http://bugs.winehq.org/show_bug.cgi?id=29041
Bug #: 29041 Summary: Star wars : The Old Republic launcher crashes due to custom cursors Product: Wine Version: 1.3.32 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: oneofone@gmail.com Classification: Unclassified
The launcher works, trying to move the mouse over it crashes with :
X Error of failed request: BadPixmap (invalid Pixmap parameter) Major opcode of failed request: 93 (X_CreateCursor) Resource id in failed request: 0x0 Serial number of failed request: 6319 Current serial number in output stream: 6323
There's nothing in the trace related to it, I can post a more detailed trace if needed.
http://bugs.winehq.org/show_bug.cgi?id=29041
Vitaliy Margolen vitaliy-bugzilla@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal
--- Comment #1 from Vitaliy Margolen vitaliy-bugzilla@kievinfo.com 2011-11-09 13:21:02 CST --- Please run program this way: WINEDEBUG=+synchronous wine program.exe
When it breaks into debugger issue "bt" command. Attach as a plain text file complete terminal output.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #2 from Ahmed W. oneofone@gmail.com 2011-11-09 14:21:52 CST --- Created attachment 37410 --> http://bugs.winehq.org/attachment.cgi?id=37410 WINEPREFIX=~/.wine-swtor WINEDEBUG=+synchronous : bt result
-> X -version X.Org X Server 1.11.2 Build Operating System: Linux 3.1.0-3-ARCH x86_64 -> uname -r 3.1.0-4-ARCH
NVidia version : 285.05.09-3
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #3 from Vitaliy Margolen vitaliy-bugzilla@kievinfo.com 2011-11-09 14:48:46 CST --- Please install Wine debug symbols at least and retry.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #4 from spiralofhope@lavabit.com 2011-11-09 16:20:25 CST --- Created attachment 37412 --> http://bugs.winehq.org/attachment.cgi?id=37412 WINEDEBUG=+synchronous wine launcher.exe
http://bugs.winehq.org/show_bug.cgi?id=29041
Ahmed W. oneofone@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #37410|0 |1 is obsolete| |
--- Comment #5 from Ahmed W. oneofone@gmail.com 2011-11-09 16:23:02 CST --- Created attachment 37413 --> http://bugs.winehq.org/attachment.cgi?id=37413 backtrace with wine debug symbols
http://bugs.winehq.org/show_bug.cgi?id=29041
spiralofhope@lavabit.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |spiralofhope@lavabit.com
--- Comment #6 from spiralofhope@lavabit.com 2011-11-09 16:26:43 CST --- (In reply to comment #3)
Please install Wine debug symbols at least and retry.
(In reply to comment #3)
Please install Wine debug symbols at least and retry.
I see these related documents:
http://www.winehq.org/docs/winedev-guide/wine-debugger http://wiki.winehq.org/Backtraces
I'm not sure what you mean by "install Wine debug symbols".
When using winedbg, I can get a _lot_ of text. How can I easily put its output in a text file for you?
.. but I think Ahmed has already provided the information you need. =)
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #7 from spiralofhope@lavabit.com 2011-11-09 16:27:36 CST --- Is this somehow related to Bug 7959? The error message is the same.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #8 from Ahmed W. oneofone@gmail.com 2011-11-09 16:47:12 CST --- More observations. 1. the debugger actually locks up (I can't actually type bt in it, the output I posted is what I get once I move the mouse) and I can't ctrl+c it, gives me : ^Cerr:ntdll:RtlpWaitForCriticalSection section 0x7e279080 "../../../wine-git/dlls/winex11.drv/x11drv_main.c: X11DRV_CritSection" wait timed out in thread 003a, blocked by 0009, retrying (60 sec) err:ntdll:RtlpWaitForCriticalSection section 0x7b8fea20 "../../../wine-git/dlls/kernel32/console.c: CONSOLE_CritSect" wait timed out in thread 003b, blocked by 003a, retrying (60 sec) When I kill -9 the process.
2. the cursor actually shows up once the process crashes.
3. Using the latest git (from 5 mins ago, wine-1.3.32-122-g2e5f73e) makes no difference. (earlier report was using the 1.3.32 tag)
http://bugs.winehq.org/show_bug.cgi?id=29041
Chris Johnson raugturi@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |raugturi@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #9 from Vitaliy Margolen vitaliy-bugzilla@kievinfo.com 2011-11-09 17:05:35 CST --- Please attach output of WINEDEBUG=+cursor,+tid wine program.exe
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #10 from Ahmed W. oneofone@gmail.com 2011-11-09 17:28:11 CST --- Created attachment 37415 --> http://bugs.winehq.org/attachment.cgi?id=37415 +cursor,+tid
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #11 from Ahmed W. oneofone@gmail.com 2011-11-11 07:46:32 CST --- Created attachment 37444 --> http://bugs.winehq.org/attachment.cgi?id=37444 CreateIconIndirect return 0 if iconinfo->hbmColor is NULL
This patch fixes the problem with launcher, I'm not sure if this is the proper fix or not, but it doesn't seem to break anything else I use on wine.
It works for me ™.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #12 from Chris Johnson raugturi@gmail.com 2011-11-11 09:57:09 CST --- The patch worked for me as well. Unfortunately I don't have any other apps to test it with to verify nothing else was affected.
http://bugs.winehq.org/show_bug.cgi?id=29041
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #13 from Bruno Jesus 00cpxxx@gmail.com 2011-11-11 10:02:47 CST --- (In reply to comment #11)
This patch fixes the problem with launcher, I'm not sure if this is the proper fix or not, but it doesn't seem to break anything else I use on wine.
MSDN function doc says that the parameter is optional if the icon is black & white so your solution is at least partially correct: http://msdn.microsoft.com/en-us/library/windows/desktop/ms648052%28v=vs.85%2...
http://bugs.winehq.org/show_bug.cgi?id=29041
Erik Weatherwax erik.weatherwax@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |erik.weatherwax@gmail.com
--- Comment #14 from Erik Weatherwax erik.weatherwax@gmail.com 2011-11-12 11:49:36 CST --- Confirm this bug on Gentoo x86_64. Also confirm that building 1.3.32 with Ahmed's patch avoids the bug.
http://bugs.winehq.org/show_bug.cgi?id=29041
doh123@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |doh123@gmail.com
--- Comment #15 from doh123@gmail.com 2011-11-12 20:01:25 CST --- Same bug for me using Mac OS X... the attached patch by Ahmed W. fixed the problem for me.
http://bugs.winehq.org/show_bug.cgi?id=29041
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #16 from Bruno Jesus 00cpxxx@gmail.com 2011-11-13 20:05:57 CST --- Confirmed by multiple users.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #17 from Bruno Jesus 00cpxxx@gmail.com 2011-11-13 20:13:33 CST --- Created attachment 37488 --> http://bugs.winehq.org/attachment.cgi?id=37488 Test copy&paste problem
The function seems to protect itself against a null pointer already, please give the attached patch a try. There seems to be a copy & paste issue in the function and this patch may fix it.
http://bugs.winehq.org/show_bug.cgi?id=29041
Ahmed W. oneofone@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |user32
http://bugs.winehq.org/show_bug.cgi?id=29041
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|user32 |-unknown
--- Comment #18 from Dmitry Timoshkov dmitry@baikal.ru 2011-11-13 23:03:39 CST --- There is no need to guess the component.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #19 from Erik Weatherwax erik.weatherwax@gmail.com 2011-11-14 11:25:23 CST --- Bruno,
I rebuilt Wine 1.3.32 with your patch in place of Ahmed's and the launcher crash recurred.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #20 from Ahmed W. oneofone@gmail.com 2011-11-14 11:31:40 CST --- Bruno, with your patch instead of mine the launcher still crashes.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #21 from Bruno Jesus 00cpxxx@gmail.com 2011-11-14 17:35:05 CST --- Thanks, I'm out of ideas now, there is probably other place that is not protecting itself against the null pointer. Soon or later someone will come up with a better idea.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #22 from Erik Weatherwax erik.weatherwax@gmail.com 2011-11-15 15:17:10 CST --- Bruno,
The issue I see with your patch is that color is only set to nonzero at line 2121 in an "if(iconinfo->hbmColor)" block immediately above. I can't comment on the *correctness* of your change, since I'm far from familiar enough with the Win32 API to know what these functions are actually *doing* on a high level, but I do know that, logically, we can't be referencing a null iconinfo->hbmColor in the code you patched.
There is another unchecked reference to iconinfo->hbmColor at line 2163 which I think is where the crash is triggered. Ahmed's patch, by short-circuiting out of the function when iconinfo->hbmColor is null, avoids that reference.
Again, I can comment on the logic of the program flow all day, but since I don't really know what this code is supposed to accomplish, I don't know the best way to fix it. Is it acceptable to return 0 from CreateIconIndirect when iconinfo->hbmColor is null, or does there need to be a test for that around the call to create_alpha_bitmap on line 2163?
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #23 from Bruno Jesus 00cpxxx@gmail.com 2011-11-16 10:04:35 CST --- Erik, I probably understand the API as much as you do =) You pointed out that in line 2163 there could be a problem but function create_alpha_bitmap calls a function (GetObjectW) that calls another function (GDI_GetObjPtr) that protects itself against the null pointer.
It seems that the problem is related to the 1x0 (width x height) cursor created that is possibly invalid to the X server as per Ahmed log from comment 11:
0009:trace:cursor:GetIconInfoExW 0x52006c => 1x0 ... X Error of failed request: BadPixmap (invalid Pixmap parameter)
I'm away of linux now so I can't create a new patch but what about changing line 2146 (inside dlls/user32/cursoricon.c:CreateIconIndirect) from:
else height /= 2;
to:
else { height /=2; if(!height) height=1; }
This will make sure that in this case the icon will have at least 1px of height. Can anyone manually apply and retest posting a new +cursor log?
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #24 from Alexandre Julliard julliard@winehq.org 2011-11-16 10:34:41 CST --- Looks like it's trying to create a cursor from the stock bitmap, it would be interesting to know how this happened. Please get a +relay,+cursor trace and check the calls before the 1x0 cursor.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #25 from Chris Johnson raugturi@gmail.com 2011-11-16 12:25:46 CST --- Bruno, I don't think the value of height being 0 is causing it. I tried manually setting it back to 1 (it's value before the height /= 2 line) as you suggested and it still crashes.
I reverted the change and did the +cursor,+relay, but the file is huge. How much of it do you want me to attach?
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #26 from Alexandre Julliard julliard@winehq.org 2011-11-16 12:31:57 CST --- (In reply to comment #25)
I reverted the change and did the +cursor,+relay, but the file is huge. How much of it do you want me to attach?
All of it if possible. Compress it with bzip2 or 7z. If it's still too large please send it by private mail.
http://bugs.winehq.org/show_bug.cgi?id=29041
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |bd44f10496ddbd1562926e63aa2 | |b9c16cfd85bd4 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #27 from Alexandre Julliard julliard@winehq.org 2011-11-16 12:49:22 CST --- I committed a fix, but I'd still be interested in that trace.
http://bugs.winehq.org/show_bug.cgi?id=29041
--- Comment #28 from Chris Johnson raugturi@gmail.com 2011-11-16 13:26:44 CST --- (In reply to comment #27)
I committed a fix, but I'd still be interested in that trace.
I stand corrected, Bruno. It was just turning it right back into a 0 later on. :-)
http://bugs.winehq.org/show_bug.cgi?id=29041
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #29 from Alexandre Julliard julliard@winehq.org 2011-11-18 13:04:49 CST --- Closing bugs fixed in 1.3.33.
https://bugs.winehq.org/show_bug.cgi?id=29041
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Component|-unknown |winex11.drv
-
wine-bugs@winehq.org