Comment #12 from Anastasius Focht focht@gmx.net --- Also adding Mesa workaround to summary.
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
--- Comment #13 from Anastasius Focht focht@gmx.net --- *** Bug 31730 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |paulthetall@gmail.com
--- Comment #14 from Anastasius Focht focht@gmx.net --- *** Bug 35453 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |an0nym0usse@hotmail.com
--- Comment #15 from Anastasius Focht focht@gmx.net --- *** Bug 30794 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gyebro69@gmail.com
--- Comment #16 from Anastasius Focht focht@gmx.net --- *** Bug 25152 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |palmem@comcast.net
--- Comment #17 from Anastasius Focht focht@gmx.net --- *** Bug 21558 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |c_korn@gmx.de
--- Comment #18 from Anastasius Focht focht@gmx.net --- *** Bug 21727 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
--- Comment #19 from Béla Gyebrószki gyebro69@gmail.com --- *** Bug 38033 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
--- Comment #20 from Matteo Bruni matteo.mystral@gmail.com --- *** Bug 31885 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
--- Comment #21 from Józef Kucia joseph.kucia@gmail.com --- *** Bug 40459 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |visserthree@gmail.com
--- Comment #22 from Béla Gyebrószki gyebro69@gmail.com --- *** Bug 40469 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Matteo Bruni matteo.mystral@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tiar85@luukku.com
--- Comment #23 from Matteo Bruni matteo.mystral@gmail.com --- *** Bug 33729 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alois.schloegl@gmail.com
--- Comment #24 from Dmitry Timoshkov dmitry@baikal.ru --- *** Bug 39790 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |spleefer90@gmail.com
--- Comment #25 from Anastasius Focht focht@gmx.net --- *** Bug 45034 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Matteo Bruni matteo.mystral@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maiktapwagner@aol.com
--- Comment #26 from Matteo Bruni matteo.mystral@gmail.com --- *** Bug 43060 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
Christoph Korn christoph.korn@posteo.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|christoph.korn@posteo.de |
https://bugs.winehq.org/show_bug.cgi?id=25362
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.brothersoft.com/ |https://web.archive.org/web |games/return-to-castle-wolf |/20180712031025/https://www |enstein-single-player-downl |.quaddicted.com/files/idgam |oad.html |es2/idstuff/wolf/win32/wolf | |_spdemo.exe
https://bugs.winehq.org/show_bug.cgi?id=25362
Olivier F. R. Dierick o.dierick@piezo-forte.be changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mariob1992@outlook.com
--- Comment #27 from Olivier F. R. Dierick o.dierick@piezo-forte.be --- *** Bug 51447 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=25362
David Gámiz Jiménez david.gamiz@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|david.gamiz@gmail.com |
-
wine-bugs@winehq.org -
WineHQ Bugzilla