http://bugs.winehq.org/show_bug.cgi?id=19160
Summary: Orly's Draw-A-Story demo crashes on startup Product: Wine Version: 1.1.24 Platform: PC URL: http://www.tjande.com/orly/orlydemo.zip OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdi32 AssignedTo: wine-bugs@winehq.org ReportedBy: arethusa26@gmail.com
Created an attachment (id=22147) --> (http://bugs.winehq.org/attachment.cgi?id=22147) Orly's Draw-A-Story demo backtrace
With today's Git (wine-1.1.24-537-gfb0275d), when attempting to start the Orly's Draw-A-Story demo, the application immediately crashes in CreateDCA instead of starting as expected. A backtrace is attached.
http://bugs.winehq.org/show_bug.cgi?id=19160
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=19160
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #1 from Nikolay Sivov bunglehead@gmail.com 2009-07-03 03:57:51 --- (In reply to comment #0)
Created an attachment (id=22147)
--> (http://bugs.winehq.org/attachment.cgi?id=22147) [details]
Orly's Draw-A-Story demo backtrace
With today's Git (wine-1.1.24-537-gfb0275d), when attempting to start the Orly's Draw-A-Story demo, the application immediately crashes in CreateDCA instead of starting as expected. A backtrace is attached.
I can confirm this. I've tried with same version, backtrace is identical.
http://bugs.winehq.org/show_bug.cgi?id=19160
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |win16
http://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #2 from Trygve Vea trygve.vea@gmail.com 2011-01-09 12:29:59 CST --- Created an attachment (id=32789) --> (http://bugs.winehq.org/attachment.cgi?id=32789) WINEDEBUG=+seh,+relay
Still crashing in wine 1.3.11.
Different backtrace.
http://bugs.winehq.org/show_bug.cgi?id=19160
Sylvain Petreolle spetreolle@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |spetreolle@yahoo.fr
http://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #3 from Sylvain Petreolle spetreolle@yahoo.fr 2012-02-19 16:15:57 CST --- Looks like bug 19508.
https://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #4 from Austin English austinenglish@gmail.com --- Backtrace: =>0 0xf74f0fcf in libc.so.6 (+0x132fcf) (0x0086e518) 1 0x7ebf447a GdiConvertToDevmodeW+0x149(dmA=<couldn't compute location>) [/home/austin/wine-git/dlls/gdi32/driver.c:848] in gdi32 (0x0086e518) 2 0x7ebc43ee CreateDCA+0xbd(driver=<couldn't compute location>, device=<couldn't compute location>, output=<couldn't compute location>, initData=<couldn't compute location>) [/home/austin/wine-git/dlls/gdi32/dc.c:700] in gdi32 (0x0086e588) 3 0x7e880c51 CreateDC16+0x30(driver=<couldn't compute location>, device=<couldn't compute location>, output=<couldn't compute location>, initData=<couldn't compute location>) [/home/austin/wine-git/dlls/gdi.exe16/gdi.c:1175] in gdi.exe16 (0x0086e5b8) 4 0x7e87bbcb in gdi.exe16 (+0xbbca) (0x0086e5e8) 5 0x7ea82ca6 __wine_call_from_16+0x75() in krnl386.exe16 (0x0086e618)
still in wine-1.7.20-33-g3ccaad8
https://bugs.winehq.org/show_bug.cgi?id=19160
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #5 from super_man@post.com --- Backtrace: =>0 0xf751e19a in libc.so.6 (+0x12e19a) (0x0086e518) 1 0x7ea43000 _DYNAMIC+0x11f() in gdi32 (0x0086e518)
wine 1.7.49
https://bugs.winehq.org/show_bug.cgi?id=19160
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #6 from joaopa jeremielapuree@yahoo.fr --- Here is a backtrace with the current git Unhandled exception: page fault on read access to 0x00936d7c in 32-bit code (0xf744cf83). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f744cf83 ESP:0086e4e8 EBP:0086e538 EFLAGS:00210287( R- -- I S - -P-C) EAX:00927a8c EBX:f74da000 ECX:0000f300 EDX:0018c264 ESI:0018c264 EDI:00000034 Stack dump: 0x0086e4e8: 7eb8d000 7eb22945 0018c264 00927a8c 0x0086e4f8: 0000f300 f7533e8a f76cd000 7eb648a6 0x0086e508: 0086e548 0000009c 0018c188 00dc0006 0x0086e518: 009279f0 0018c188 0000198f 7eb22806 0x0086e528: 0086e550 7eb8d000 00000000 0086e574 0x0086e538: 0086e5a8 7eaf2bae 00000000 0086e574 Backtrace: =>0 0xf744cf83 in libc.so.6 (+0x129f83) (0x0086e538) 1 0x7eb22945 GdiConvertToDevmodeW+0x154(dmA=<couldn't compute location>) [/home/david/wine/dlls/gdi32/driver.c:849] in gdi32 (0x0086e538) 2 0x7eaf2bae CreateDCA+0xbd(driver=<couldn't compute location>, device=<couldn't compute location>, output=<couldn't compute location>, initData=<couldn't compute location>) [/home/david/wine/dlls/gdi32/dc.c:700] in gdi32 (0x0086e5a8) 3 0x7e64d881 CreateDC16+0x20(driver=<couldn't compute location>, device=<couldn't compute location>, output=<couldn't compute location>, initData=<couldn't compute location>) [/home/david/wine/dlls/gdi.exe16/gdi.c:1175] in gdi.exe16 (0x0086e5d8) 4 0x7e648c53 deregister_tm_clones+0x2d2() in gdi.exe16 (0x0086e608) 5 0x7e9b2e4e __wine_call_from_16+0x75() in krnl386.exe16 (0x0086e638)
https://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #7 from Dmitry Timoshkov dmitry@baikal.ru --- Created attachment 52081 --> https://bugs.winehq.org/attachment.cgi?id=52081 patch
Attached patch fixes particular crash in CreateDC16 due to huge (not initialized dmDriverExtra) field. Application still crashes, but in a different place.
https://bugs.winehq.org/show_bug.cgi?id=19160
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Orly's Draw-A-Story demo |Orly's Draw-A-Story demo |crashes on startup |crashes on startup | |(dmDriverExtra is not | |initialized)
https://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #8 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Dmitry Timoshkov from comment #7)
Created attachment 52081 [details] patch
Attached patch fixes particular crash in CreateDC16 due to huge (not initialized dmDriverExtra) field. Application still crashes, but in a different place.
It's worth to note that it's almost impossible to test whether it's correct to modify dmDriverExtra in the application provided buffer, since the target app is 16-bit and the test has to be 16-bit as well.
https://bugs.winehq.org/show_bug.cgi?id=19160
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #9 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Dmitry Timoshkov from comment #8)
(In reply to Dmitry Timoshkov from comment #7)
Created attachment 52081 [details] patch
Attached patch fixes particular crash in CreateDC16 due to huge (not initialized dmDriverExtra) field. Application still crashes, but in a different place.
It's worth to note that it's almost impossible to test whether it's correct to modify dmDriverExtra in the application provided buffer, since the target app is 16-bit and the test has to be 16-bit as well.
Did you check if the ->Size field contains a valid value? If it also contains some unusual value, Wine should probably ignore the whole struct.
https://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #10 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Sebastian Lackner from comment #9)
Did you check if the ->Size field contains a valid value? If it also contains some unusual value, Wine should probably ignore the whole struct.
err:gdi:CreateDC16 dmSize 1209, dmDriverExtra 62208, sizeof(DEVMODEA) 156
All values are in decimal. So, it seems you are right, and dmSize is way too large. But that doesn't mean that whole DEVMODE should be ignored because of that, in win16 days is wasn't unusual to leave some fields not initialized.
On the other hand the driver being requested is "DIRDIB" and CreateDC() would fail anyway since it doesn't exist, and ignoring the passed in DEVMODE woudln't change much.
https://bugs.winehq.org/show_bug.cgi?id=19160
--- Comment #11 from super_man@post.com --- Still fails wine 1.9.9 and staging 1.9.8
https://bugs.winehq.org/show_bug.cgi?id=19160
winetest@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com
--- Comment #12 from winetest@luukku.com --- As expected still crashes wine 2.11 and staging 2.10. I don't know for what reason staging gives a totally different output. Just wine gives the same or very similar than here before.
-
wine-bugs@winehq.org