https://bugs.winehq.org/show_bug.cgi?id=51873
Bug ID: 51873 Summary: Joy.cpl crashes on the FFB tab when the FFB device is selected in the drop down list Product: Wine Version: 6.19 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: minor Priority: P2 Component: joy.cpl Assignee: wine-bugs@winehq.org Reporter: logos128@gmail.com CC: rbernon@codeweavers.com Distribution: ArchLinux
Created attachment 70792 --> https://bugs.winehq.org/attachment.cgi?id=70792 joy_cpl_6.19_crash.log
This happens when the wineprefix is configured through registry to use bus_udev / hidraw ("Enable SDL" = 0 and "DisableInput" = 1). After some debugging found out that the supported number of buttons in Joy.cpl is 32, while the device is reporting 128. In result state.rgbButtons (main.c/ff_input_thread()) is being evaluated outside of its bounds, which eventually leads to going through the check where the real crash happens in IDirectInputEffect_SetParameters():775. After fixing the out of bounds issue (attached a patch for that), now joy.cpl doesn't crash immediately, but after choosing the desired FFB effect and pushing a button on the wheel to start the test.
After some more debugging found out that joy->effects[chosen_effect].effect (the first operand) is NULL, leading to the segmentation fault. So probably the lpVtbl is not initialized for some reason. Other parts of that structure looked OK IMO.
Otherwise the tracking of the steering wheel on the first tab worked properly through HIDRAW, as well as the available buttons. So this is already very positive :) Have tried it also through the SDL bus ("Enable SDL" = 1), and it worked as expected. The FFB test also partially worked. The sine wave effect was functional, while the constant and conditional effect didn't react.
Also while debugging the above issue saw that joy->num_buttons is incorrectly set to 134 buttons, while the device (Simucube 2 Sport) has 128. Appeared that the PID State input report which includes several usages with report count 1, is being parsed as a normal input report in dinput/joystick_hid.c/enum_objects(), and those parameters are counted as buttons. So attached a patch for this too.
Do you have any hints how to debug dinput properly for the lpVtbl issue? The gdb script helps a lot BTW :)
(The attached crash log is after the first patch applied, but it was similar before that.)