http://bugs.winehq.org/show_bug.cgi?id=11644
Summary: Crashes in the dinput device.c and joystick.c tests... Product: Wine Version: 0.9.55. Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: directx-dinput AssignedTo: wine-bugs@winehq.org ReportedBy: lionel_debroux@yahoo.fr
I have a Microsoft Digital Media Pro keyboard, USB ID 045e:00b0 (description: http://www.microsoft.com/hardware/mouseandkeyboard/productdetails.aspx?pid=0... ). As can be seen on the photo, this keyboard has a "zoom" slider, which is exposed to the computer as a joystick.
When I'm running the dinput tests with WINEDEBUG=warn+heap, and this keyboard/joystick is plugged in, two tests, device.c and joystick.c, outright crash, due to accesses at address 0x55555555 (magic value indicating an access to uninitialized allocated memory). These two tests have been consistently crashing since around november 2007, when I started running "make test".
I mentioned this problem as part of bug #9916 ("make test usually fails"): http://bugs.winehq.org/show_bug.cgi?id=9916#c27 At first, I tried debugging the issue on my own: * I have already submitted a patch for improved traces in dinput, which Alexandre committed as efc81cb233538ba72198ea9b80b160abfa0e8ecc on 2008-01-02; * I added a couple of printf (number of axes, number of buttons) to alloc_device in dlls/dinput/joystick_linux.c. but I came up to nothing interesting.
Several interesting facts about the keyboard: * on this computer, a laptop Core 2 Duo @ 2 GHz with 2 GB of RAM running SimplyMEPIS 7.0 (kernel 2.6.22.x), the keyboard has 37 axes and 37 buttons (?!); * on another computer, a laptop Pentium 4 @ 2.6 GHz with 512 MB of RAM running SimplyMEPIS 6.5 (kernel 2.6.15.x), the keyboard has 37 axes and 7 buttons (?!); * on both computers, I have to unplug the keyboard if I want games such as PlanetPenguinRacer and Nexuiz to be playable. Otherwise, the penguin strongly drifts leftwards (PPR), or the weapon drifts up-leftwards very fast (Nexuiz).
=> there's certainly another problem outside of Wine (the kernel, since Wine uses the kernel API, and the number of buttons reported has changed between 2.6.15.x and 2.6.22.x ?). But still, the dinput implementation should try not to crash, even if it's fed up incorrect data - that's the reason of me opening this bug here.
To help debugging the Wine part of the issue, I can * try patches that would be provided to me; * run executables on Wine and native Windows. Both laptops still have the Windows XP (1 Home, 1 Pro) that was on the HD when I bought the computers. I never installed the suite of Microsoft programs that would enable the Zoom slider. (I currently have nothing installed for compiling native Windows executables, be it mingw or MSVC + PSDK - but I could probably ask a friend to compile programs for me on MSVC 2008 + PSDK)
To help debugging the other part of the issue, where should I write ?
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #1 from Lionel Debroux lionel_debroux@yahoo.fr 2008-02-19 08:28:53 --- Created an attachment (id=10842) --> (http://bugs.winehq.org/attachment.cgi?id=10842) Trace of the dinput device.c test with WINEDEBUG="warn+heap,+dinput"
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #2 from Lionel Debroux lionel_debroux@yahoo.fr 2008-02-19 08:32:40 --- Created an attachment (id=10843) --> (http://bugs.winehq.org/attachment.cgi?id=10843) Trace of the dinput joystick.c test with WINEDEBUG="warn+heap,+dinput"
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #3 from Lionel Debroux lionel_debroux@yahoo.fr 2008-02-19 08:34:30 --- Created an attachment (id=10844) --> (http://bugs.winehq.org/attachment.cgi?id=10844) Relevant part of the 'make test' trace with WINEDEBUG="warn+heap"
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #4 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-19 09:51:51 --- Is this still reproducible in wine-0.9.60? I can't find anything wrong in the places it crashes.
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #5 from Lionel Debroux lionel_debroux@yahoo.fr 2008-04-19 10:47:58 --- Created an attachment (id=12298) --> (http://bugs.winehq.org/attachment.cgi?id=12298) Traces with Wine 0.9.60 + two patches...
It still happens with 0.9.60. Here are the traces I've just generated. They contain several traces I added to try help debugging the problem, I intended to submit some of them to wine-patches before the code freeze. As you'll see, the warn+dinput trace shows lots of warnings with strange data.
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #6 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-22 23:49:03 --- (In reply to comment #5)
Created an attachment (id=12298)
--> (http://bugs.winehq.org/attachment.cgi?id=12298) [details] Sorry that doesn't help. Attach crash without any extra patches (GIT as-is) with WINEDEBUG=+dinput,+tid Also please try running the test in question directly not via "make test"
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #7 from Lionel Debroux lionel_debroux@yahoo.fr 2008-04-24 14:42:25 --- Created an attachment (id=12446) --> (http://bugs.winehq.org/attachment.cgi?id=12446) +dinput,+tid traces of the 4 dinput tests launched individually
$ ./wine --version wine-0.9.60-257-gd141638 All my local patches to dinput have been reverted.
With +dinput, the device and joystick tests crash at a different place than with warn+dinput, while dumping the data.
The patch "dinput: Limit number of supported axis and buttons" that you sent today on wine-patches changes the behaviour a bit (the address where the read fault occurs changes from 0x00005104 to 0x00003e04), but the tests still crash nevertheless.
http://bugs.winehq.org/show_bug.cgi?id=11644
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #8 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-28 00:06:25 --- Patch sent. It should fix this crash caused by incorrect generation of axes mapping array. Confirming - got the crash too with faking 37 axes from a joystick.
http://bugs.winehq.org/show_bug.cgi?id=11644
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |vitaliy@kievinfo.com
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #9 from Lionel Debroux lionel_debroux@yahoo.fr 2008-04-28 02:21:50 --- The patch fixes the crashes in the device and joystick test. Tested-by: Lionel Debroux lionel_debroux@yahoo.fr
However, dinput is still reading memory that it shouldn't read: 0009:warn:dinput:JoystickAImpl_GetCapabilities invalid pointer 0009:warn:dinput:JoystickAImpl_GetCapabilities invalid parameter 0009:warn:dinput:JoystickAImpl_SetProperty invalid parameter: ph == NULL 0009:warn:dinput:JoystickAImpl_GetDeviceInfo invalid parameter: pdidi->dwSize = 0 != 560 or 580 0009:warn:dinput:joy_polldev axis 2128299396 not supported (various incorrect axis numbers show up) dinput is probably interpreting an unrelated area of memory (a few pages starting at 0x0, I guess) as joystick properties.
Now, I think I'm going to report the trouble I'm experiencing with Nexuiz and PPR.
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #10 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-28 08:20:43 --- Thank you for testing it. Indeed there was a small typo. Additional patch sent.
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #11 from Lionel Debroux lionel_debroux@yahoo.fr 2008-04-28 13:21:10 --- Created an attachment (id=12549) --> (http://bugs.winehq.org/attachment.cgi?id=12549) warn+dinput trace of the joystick test
Well, even after applying the additional patch, there's still a number of dinput warnings... I've updated my Git repository after today's commits, rebuilt and regenerated a full +dinput,+tid trace of the joystick test (with your additional patch applied).
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #12 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-28 22:24:15 --- Those warnings are perfectly normal - that's what tests are testing - invalid input data.
This bug is closed - no more crash.
http://bugs.winehq.org/show_bug.cgi?id=11644
--- Comment #13 from Vitaliy Margolen vitaliy@kievinfo.com 2008-04-28 23:59:01 --- Oh never mind. Didn't look far enough into the log. I see - so you getting those extra axis from the device. Not entirely sure what to do about this... Probably should still map them to -1
http://bugs.winehq.org/show_bug.cgi?id=11644
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tgheretford@fast4.net
--- Comment #14 from Vitaliy Margolen vitaliy@kievinfo.com 2008-05-02 19:47:08 --- *** Bug 12140 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11644
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #15 from Vitaliy Margolen vitaliy@kievinfo.com 2008-05-07 22:02:34 --- Fixed in current GIT. All extra axes (past supported 8) should be ignored.
http://bugs.winehq.org/show_bug.cgi?id=11644
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #16 from Alexandre Julliard julliard@winehq.org 2008-05-09 12:54:54 --- Closing bugs fixed in 1.0-rc1.
-
wine-bugs@winehq.org