https://bugs.winehq.org/show_bug.cgi?id=42554
Bug ID: 42554 Summary: The Magic School Bus Explores The Solar System crashes while loading Product: Wine Version: 2.2 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: z.figura12@gmail.com Distribution: ---
Created attachment 57458 --> https://bugs.winehq.org/attachment.cgi?id=57458 backtrace without environment variables
The exact symptoms of the crash seem to vary depending on whether the WINEDEBUG and WINEPREFIX variables are set (but not what they are set to). Other environment variables might have an effect, but none of WINEARCH, WINEDLLOVERRIDES, WINESERVER do.
If neither are set, the crash looks like:
fixme:mmio:MMIO_InstallIOProc Global procedures not implemented wine: Unhandled page fault on read access to 0x00001240 at address 0x101f:0x0000f104 (thread 0039), starting debugger... Unhandled exception: page fault on read access to 0x00001240 in segmented 32-bit code (101f:00000509).
If one of the two is set (it does not matter which), the crash looks like:
fixme:mmio:MMIO_InstallIOProc Global procedures not implemented wine: Unhandled page fault on read access to 0xffffffff at address 0x101f:0x000016ca (thread 0039), starting debugger... Unhandled exception: page fault on read access to 0xffffffff in segmented 32-bit code (101f:00000509).
If both are set, the crash looks like:
fixme:mmio:MMIO_InstallIOProc Global procedures not implemented fixme:mciavi:MCIAVI_mciSetAudio (0002, 00004002, 0x66e3d8) Item 0000: stub fixme:mciavi:MCIAVI_mciSetAudio (0002, 00002002, 0x66e3d8) Item 0000: stub fixme:mciavi:MCIAVI_mciPlay Unsupported flag 01000005 fixme:mmio:MMIO_InstallIOProc Global procedures not implemented wine: Unhandled page fault on read access to 0x00004540 at address 0x101f:0x000016b6 (thread 0039), starting debugger... Unhandled exception: page fault on read access to 0x00004540 in segmented 32-bit code (101f:00000509).
In the former two cases, the program crashes immediately before playing the introductory video; in the latter case, the program crashes immediately after the video is played (or skipped).
It may be noteworthy that the crash always occurs in DPMI_PendingEventCheck() rather than in the program proper, with the problematic instruction being "testl $0xffffffff,%fs:0x00000200".
I ran a +heap trace and didn't come up with anything.
https://bugs.winehq.org/show_bug.cgi?id=42554
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |41209 Keywords| |win16 CC| |z.figura12@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=42554
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |ole16
--- Comment #1 from Zebediah Figura z.figura12@gmail.com --- I took another look at this.
The crash is obscured by Wine's thunking code (which should maybe be fixed accordingly), but has to do with the game trying to invoke IMalloc::Alloc() on a garbled or junk interface. Modifying CoInitialize16() to ignore its parameter (and just use the internal IMalloc16 implementation) works around the issue, and the initial game screen loads.
https://bugs.winehq.org/show_bug.cgi?id=42554
--- Comment #2 from Zebediah Figura z.figura12@gmail.com --- The location of the crash is because call16_handler() attempts to inject a call to DPMI_PendingEventCheck(). It modifies the cs:ip and stack of the CONTEXT structure in order to do so, expecting that the function will continue execution—but it doesn't.
I don't know how to correctly fix this.
In any case, if that code is removed, the actual location of the crash is at 12bf:16b3, and the offending instruction is "lesw %es:(%bx),%bx"
https://bugs.winehq.org/show_bug.cgi?id=42554 Bug 42554 depends on bug 41209, which changed state.
Bug 41209 Summary: The Magic School Bus Explores the Solar System: Error message asking for the game to be reinstalled https://bugs.winehq.org/show_bug.cgi?id=41209
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
https://bugs.winehq.org/show_bug.cgi?id=42554
Mike Petersen egahcut9@member.fsf.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |egahcut9@member.fsf.org
--- Comment #3 from Mike Petersen egahcut9@member.fsf.org --- The game also crash at start up with Wine 3.0-rc4 on ArchLinux x86-64.
https://bugs.winehq.org/show_bug.cgi?id=42554
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #4 from Zebediah Figura z.figura12@gmail.com --- I tried to AddRef() the IMalloc interface, with no luck. Whatever's broken is broken in a pretty awful way.
https://bugs.winehq.org/show_bug.cgi?id=42554
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=42554
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |9af935a519e511625f6c5e57be7 | |d1f1b48cded5e Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #5 from Zebediah Figura z.figura12@gmail.com --- Fixed by https://source.winehq.org/git/wine.git/commitdiff/588af8ca85a4f79b301c4a323a18d60b8b5d4e02 and https://source.winehq.org/git/wine.git/commitdiff/9af935a519e511625f6c5e57be7d1f1b48cded5e.
https://bugs.winehq.org/show_bug.cgi?id=42554
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.1.
-
wine-bugs@winehq.org -
WineHQ Bugzilla