https://bugs.winehq.org/show_bug.cgi?id=36683

Bug ID: 36683 Summary: RPG Maker VX 1.02a: clicking menu item results in 'Out of memory' error message Product: Wine Version: 1.7.19 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: winmm&mci Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net

Hello folks,

found during investigation of other bugs. Also mentioned in appdb entry without actual bug report.

Reproduce: click 'About ...' or any other main menu item.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Enterbrain/RPGVXAce

$ WINEDEBUG=+tid,+seh,+relay,+winmm,+mmio wine ./RPGVXAce.exe >>log.txt 2>&1 ... 0023:Ret window proc 0x5095b0 (hwnd=0x100c6,msg=WM_LBUTTONUP,wp=00000000,lp=00300038) retval=00000000 0023:Ret user32.IsDialogMessageW() retval=00000001 ret=004fef38 ... 0023:Call user32.DispatchMessageW(00169638) ret=004fdd84 0023:Call window proc 0x5095b0 (hwnd=0x2008e,msg=WM_COMMAND,wp=0000e140,lp=00000000) 0023:Call user32.GetParent(0002008e) ret=00509754 0023:Ret user32.GetParent() retval=00000000 ret=00509754 0023:Call user32.GetCapture() ret=00402e34 0023:Ret user32.GetCapture() retval=00000000 ret=00402e34 0023:Call user32.IsWindowEnabled(0002008e) ret=004ff0ca 0023:Ret user32.IsWindowEnabled() retval=00000001 ret=004ff0ca 0023:Call KERNEL32.FindResourceW(10000000,0000150f,0000000a) ret=011cc46e 0023:Ret KERNEL32.FindResourceW() retval=10009360 ret=011cc46e 0023:Call KERNEL32.SizeofResource(10000000,10009360) ret=0079a72e 0023:Ret KERNEL32.SizeofResource() retval=0002b8bc ret=0079a72e 0023:Call KERNEL32.LoadResource(10000000,10009360) ret=0079a75b 0023:Ret KERNEL32.LoadResource() retval=102991f8 ret=0079a75b 0023:Call KERNEL32.LockResource(102991f8) ret=011caff2 0023:Ret KERNEL32.LockResource() retval=102991f8 ret=011caff2 0023:Call winmm.mmioOpenW(00000000,003392ec,00000000) ret=0079a7db 0023:trace:mmio:MMIO_Open ((null), 0x3392ec, 00000000, unicode); 0023:Call ntdll.RtlAllocateHeap(00110000,00000008,00000058) ret=7cb2f81c 0023:Ret ntdll.RtlAllocateHeap() retval=0021ff50 ret=7cb2f81c 0023:trace:mmio:MMIO_SetBuffer (0x21ff50 0x102991f8 178364 0) 0023:warn:mmio:MMIO_SetBuffer Untested handling of huge mmio buffers (178364 >= 64k) 0023:trace:mmio:mmioMemIOProc (0x21ff50,0x0003,0x00000000,0x00000000) 0023:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7cb3047f 0023:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7cb3047f 0023:Ret winmm.mmioOpenW() retval=00000005 ret=0079a7db ... 0023:Call winmm.mmioSeek(00000005,00000000,00000001) ret=00799b8c 0023:trace:mmio:mmioSeek (0x5, 00000000, 1); 0023:trace:mmio:mmioSeek => 0 0023:Ret winmm.mmioSeek() retval=00000000 ret=00799b8c 0023:Call winmm.mmioSeek(00000005,00000000,00000002) ret=00799b8c 0023:trace:mmio:mmioSeek (0x5, 00000000, 2); 0023:Ret winmm.mmioSeek() retval=ffffffff ret=00799b8c 0023:Call winmm.mmioSeek(00000005,00000000,00000000) ret=00799b8c 0023:trace:mmio:mmioSeek (0x5, 00000000, 0); 0023:trace:mmio:mmioSeek => 0 0023:Ret winmm.mmioSeek() retval=00000000 ret=00799b8c 0023:Call ntdll.RtlDecodePointer(eadfb1c9) ret=0052dac1 0023:Ret ntdll.RtlDecodePointer() retval=00000000 ret=0052dac1 0023:Call KERNEL32.GetLastError() ret=0052dc72 0023:Ret KERNEL32.GetLastError() retval=00000000 ret=0052dc72 0023:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,003393d4) ret=00528c71 0023:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83ac57 ip=7b83ac57 tid=0023 0023:trace:seh:raise_exception info[0]=19930520 0023:trace:seh:raise_exception info[1]=003393f0 0023:trace:seh:raise_exception info[2]=008f9b00 0023:trace:seh:raise_exception eax=7b826c7d ebx=7b8bb000 ecx=008f9b00 edx=00339320 esi=003393c0 edi=00339380 0023:trace:seh:raise_exception ebp=00339358 esp=003392f4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000287 0023:trace:seh:call_stack_handlers calling handler at 0x819a9a code=e06d7363 flags=1 ... 0023:Call user32.MessageBoxW(0002008e,0033880c L"Out of memory.",03a52e40 L"RPG Maker VX Ace",00001030) ret=004fea7e --- snip ---

'mmioSeek( hmmio, 0, SEEK_END)' returning -1 doesn't look correct.

Debugger:

--- snip --- Wine-dbg>bt Backtrace: =>0 0x7cb15c73 mmioSeek+0x97(hmmio=0x5, lOffset=0, iOrigin=0x2) [/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:877] in winmm (0x00339404) 1 0x00799b8c in rpgvxace (+0x399b8b) (0x0033941c) 2 0x00799ac1 in rpgvxace (+0x399ac0) (0x00339438) 3 0x004b65ee in rpgvxace (+0xb65ed) (0x0033e370) 4 0x004b60cc in rpgvxace (+0xb60cb) (0x0033e398) 5 0x004a1819 in rpgvxace (+0xa1818) (0x0033e3b8) 6 0x004d7159 in rpgvxace (+0xd7158) (0x0033e3e0) 7 0x00402e5f in rpgvxace (+0x2e5e) (0x0033e6d4) 8 0x004fd115 in rpgvxace (+0xfd114) (0x0033e6e4)

Wine-dbg>n 880 switch (iOrigin) {

Wine-dbg>n 888 offset = ((wm->info.fccIOProc == FOURCC_MEM)? wm->info.cchBuffer : wm->dwFileSize) - lOffset;

Wine-dbg>p *wm {info={dwFlags=0, fccIOProc=0x204d454d, pIOProc=(nil), wErrorRet=0, hTask=(nil), cchBuffer=0x2b8bc, pchBuffer=" ■1", pchNext=" ■1", pchEndRead="", pchEndWrite="", lBufOffset=0, lDiskOffset=0, adwInfo={0xffffffff, 0, 0}, dwReserved1=0, dwReserved2=0, hmmio=0x5}, lpNext=(nil), ioProc=0x7cbae374, bTmpIOProc=0, bBufferLoaded=0x1, dwFileSize=0}

Wine-dbg>p offset 0x2b8bc

Wine-dbg>si 0x7cb15d9b mmioSeek+0x1bf [/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:903] in winmm: jz 0x7cb15df1 mmioSeek+0x215 [/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:908] in winmm 903 if ((wm->info.fccIOProc == FOURCC_MEM) ||

Wine-dbg> 0x7cb15df1 mmioSeek+0x215 [/home/focht/projects/wine/wine.repo/src/dlls/winmm/mmio.c:908] in winmm: movl $0xffffffff,%eax 908 return -1; --- snip ---

Source: http://source.winehq.org/git/wine.git/blob/a0ed65f5937e6eb13f6b2b345d8d27fbd...

(whitespace and tabs are also messed up)

--- snip --- 866 LONG WINAPI mmioSeek(HMMIO hmmio, LONG lOffset, INT iOrigin) 867 { 868 LPWINE_MMIO wm; 869 LONG offset; ... 880 switch (iOrigin) { 881 case SEEK_SET: 882 offset = lOffset; 883 break; 884 case SEEK_CUR: 885 offset = wm->info.lBufOffset + (wm->info.pchNext - wm->info.pchBuffer) + lOffset; 886 break; 887 case SEEK_END: 888 offset = ((wm->info.fccIOProc == FOURCC_MEM)? wm->info.cchBuffer : wm->dwFileSize) - lOffset; 889 break; 890 default: 891 return -1; 892 } 893 894 /* stay in same buffer ? */ 895 /* some memory mapped buffers are defined with -1 as a size */ 896 if ((wm->info.cchBuffer > 0) && 897 ((offset < wm->info.lBufOffset) || 898 (offset >= wm->info.lBufOffset + wm->info.cchBuffer) || 899 (offset > wm->dwFileSize && wm->info.fccIOProc != FOURCC_MEM) || 900 !wm->bBufferLoaded)) { 901 902 /* condition to change buffer */ 903 if ((wm->info.fccIOProc == FOURCC_MEM) || 904 MMIO_Flush(wm, 0) != MMSYSERR_NOERROR || 905 /* this also sets the wm->info.lDiskOffset field */ 906 send_message(wm->ioProc, &wm->info, MMIOM_SEEK, 907 offset, SEEK_SET, FALSE) == -1) 908 return -1; 909 wm->info.lBufOffset = offset; 910 wm->bBufferLoaded = FALSE; 911 wm->info.pchNext = wm->info.pchEndRead = wm->info.pchBuffer; 912 } ... --- snip ---

Tidbit: The app is protected with 'Armadillo' DRM scheme (not a problem here).

--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\Program Files\Enterbrain\RPGVXAce\RPGVXAce.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4737368 (0484958h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0483000h, size : 01958h / 06488 byte(s) [File Heuristics] -> Flag : 00000000000000001100001000000111 (0x0000C207) [Entrypoint Section Entropy] : 7.01 [!] Armadillo v8 or higher detected ! - Scan Took : 0.489 Second(s) [0000001E9h tick(s)] [533 scan(s) done] --- snip ---

$ sha1sum RPGVXAce_Multi.exe 97a1ee6390b702519091130eecd6f6b806a77dcb RPGVXAce_Multi.exe

$ du -sh RPGVXAce_Multi.exe 223M RPGVXAce_Multi.exe

$ wine --version wine-1.7.19-70-gd6a59f7

Regards