https://bugs.winehq.org/show_bug.cgi?id=39078
Bug ID: 39078 Summary: Visual Pinball 9.9.1 crashes on exit after creating a new table Product: Wine Version: 1.7.49 Hardware: x86-64 OS: Mac OS X Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: tobbi.bugs@googlemail.com
Download of Visual Pinball 9.9.1 here: http://emulationrealm.net/downloads/file/33-visual-pinball
$ openssl sha1 "VPinball991_Full.zip" SHA1(VPinball991_Full.zip)= aafbd3c28af31ec4a993e0fe59a77374e5895572
Steps to reproduce: 1. Download installer and install the game. 2. Start the game. 3. Select File > New. 4. Select File > Exit.
wine --version wine-1.7.49
https://bugs.winehq.org/show_bug.cgi?id=39078
--- Comment #1 from tobbi.bugs@googlemail.com --- Created attachment 52065 --> https://bugs.winehq.org/attachment.cgi?id=52065 backtrace
https://bugs.winehq.org/show_bug.cgi?id=39078
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #2 from super_man@post.com --- The download has changed. Any idea what is the correct exe if any of those?
https://bugs.winehq.org/show_bug.cgi?id=39078
--- Comment #3 from Tobias (:Tobbi) Markus tobbi.bugs@googlemail.com --- The bug is reproducible with the latest version as well.
Visual Pinball Download from http://emulationrealm.net/downloads/file/33-visual-pinball (click the Download button and run setup).
SHA1(VPXsetup.zip)= 5c9dd3ba44d7e72d33a94a9eaa0613dde7166eb1
Steps to reproduce stay the same.
https://bugs.winehq.org/show_bug.cgi?id=39078
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #4 from winetest@luukku.com --- sha1sum VPX1setup.zip 159976589b7914eb7270eea559fde5004c835da8 VPX1setup.zip
I didnt have fully emty prefix. I tested wine-staging 1.9.21.
I think I tested all the pinball exes that were at there.
I couldnt get it crash using the steps given.
Could you retest?
https://bugs.winehq.org/show_bug.cgi?id=39078
--- Comment #5 from Tobias (:Tobbi) Markus tobbi.bugs@googlemail.com --- I am still able to reproduce the crash with wine-2.5
https://bugs.winehq.org/show_bug.cgi?id=39078
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW URL| |https://sourceforge.net/pro | |jects/vpinball/files/VP9/ Component|-unknown |vbscript Keywords| |download
--- Comment #6 from Dmitry Timoshkov dmitry@baikal.ru --- Looks like a bug is vbscript, 'winetricks -q wsh56vb' is a workaround.
https://bugs.winehq.org/show_bug.cgi?id=39078
--- Comment #7 from Tobias (:Tobbi) Markus tobbi.bugs@googlemail.com --- (In reply to Dmitry Timoshkov from comment #6)
Looks like a bug is vbscript, 'winetricks -q wsh56vb' is a workaround.
Can confirm I don't get a crash with that command executed.
https://bugs.winehq.org/show_bug.cgi?id=39078
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Visual Pinball 9.9.1 |Visual Pinball 8.x, 9.x, |crashes on exit after |10.x crash on exit after |creating a new table |creating a new table, needs | |support for VBScript | |IActiveScriptDebug CC| |focht@gmx.net
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
--- snip --- $ pwd /home/focht/.wine/drive_c/Visual Pinball
$ WINEDEBUG=+tid,+seh,+relay,+vbscript,+ole,+variant wine ./VPinballX.exe
log.txt 2>&1
... 0036:trace:vbscript:VBScript_SetScriptState (0x1ba958)->(3) 0036:fixme:vbscript:VBScript_SetScriptState unimplemented state 3 0036:trace:vbscript:VBScript_SetScriptState (0x1ba958)->(4) 0036:fixme:vbscript:VBScript_SetScriptState unimplemented state 4 0036:trace:vbscript:VBScript_Release (0x1ba958) ref=1 0036:trace:vbscript:VBScript_Release (0x1ba958) ref=0 0036:trace:vbscript:DispatchEx_AddRef (0x17d290) ref=2 0036:trace:vbscript:DispatchEx_Release (0x17d290) ref=1 0036:trace:vbscript:DispatchEx_AddRef (0x17d328) ref=2 0036:trace:vbscript:DispatchEx_Release (0x17d328) ref=1 0036:trace:vbscript:DispatchEx_Release (0x17d328) ref=0 ... 0036:trace:vbscript:DispatchEx_Release (0x17d290) ref=0 ... 0036:trace:vbscript:ScriptDisp_Release (0x1a7e00) ref=0 ... 0036:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4499d4 ip=004499d4 tid=0036 0036:trace:seh:raise_exception info[0]=00000000 0036:trace:seh:raise_exception info[1]=00000000 0036:trace:seh:raise_exception eax=00000000 ebx=001af7a0 ecx=0033e980 edx=00110064 esi=001b0bf0 edi=00000010 0036:trace:seh:raise_exception ebp=00190f30 esp=0033e980 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210216 0036:trace:seh:call_stack_handlers calling handler at 0x528470 code=c0000005 flags=0 ... wine: Unhandled page fault on read access to 0x00000000 at address 0x4499d4 (thread 0036), starting debugger... ... Backtrace: =>0 0x00000018 (0xe8f18b56) 0x00000018: -- no code accessible -- Modules: Module Address Debug info Name (157 modules) PE 400000- 149f000 Export vpinballx PE 14a0000- 1a1b000 Deferred freeimage PE 1c40000- 1cd0000 Deferred scilexervp PE 10000000-10050000 Deferred bass ELF 7a800000-7a942000 Deferred opengl32<elf> -PE 7a840000-7a942000 \ opengl32 ELF 7b400000-7b7f0000 Deferred kernel32<elf> -PE 7b420000-7b7f0000 \ kernel32 ELF 7bc00000-7bd0a000 Deferred ntdll<elf> -PE 7bc30000-7bd0a000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ... Threads: process tid prio (all id:s are in hex) ... 00000035 (D) C:\Visual Pinball\VPinballX.exe 0000003b 0 0000003a 0 00000039 15 00000038 15 00000037 0 00000036 0 <== --- snip ---
Application code call site:
--- snip --- 00449990 PUSH ESI 00449991 MOV ESI,DWORD PTR SS:[ESP+8] 00449995 MOV ECX,DWORD PTR DS:[ESI+104] 0044999B TEST ECX,ECX 0044999D JE SHORT VPinball.004499D9 0044999F MOV EAX,DWORD PTR DS:[ECX] 004499A1 PUSH 3 004499A3 PUSH ECX 004499A4 CALL DWORD PTR DS:[EAX+14] ; vbscript.VBScript_SetScriptState 004499A7 MOV EAX,DWORD PTR DS:[ESI+104] 004499AD PUSH 4 004499AF PUSH EAX 004499B0 MOV ECX,DWORD PTR DS:[EAX] 004499B2 CALL DWORD PTR DS:[ECX+14] ; vbscript.VBScript_SetScriptState 004499B5 MOV EAX,DWORD PTR DS:[ESI+104] 004499BB PUSH EAX 004499BC MOV ECX,DWORD PTR DS:[EAX] 004499BE CALL DWORD PTR DS:[ECX+8] ; vbscript.VBScript_Release 004499C1 MOV EAX,DWORD PTR DS:[ESI+11C] 004499C7 PUSH EAX 004499C8 MOV ECX,DWORD PTR DS:[EAX] 004499CA CALL DWORD PTR DS:[ECX+8] ; vbscript.VBScriptParse_Release 004499CD MOV EAX,DWORD PTR DS:[ESI+120] 004499D3 PUSH EAX 004499D4 MOV ECX,DWORD PTR DS:[EAX] ; *boom* 004499D6 CALL DWORD PTR DS:[ECX+8] 004499D9 XOR EAX,EAX 004499DB POP ESI 004499DC RETN 4 --- snip ---
The game tries to release an interface/instance which is not present.
Using the referenced memory locations on heap, one can find the game code that QI/stores the interface pointers (hw bp). Another way is to go back in time, looking for any vbscript QI failures in trace log.
--- snip --- ... 0036:trace:vbscript:VBScriptFactory_CreateInstance ((nil) {bb1a2ae2-a4f9-11cf-8f20-00805f2cd064} 0x33f2fc) ... 0036:trace:vbscript:VBScript_QueryInterface (0x1ba958)->(IID_IActiveScriptParse 0x33f2fc) 0036:trace:vbscript:VBScript_AddRef (0x1ba958) ref=2 0036:trace:vbscript:VBScript_Release (0x1ba958) ref=1 0036:trace:vbscript:ClassFactory_Release (0xf298e440) 0036:Ret ole32.CoCreateInstance() retval=00000000 ret=004498f4 0036:trace:vbscript:VBScript_QueryInterface (0x1ba958)->(IID_IActiveScript 0x1b0cf4) 0036:trace:vbscript:VBScript_AddRef (0x1ba958) ref=2 0036:fixme:vbscript:VBScript_QueryInterface (0x1ba958)->({51973c10-cb0c-11d0-b5c9-00a0244a0e7a} 0x1b0d10) 0036:trace:vbscript:VBScriptParse_InitNew (0x1ba958) ... --- snip ---
It's the only QI failure present for that component and indeed the culprit here.
51973c10-cb0c-11d0-b5c9-00a0244a0e7a = IID_IActiveScriptDebug(32)
https://source.winehq.org/git/wine.git/blob/4eaaf06ce4e5d7424eec2cf303c82566...
--- snip --- 106 /************************************************************ 107 * interface IActiveScriptDebug32 108 */ 109 [ 110 object, 111 uuid(51973c10-cb0c-11d0-b5c9-00a0244a0e7a), 112 pointer_default(unique) 113 ] 114 interface IActiveScriptDebug32 : IUnknown 115 { 116 HRESULT GetScriptTextAttributes( 117 [in, size_is(uNumCodeChars)] LPCOLESTR pstrCode, 118 [in] ULONG uNumCodeChars, 119 [in] LPCOLESTR pstrDelimiter, 120 [in] DWORD dwFlags, 121 [in, out, size_is(uNumCodeChars)] SOURCE_TEXT_ATTR *pattr); 122 123 HRESULT GetScriptletTextAttributes( 124 [in, size_is(uNumCodeChars)] LPCOLESTR pstrCode, 125 [in] ULONG uNumCodeChars, 126 [in] LPCOLESTR pstrDelimiter, 127 [in] DWORD dwFlags, 128 [in, out, size_is(uNumCodeChars)] SOURCE_TEXT_ATTR *pattr); 129 130 HRESULT EnumCodeContextsOfPosition( 131 [in] DWORD dwSourceContext, 132 [in] ULONG uCharacterOffset, 133 [in] ULONG uNumChars, 134 [out] IEnumDebugCodeContexts **ppescc); 135 } --- snip ---
https://source.winehq.org/git/wine.git/blob/4eaaf06ce4e5d7424eec2cf303c82566...
--- snip --- 228 static HRESULT WINAPI VBScript_QueryInterface(IActiveScript *iface, REFIID riid, void **ppv) 229 { 230 VBScript *This = impl_from_IActiveScript(iface); 231 232 if(IsEqualGUID(riid, &IID_IUnknown)) { 233 TRACE("(%p)->(IID_IUnknown %p)\n", This, ppv); 234 *ppv = &This->IActiveScript_iface; 235 }else if(IsEqualGUID(riid, &IID_IActiveScript)) { 236 TRACE("(%p)->(IID_IActiveScript %p)\n", This, ppv); 237 *ppv = &This->IActiveScript_iface; 238 }else if(IsEqualGUID(riid, &IID_IActiveScriptParse)) { 239 TRACE("(%p)->(IID_IActiveScriptParse %p)\n", This, ppv); 240 *ppv = &This->IActiveScriptParse_iface; 241 }else if(IsEqualGUID(riid, &IID_IActiveScriptParseProcedure2)) { 242 TRACE("(%p)->(IID_IActiveScriptParseProcedure2 %p)\n", This, ppv); 243 *ppv = &This->IActiveScriptParseProcedure2_iface; 244 }else if(IsEqualGUID(riid, &IID_IObjectSafety)) { 245 TRACE("(%p)->(IID_IObjectSafety %p)\n", This, ppv); 246 *ppv = &This->IObjectSafety_iface; 247 }else { 248 FIXME("(%p)->(%s %p)\n", This, debugstr_guid(riid), ppv); 249 *ppv = NULL; 250 return E_NOINTERFACE; 251 } 252 253 IUnknown_AddRef((IUnknown*)*ppv); 254 return S_OK; 255 } --- snip ---
ProtectionID scan for completeness:
--- snip --- -=[ ProtectionID v0.6.8.5 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/16-13:09:21 Ready... Scanning -> C:\Visual Pinball\VPinballX.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 5188096 (04F2A00h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x585C1547 -> Thu 22nd Dec 2016 18:02:47 (GMT) [TimeStamp] 0x585C1547 -> Thu 22nd Dec 2016 18:02:47 (GMT) | PE Header | - | Offset: 0x00000160 | VA: 0x00400160 | - [File Heuristics] -> Flag #1 : 00000000000000001100001000100011 (0x0000C223) [Entrypoint Section Entropy] : 7.90 (section #1) "UPX1 " | Size : 0x4B6200 (4940288) byte(s) [DllCharacteristics] -> Flag : (0x8100) -> DEP | TSA [SectionCount] 3 (0x3) | ImageSize 0x109F000 (17428480) byte(s) [VersionInfo] Product Name : Visual Pinball [VersionInfo] Product Version : 10. 2. 0. 0 [VersionInfo] File Description : Visual Pinball 10.2.0 [VersionInfo] File Version : 10. 2. 0. 0 [VersionInfo] Original FileName : VPinballX.exe [VersionInfo] Internal Name : Visual Pinball [VersionInfo] Legal Copyrights : Copyright 2000-2016 [ModuleReport] [IAT] Modules -> KERNEL32.DLL | ADVAPI32.dll | bass.dll | COMCTL32.dll | COMDLG32.dll | d3d9.dll | d3dx9_43.dll | dbghelp.dll | DINPUT.dll | DSOUND.dll | FreeImage.dll | GDI32.dll | HID.DLL | ole32.dll | OLEAUT32.dll | SETUPAPI.dll | USER32.dll | WINMM.dll [!] UPX 3.07 compressed ! upx internal version : 013 / compression method : 08 (M_NRV2E_LE32) - Level : 09 decompressed adler32 : 0x7740E8F9 / compressed adler32 : 0x2B703B89 uncompressed size : 0x0105ED5C (017165660) / compressed size : 0x004B5F22 (04939554) original file size : 0x01053C00 (017120256) / filter : 0x026 / ct0 0x15 / linkchecksum : 0x0D4 - Scan Took : 0.979 Second(s) [0000003D3h (979) tick(s)] [506 of 580 scan(s) done] --- snip ---
$ sha1sum VPX2setup.zip e862530f81c1305c9cc2c2f1e2789df901fdf4d6 VPX2setup.zip
$ sha1sum VPX2setup.exe 74795af49709b0d13f33bd41342f60fcc7a4eb06 VPX2setup.exe
$ du -sh VPX2setup.exe 36M VPX2setup.exe
$ wine --version wine-2.8
Regards
https://bugs.winehq.org/show_bug.cgi?id=39078
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |3dde8287c69d4274b5b22bc1859 | |d84a4a02b3613 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/3dde8287c69d4274b5b22bc185...
Thanks Zebediah
$ wine --version wine-3.8-178-gda5112c743
Regards
https://bugs.winehq.org/show_bug.cgi?id=39078
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #10 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.9.
https://bugs.winehq.org/show_bug.cgi?id=39078
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |3.0.x
https://bugs.winehq.org/show_bug.cgi?id=39078
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|3.0.x |---
--- Comment #11 from Michael Stefaniuc mstefani@winehq.org --- Removing the 3.0.x milestone from bugs included in 3.0.3.
-
wine-bugs@winehq.org