http://bugs.winehq.org/show_bug.cgi?id=10280
Summary: Oblivion: Horse Armor Crash Product: Wine Version: 0.9.48. Platform: All OS/Version: All Status: UNCONFIRMED Severity: minor Priority: P3 Component: wine-kernel AssignedTo: wine-bugs@winehq.org ReportedBy: noboundaries_au@hotmail.com
Created an attachment (id=8931) --> (http://bugs.winehq.org/attachment.cgi?id=8931) terminal output
Oblivion crashes if a horse is ridden that is equipped with Horse Armor from the Official Horse Armor Mod for Oblivion.
Steps to reproduce: Ride any horse wearing horse armor.
Results: Oblivion will crash within a few seconds.
Expected Results: No crash, keep riding horse like in Windows.
Wine Build: 0.9.48 OS Platform: Ubuntu 7.10 AMD64 Additional Information: This bug is not restricted to a single Wine build or OS. It is present in all. It is a relatively well known bug for the game in Wine, but there was no bugzilla entry.
http://bugs.winehq.org/show_bug.cgi?id=10280
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |normal Component|wine-kernel |wine-directx-dsound OS/Version|All |Linux Platform|All |PC-x86-64
http://bugs.winehq.org/show_bug.cgi?id=10280
Chris chris.kcat@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |chris.kcat@gmail.com
--- Comment #1 from Chris chris.kcat@gmail.com 2007-11-02 09:28:42 --- I think this may need to be marked Invalid. While their may be a genuine Wine bug, the DLCs are a well-known problem with crashes on Windows, especially if you have other mods active. Trying to discern between a Wine problem and a game problem would be virtually impossible, IMO.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #2 from Karl noboundaries_au@hotmail.com 2007-11-02 19:23:33 --- Its definately a Wine problem, it will happen without fail on any install of Wine. It effects every Wine+Oblivion user. Its listed on many of the various wikis and articles around the web for installing Oblivion on linux because of this. It happens even when this is the only mod installed. And is completely reproducable in a Wine envrionment only.
http://bugs.winehq.org/show_bug.cgi?id=10280
Karl noboundaries_au@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |noboundaries_au@hotmail.com
--- Comment #3 from Karl noboundaries_au@hotmail.com 2007-11-02 19:44:33 --- Just to clear things up, this output was captured on a new wine and oblivion install. Not an old install with many mods that could be prone to other errors.
http://bugs.winehq.org/show_bug.cgi?id=10280
sean dwyer ewetoo@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ewetoo@gmail.com
--- Comment #4 from sean dwyer ewetoo@gmail.com 2007-11-08 20:54:41 --- (In reply to comment #1)
I think this may need to be marked Invalid. While their may be a genuine Wine bug, the DLCs are a well-known problem with crashes on Windows, especially if you have other mods active. Trying to discern between a Wine problem and a game problem would be virtually impossible, IMO.
I can confirm this bug. It happened on my dell 32bit laptop under wine 0.9.47 with an updated Oblivion running DLCHorseArmor.esp. It seems that mounting the horse is the trigger, since I was able to continue the game from that point if I avoided the horse.
http://bugs.winehq.org/show_bug.cgi?id=10280
Maarten Lankhorst maarten@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maarten@codeweavers.com
--- Comment #5 from Maarten Lankhorst maarten@codeweavers.com 2007-11-11 09:25:17 --- I will need a WINEDEBUG=+mmio to figure this one out.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #6 from Karl noboundaries_au@hotmail.com 2007-11-11 22:41:02 --- Using WINEDEBUG=+mmio causes the launcher to not allow you to click the "Play" button (is greyed out), and running the game directly results in a crash straight away.
http://bugs.winehq.org/show_bug.cgi?id=10280
Maarten Lankhorst maarten@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|wine-directx-dsound |wine-multimedia
--- Comment #7 from Maarten Lankhorst maarten@codeweavers.com 2007-11-12 04:45:00 --- Send a winedebug log of that anyway then. You have to start somewhere. ;-)
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #8 from Karl noboundaries_au@hotmail.com 2007-11-12 07:50:35 --- Created an attachment (id=9124) --> (http://bugs.winehq.org/attachment.cgi?id=9124) Output with +mmio
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #9 from Maarten Lankhorst maarten@codeweavers.com 2007-11-21 15:56:53 --- Can you do WINEDEBUG=+mmio,-d3d ?
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #10 from sean dwyer ewetoo@gmail.com 2007-11-29 21:23:38 --- Here's the +d3d from standing in front of the horse until the crash, sorry its compressed but the text output is about a gig in size. Too big to store here, here's a link:
http://rapidshare.com/files/73240269/d3d-oblivion.7z.html
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #11 from Maarten Lankhorst maarten@codeweavers.com 2007-11-30 01:30:57 --- I asked for a +mmio,-d3d so a lot of the background noise would vanish, not a +d3d. ;-) And please use bzip2, 7zip is hard for me to open.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #12 from sean dwyer ewetoo@gmail.com 2007-12-09 01:39:00 --- Created an attachment (id=9569) --> (http://bugs.winehq.org/attachment.cgi?id=9569) Output with +mmio,-d3d
Sorry, here is a fixed debug script, from the same position as before.
http://bugs.winehq.org/show_bug.cgi?id=10280
James Hawkins truiken@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|_obsolete_multimedia |-unknown
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #13 from Austin English austinenglish@gmail.com 2008-06-04 11:27:50 --- Is this still an issue in 1.0-rc3 or newer wine?
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #14 from Urpo Lankinen wwwwolf@iki.fi 2008-06-10 12:24:50 --- Based on a quick test (1.0rc3 / Debian x86) it still seems to crash.
http://bugs.winehq.org/show_bug.cgi?id=10280
Jens Ehlert jensehl@aol.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jensehl@aol.com
--- Comment #15 from Jens Ehlert jensehl@aol.com 2008-09-30 06:17:28 --- I think the bug is made by the soundfiles (missing codec or something). Has anybody tested to replace this files?
http://bugs.winehq.org/show_bug.cgi?id=10280
Xavier Vachon xvachon@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xvachon@gmail.com
--- Comment #16 from Xavier Vachon xvachon@gmail.com 2008-12-10 09:48:33 --- This is still an issue it seems. I tried to ride my horse outside Bruma, and it crashed within 5 seconds. I think that the relevant information has already been posted, but should you need anything, I can try to provide it. Wine 1.1.10 on Ibex.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #17 from Austin English austinenglish@gmail.com 2008-12-10 09:58:59 --- Please attach terminal output.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #18 from Xavier Vachon xvachon@gmail.com 2008-12-10 10:10:48 --- Created an attachment (id=17801) --> (http://bugs.winehq.org/attachment.cgi?id=17801) Terminal output as requested.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #19 from Xavier Vachon xvachon@gmail.com 2008-12-10 10:17:10 --- (In reply to comment #18)
Created an attachment (id=17801)
--> (http://bugs.winehq.org/attachment.cgi?id=17801) [details]
Terminal output as requested.
I forgot to mention, I am using the unofficial patches for the game, expansion and additions from planetelderscrolls.com. I tested the game yesterday in Windows Vista, and it runs flawlessly.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #20 from Austin English austinenglish@gmail.com 2008-12-10 11:04:04 --- Your log lacks debugging symbols. If you built from source, make sure you used CFLAGS="-g" and didn't use strip.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #21 from Xavier Vachon xvachon@gmail.com 2008-12-10 11:08:44 --- (In reply to comment #20)
Your log lacks debugging symbols. If you built from source, make sure you used CFLAGS="-g" and didn't use strip.
It is not built from source, it is a .deb package. If it is necessary to use source however to have these, I can download the source, reinstall the game in it and test again.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #22 from Austin English austinenglish@gmail.com 2008-12-10 12:09:57 --- (In reply to comment #21)
(In reply to comment #20)
Your log lacks debugging symbols. If you built from source, make sure you used CFLAGS="-g" and didn't use strip.
It is not built from source, it is a .deb package. If it is necessary to use source however to have these, I can download the source, reinstall the game in it and test again.
Install wine-dev.
http://bugs.winehq.org/show_bug.cgi?id=10280
Xavier Vachon xvachon@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #17801|0 |1 is obsolete| |
--- Comment #23 from Xavier Vachon xvachon@gmail.com 2008-12-10 12:38:28 --- Created an attachment (id=17808) --> (http://bugs.winehq.org/attachment.cgi?id=17808) New log as requested
Installed wine-dev and new log reproducing the issue. Does it contain what you need?
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #24 from Austin English austinenglish@gmail.com 2008-12-10 12:58:13 --- (In reply to comment #23)
Created an attachment (id=17808)
--> (http://bugs.winehq.org/attachment.cgi?id=17808) [details]
New log as requested
Installed wine-dev and new log reproducing the issue. Does it contain what you need?
No:
2 0x7e9011e5 mmioDescend+0x195() in winmm (0x0033f0d4)
This should have a source code line in it.
As a wild guess, what happens if you disable winmm?
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #25 from Austin English austinenglish@gmail.com 2008-12-10 19:44:43 --- Missed you in IRC. You can disable winmm with:
$ WINEDLLOVERRIDES="winmm=" wine oblivion.exe
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #26 from Xavier Vachon xvachon@gmail.com 2008-12-10 19:52:34 --- (In reply to comment #25)
Missed you in IRC. You can disable winmm with:
$ WINEDLLOVERRIDES="winmm=" wine oblivion.exe
xavier@xavier:/wine/oblivion/drive_c/jeu$ WINEDLLOVERRIDES="winmm=" wine oblivion.exe err:module:import_dll Library WINMM.dll (which is needed by L"C:\jeu\oblivion.exe") not found err:module:import_dll Library winmm.dll (which is needed by L"C:\windows\system32\dsound.dll") not found err:module:import_dll Library DSOUND.dll (which is needed by L"C:\jeu\oblivion.exe") not found err:module:import_dll Library WINMM.dll (which is needed by L"C:\jeu\binkw32.dll") not found err:module:import_dll Library binkw32.dll (which is needed by L"C:\jeu\oblivion.exe") not found err:module:LdrInitializeThunk Main exe initialization for L"C:\jeu\oblivion.exe" failed, status c0000135
Haha. Looks like it's not it!
http://bugs.winehq.org/show_bug.cgi?id=10280
John Jackson notlee@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |notlee@gmail.com
--- Comment #27 from John Jackson notlee@gmail.com 2009-01-19 14:45:09 --- Well this is still present for me in wine 1.1.13 with fully patched Oblivion.
http://bugs.winehq.org/show_bug.cgi?id=10280
Eugene Maslovich ehpc@yandex.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ehpc@yandex.ru
--- Comment #28 from Eugene Maslovich ehpc@yandex.ru 2009-01-27 22:07:18 --- Wine 1.1.12. I have this bug too. Whenever I get on horse, Oblivion crashes after few seconds. If a horse stands alone, nothing happens.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #29 from Austin English austinenglish@gmail.com 2009-07-30 11:57:48 --- Is this still an issue in current (1.1.26 or newer) wine?
http://bugs.winehq.org/show_bug.cgi?id=10280
Alexandr sss123next@list.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sss123next@list.ru
--- Comment #30 from Alexandr sss123next@list.ru 2009-10-04 00:50:28 --- game working as excepted if completely turn off sound, maybe this info helps...
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #31 from Xavier Vachon xvachon@gmail.com 2010-01-12 19:56:38 --- (In reply to comment #29)
Is this still an issue in current (1.1.26 or newer) wine?
Confirming, still an issue with wine 1.1.36
http://bugs.winehq.org/show_bug.cgi?id=10280
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #32 from Austin English austinenglish@gmail.com 2010-01-13 10:15:04 --- Confirming then.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #33 from Tim tccowper@yahoo.com.au 2010-07-20 04:08:45 --- Created an attachment (id=29719) --> (http://bugs.winehq.org/attachment.cgi?id=29719) Workaround using null terminated FOURCC strings
http://bugs.winehq.org/show_bug.cgi?id=10280
Tim tccowper@yahoo.com.au changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tccowper@yahoo.com.au
--- Comment #34 from Tim tccowper@yahoo.com.au 2010-07-20 04:10:17 --- Apologies in advance if this comment is a bit lengthy. I have investigated further, testing with Oblivion on my machine and can clarify a bit further:
1. While the player is riding a horse with armour, Oblivion plays a number of sound files. One of these, 'data\sound\fx\npc\horse\foot\armor\npc_horse_foot_armor_01.wav', causes the crash.
2. As with the other sound files, the code path runs through mmio.c:
(a) the file is opened for reading via a call to MMIO_Open('data\sound\fx\npc\horse\foot\armor\npc_horse_foot_armor_01.wav', 0x33f11c, 00010000, ansi) - this function is documented at http://msdn.microsoft.com/en-us/library/dd757331%28v=VS.85%29.aspx;
(b) a custom I/O procedure is installed on the fly with a FOURCC code of " WAV" via a call to MMIO_InstallIOProc(00564157, 0x6aaaa0, 00010000, ansi) - see http://msdn.microsoft.com/en-us/library/dd757323%28VS.85%29.aspx;
(c) an internal buffer of 8192 bytes is allocated via a call to MMIO_SetBuffer(0x5c5f420 (nil) 8192 0) - see http://msdn.microsoft.com/en-us/library/dd757338%28VS.85%29.aspx; and
(d) a call is then made to descend into the parent chunk of the file via mmioDescend(0x37, 0x33f0c0, (nil), 0000) - see http://msdn.microsoft.com/en-us/library/dd757318%28VS.85%29.aspx.
3. The actual crash occurs in the mmioDescend function when the code attempts to make the following TRACE call, resulting in a buffer overflow ("wine_dbg_vprintf: debugstr buffer overflow"):
TRACE("ckid=%4.4s fcc=%4.4s cksize=%08X !\n",(LPCSTR)&lpck->ckid, srchType ? (LPCSTR)&lpck->fccType:"<na>",lpck->cksize);
After separating this statement into its individual elements, recompiling and doing another trace, we can be more specific and say that the crash occurs when the attempt is made to cast the FOURCC &lpck->ckid as a string pointer then pass this to TRACE to print, i.e. the following is what calls the crash:
TRACE("ckid=%4.4s\n", (LPCSTR)&lpck->ckid);
At the time this call is made the value of lpck->ckid is 9FFEA1FE.
The FOURCC datatype (http://msdn.microsoft.com/en-us/library/dd375802%28VS.85%29.aspx) consists of 4 bytes, 1 for each character. There is no null-terminating byte, but as Eric points out, this should not be a problem as the %4.4s format specifier in the TRACE call should only print four characters. A minor niggle with this approach is that it does not respect byte order (assumes little endian), but that's not the concern here.
What then is tripping the buffer overflow assertion in wine_dbg_vprintf and causing the crash? I don't know yet. Could there be a bug in the wine_dbg_printf function itself?
In any case, and somewhat oddly, if I include a standard function to convert FOURCC codes into null terminated strings (also respecting byte order), then feed these into the TRACE calls, there is no crash.
I have no idea why, but at least it's a workaround for this bug. I've attached a patch, along with a modified form of mmio.c and the trace it produces, which shows the two approaches running side by side.
Another more simple way to work around this if you don't care about receiving the mmio debug info is to just comment out or delete all the TRACE calls in the mmioDescend function of mmio.c, recompile wine and run Oblivion with that.
Hope this helps someone, and thanks again to the Wine team for their amazing effort in getting complex games like this to run on Linux.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #35 from Tim tccowper@yahoo.com.au 2010-07-20 04:11:46 --- Created an attachment (id=29720) --> (http://bugs.winehq.org/attachment.cgi?id=29720) Modified mmio.c with two approaches side by side
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #36 from Tim tccowper@yahoo.com.au 2010-07-20 04:12:34 --- Created an attachment (id=29721) --> (http://bugs.winehq.org/attachment.cgi?id=29721) mmio trace using modified mmio.c
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #37 from Maarten Lankhorst m.b.lankhorst@gmail.com 2010-07-20 04:14:36 --- Hi,
You're right, the traces are faulty. Thanks for isolating the problem.
However, the correct fix is not to add a helper function, change the (LPCSTR)&xx to debugstr_an((LPCSTR)&xx, 4) this is a lot cleaner solution, and also used in other places. Feel free to send that patch to wine-patches@winehq.org and you might want to investigate if elsewhere in that file those bugs occur :)
http://bugs.winehq.org/show_bug.cgi?id=10280
Tim tccowper@yahoo.com.au changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #29720|0 |1 is obsolete| |
--- Comment #38 from Tim tccowper@yahoo.com.au 2010-07-20 04:17:12 --- Created an attachment (id=29722) --> (http://bugs.winehq.org/attachment.cgi?id=29722) Modified mmio.c with two approaches side by side
Oops uploaded the wrong file
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #39 from Tim tccowper@yahoo.com.au 2010-07-20 04:18:46 --- Wow that was a quick response - thanks Maarten. I'll send in another patch.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #40 from Tim tccowper@yahoo.com.au 2010-07-20 05:31:01 --- Patch using debugstr_a & debugstr_an now submitted. Tested with Oblivion and can confirm this approach also fixes the bug.
http://bugs.winehq.org/show_bug.cgi?id=10280
--- Comment #41 from Xavier Vachon xvachon@gmail.com 2010-07-24 22:14:07 --- (In reply to comment #40)
Patch using debugstr_a & debugstr_an now submitted. Tested with Oblivion and can confirm this approach also fixes the bug.
Your patch was committed, and indeed it fixes the bug for me too. This should be closed.
http://bugs.winehq.org/show_bug.cgi?id=10280
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #42 from Dmitry Timoshkov dmitry@codeweavers.com 2010-07-25 01:26:35 --- Reported fixed.
http://bugs.winehq.org/show_bug.cgi?id=10280
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #43 from Alexandre Julliard julliard@winehq.org 2010-07-30 12:54:50 --- Closing bugs fixed in 1.3.0.
-
wine-bugs@winehq.org