[Bug 35200] New: Knytt Stories level editor crashes when trying to save a compressed level
http://bugs.winehq.org/show_bug.cgi?id=35200
Bug ID: 35200 Summary: Knytt Stories level editor crashes when trying to save a compressed level Product: Wine Version: 1.7.9 Hardware: x86 URL: http://nifflas.ni2.se/content/Knytt%20Stories/Knytt%20 Stories%20121.zip OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: comdlg32 Assignee: wine-bugs@winehq.org Reporter: gyebro69@gmail.com Classification: Unclassified
Created attachment 46951 --> http://bugs.winehq.org/attachment.cgi?id=46951 terminal output
Steps to reproduce the problem: 1. after unpacking the game start 'Level Editor.exe' 2. click on <Load level> at the left bottom corner. 3. from the menu choose <Level> -> <Compress> and click on the Save button in the Save as file dialog...the level editor crashes with the following backtrace: ... Backtrace: =>0 0x6666694e (0x0033f9d8) 1 0x7ea31828 GetSaveFileNameA+0x27(ofn=0x33fa08) [/home/gyebro/sources/wine-1.7.9/dlls/comdlg32/filedlg.c:4159] in comdlg32 (0x0033f9f8) ...
http://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #1 from GyB gyebro69@gmail.com --- Created attachment 46952 --> http://bugs.winehq.org/attachment.cgi?id=46952 +comdlg traces
https://bugs.winehq.org/show_bug.cgi?id=35200
Qian Hong fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
--- Comment #2 from Qian Hong fracting@gmail.com --- Interesting, it seems doesn't crash with +relay log.
https://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #3 from Béla Gyebrószki gyebro69@gmail.com --- Created attachment 52528 --> https://bugs.winehq.org/attachment.cgi?id=52528 backtrace (wine-1.7.52-190-gd548639)
Still crashes when saving a compressed level, but the backtrace is different:
Backtrace: =>0 0x7e8b37c7 GetFileDialog95A+0x3d7(ofn=0x6e6b2e65, iDlgType=<is not available>) [/home/gyebro/sources/wine-git/dlls/comdlg32/filedlg.c:479] in comdlg32 (0x006e6962) 0x7e8b37c7 GetFileDialog95A+0x3d7 [/home/gyebro/sources/wine-git/dlls/comdlg32/filedlg.c:479] in comdlg32: testb $0x8,0x9773c(%ebx) 479 TRACE("selected file: %s\n",ofn->lpstrFile);
Wine compiled with -O0 vs.-O2 optimization flag also results in different backtraces. The attachment contains 2 backtraces, the first one was made with -O0, the second one with -O2.
wine-1.7.52-190-gd548639 Fedora 22 32-bit gcc version 5.1.1 20150618 (Red Hat 5.1.1-4)
https://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #4 from Bruno Jesus 00cpxxx@gmail.com --- Initial analysis shows that this is a heap corruption that happens when comdlg32 tries to copy the file title to lpstrFileTitle. The application says that the buffer has 260 bytes (nMaxFileTitle) but that does not seem to be true. So when the file name is copied it messes up.
https://bugs.winehq.org/show_bug.cgi?id=35200
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #5 from super_man@post.com --- Could bug #26139 be related. It mentions GetFileDialog95A
https://bugs.winehq.org/show_bug.cgi?id=35200
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #6 from Bruno Jesus 00cpxxx@gmail.com --- Created attachment 52620 --> https://bugs.winehq.org/attachment.cgi?id=52620 patch
This is the patch that I'm trying to prove it is right, it works for me. But this kind of test takes time. In the mean time I appreciate more tests with it =)
https://bugs.winehq.org/show_bug.cgi?id=35200
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #52620|0 |1 is obsolete| |
--- Comment #7 from Bruno Jesus 00cpxxx@gmail.com --- Created attachment 52622 --> https://bugs.winehq.org/attachment.cgi?id=52622 patch v2
Wrong version, this is the correct.
https://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #8 from Bruno Jesus 00cpxxx@gmail.com --- Actually my patch may work but seems wrong, Windows blindly corrupts the struct as well so there is something else going on.
https://bugs.winehq.org/show_bug.cgi?id=35200
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #52622|0 |1 is patch| |
https://bugs.winehq.org/show_bug.cgi?id=35200
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch CC| |leslie_alistair@hotmail.com
https://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #9 from super_man@post.com --- Maybe add fixmes/errs for showing the buffer sizes before and after filling them for testing. There are no trace messages.
https://bugs.winehq.org/show_bug.cgi?id=35200
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-com | |pholio/wine-staging/tree/ma | |ster/patches/comdlg32-lpstr | |FileTitle Status|NEW |STAGED CC| |dmitry@baikal.ru, | |erich.e.hoover@wine-staging | |.com, michael@fds-team.de, | |sebastian@fds-team.de
https://bugs.winehq.org/show_bug.cgi?id=35200
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|STAGED |RESOLVED
--- Comment #10 from Bruno Jesus 00cpxxx@gmail.com --- This bug is older but Dmitry did the analysis of the problem in bug 38400 and I believe we don't need two bugs opened for the same issue, so resolving as duplicate.
*** This bug has been marked as a duplicate of bug 38400 ***
https://bugs.winehq.org/show_bug.cgi?id=35200
--- Comment #11 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Bruno Jesus from comment #10)
This bug is older but Dmitry did the analysis of the problem in bug 38400 and I believe we don't need two bugs opened for the same issue, so resolving as duplicate.
*** This bug has been marked as a duplicate of bug 38400 ***
I'd suggest to keep this bug separate from bug 38400. Although the symptoms are similar these two are really distinct bugs (and two separate fixes): one for A another for W implementation of the GetSaveFileName API, moreover the bug 38400 also needs a fix to GetOpenFileNameW, and it's a coincidence that the same fix works for it as well.
https://bugs.winehq.org/show_bug.cgi?id=35200
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|DUPLICATE |--- Status|RESOLVED |REOPENED
--- Comment #12 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to Dmitry Timoshkov from comment #11)
I'd suggest to keep this bug separate from bug 38400. Although the symptoms are similar these two are really distinct bugs (and two separate fixes): one for A another for W implementation of the GetSaveFileName API, moreover the bug 38400 also needs a fix to GetOpenFileNameW, and it's a coincidence that the same fix works for it as well.
Ok, will do. I think I may have misinterpreted your previous comments.
https://bugs.winehq.org/show_bug.cgi?id=35200
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |STAGED
https://bugs.winehq.org/show_bug.cgi?id=35200
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nerv@dawncrow.de Staged patchset|https://github.com/wine-com |https://github.com/wine-sta |pholio/wine-staging/tree/ma |ging/wine-staging/tree/mast |ster/patches/comdlg32-lpstr |er/patches/comdlg32-lpstrFi |FileTitle |leTitle
-
wine-bugs@winehq.org