Robbbert
commented
2 years ago Which video mode are you using? for example d3d, bgfx.
Closed cd4053 closed 1 year ago
Robbbert
commented
2 years ago Which video mode are you using? for example d3d, bgfx.
cd4053
commented
2 years ago Which video mode are you using? for example d3d, bgfx.
Over here I use -video bgfx however the tests and the crash also happens with -bench aka -video none -audio none.
Robbbert
commented
2 years ago Using -bench 90, I was unable to get any crashes.
cd4053
commented
2 years ago Sorry, after compiling the latest commit, crash still happens.
0.235 (mame0235-297-gef41d5f454e)
mamegit -norc -rompath h:\roms -window -wdog 25 -bench 90 galpans3
-----------------------------------------------------
Exception at EIP=000000014005f902 (blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int)+0x0121): ACCESS VIOLATION
While attempting to read memory at 0000000003088e30
-----------------------------------------------------
RAX=0000000000000000 RBX=0000000003088e30 RCX=0000000000010000 RDX=00000000005f0000
RSI=0000000000000014 RDI=0000000001400000 RBP=00000000001495e0 RSP=0000000000149560
R8=0000000000000100 R9=0000000000000000 R10=0000000000000014 R11=00000000003f0000
R12=000000000311dc60 R13=0000000000000c00 R14=0000000000000020 R15=0000000000200000
-----------------------------------------------------
Stack crawl:
0000000000149550: 000000014005f902 (blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int)+0x0121)
00000000001496f0: 0000000140060900 (sknsspr_device::skns_draw_sprites(bitmap_ind16&, rectangle const&, unsigned int*, unsigned long long, unsigned int*)+0x01f0)
0000000000149730: 00000001401e384b (skns_state::screen_vblank(int)+0x005b)
0000000000149760: 00000001400bab3a (std::_Function_handler<void (unsigned int, int, unsigned int), devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::{lambda(unsigned int, int, unsigned int)#1}>::_M_invoke(std::_Any_data const&, unsigned int&&, int&&, unsigned int&&)+0x001a)
00000000001497e0: 00000001400d27f4 (devcb_write<int, 1u>::operator()(int)+0x0044)
0000000000149850: 000000014008ffb0 (screen_device::vblank_begin()+0x00e0)
00000000001498d0: 00000001400937fd (screen_device::device_timer(emu_timer&, unsigned int, int, void*)+0x013d)
0000000000149910: 0000000140251aed (emu_timer::device_timer_expired(emu_timer&, void*, int)+0x002d)
00000000001499a0: 00000001402529f0 (device_scheduler::timeslice()+0x015c)
0000000000149af0: 000000014001c0c0 (running_machine::run(bool)+0x0190)
000000000014f360: 0000000140221884 (mame_machine_manager::execute()+0x01c4)
000000000014f730: 0000000140be1454 (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03b4)
000000000014f9e0: 0000000140be1a25 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0045)
000000000014fa40: 000000014021ed9c (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002c)
000000000014fe20: 000000014206d2bb (main+0x016b)
000000000014fef0: 00000001400013c1 (__tmainCRTStartup+0x0231)
000000000014ff20: 00000001400014f6 (mainCRTStartup+0x0016)
000000000014ff50: 00007ffac47f7034 (BaseThreadInitThunk+0x0014)
000000000014ffd0: 00007ffac67e2651 (RtlUserThreadStart+0x0021)Testing with this binary it also keep crashing, however looks like it doesn't have any symbol.
Test were done with the binary inside an empty folder.
mamegit -norc -rompath h:\roms -window -wdog 25 -bench 90 cyvern
-----------------------------------------------------
Exception at EIP=00007ff632a219e2 (not found): ACCESS VIOLATION
While attempting to read memory at 0000025041f2de60
-----------------------------------------------------
RAX=000000009d700000 RBX=0000025041f340f0 RCX=0000000000010000 RDX=00000000013fffc0
RSI=000000000000002c RDI=0000000000300000 RBP=0000000000009900 RSP=000000affdaf90d0
R8=000000000000009c R9=ffffffffffff9d70 R10=000000000000002c R11=0000000000006d22
R12=00000250413bd6a0 R13=0000000000010000 R14=0000000000000030 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
000000affdaf9140: 00007ff632a219e2 (not found)
000000affdaf9260: 00007ff632a22377 (not found)
000000affdaf92a0: 00007ff632a2ed63 (not found)
000000affdaf9320: 00007ff6318165e5 (not found)
000000affdaf9390: 00007ff63177b7e0 (not found)
000000affdaf93d0: 00007ff631773879 (not found)
000000affdaf9440: 00007ff6317747f0 (not found)
000000affdaf95a0: 00007ff631998248 (not found)
000000affdafee20: 00007ff634d809bb (not found)
000000affdaff200: 00007ff6374c3caf (not found)
000000affdaff4c0: 00007ff6374c42bd (not found)
000000affdaff520: 00007ff634d7dc49 (not found)
000000affdaff8f0: 00007ff638519c09 (not found)
000000affdaff9c0: 00007ff62d4013b1 (not found)
000000affdaff9f0: 00007ff62d4014e6 (not found)
000000affdaffa20: 00007ffac47f7034 (BaseThreadInitThunk+0x0014)
000000affdaffaa0: 00007ffac67e2651 (RtlUserThreadStart+0x0021)mamegit -norc -rompath h:\roms -window -wdog 25 -bench 90 cyvernj
-----------------------------------------------------
Exception at EIP=00007ff632a219e2 (not found): ACCESS VIOLATION
While attempting to read memory at 000001d3d309be50
-----------------------------------------------------
RAX=000000009d700000 RBX=000001d3d30a20e0 RCX=0000000000010000 RDX=00000000013fffc0
RSI=000000000000002c RDI=0000000000300000 RBP=0000000000009900 RSP=00000012d02f9520
R8=000000000000009c R9=ffffffffffff9d70 R10=000000000000002c R11=0000000000006d22
R12=000001d3d2d4d9d0 R13=0000000000010000 R14=0000000000000030 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
00000012d02f9590: 00007ff632a219e2 (not found)
00000012d02f96b0: 00007ff632a22377 (not found)
00000012d02f96f0: 00007ff632a2ed63 (not found)
00000012d02f9770: 00007ff6318165e5 (not found)
00000012d02f97e0: 00007ff63177b7e0 (not found)
00000012d02f9820: 00007ff631773879 (not found)
00000012d02f9890: 00007ff6317747f0 (not found)
00000012d02f99f0: 00007ff631998248 (not found)
00000012d02ff270: 00007ff634d809bb (not found)
00000012d02ff650: 00007ff6374c3caf (not found)
00000012d02ff910: 00007ff6374c42bd (not found)
00000012d02ff970: 00007ff634d7dc49 (not found)
00000012d02ffd40: 00007ff638519c09 (not found)
00000012d02ffe10: 00007ff62d4013b1 (not found)
00000012d02ffe40: 00007ff62d4014e6 (not found)
00000012d02ffe70: 00007ffac47f7034 (BaseThreadInitThunk+0x0014)
00000012d02ffef0: 00007ffac67e2651 (RtlUserThreadStart+0x0021)The exact same happens to galpans2, galpans3, panicstr, ryouran, ryourano and sengekisj.
Robbbert
commented
2 years ago You need the sym file to get symbols. And I'm still unable to replicate your issue.
cd4053
commented
2 years ago The symbol file did not came with the 'action' build, maybe the admin need to adjust the build so we can have a symbol file for that specific build.
The crash still happens at random.
cd4053
commented
2 years ago The issue also happens on linux, I don't know how to debug, however, following this instructions I was able to compile just the suprnova.cpp driver with addresssanitizer.
This is what it show up:
==166239==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250001719ed at pc 0x000001ea8a2b bp 0x7fff61608210 sp 0x7fff61608208
READ of size 1 at 0x6250001719ed thread T0
#0 0x1ea8a2a in blit_fxy_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/sknsspr.cpp:231:4
#1 0x1ea4b2b in sknsspr_device::skns_draw_sprites(bitmap_ind16&, rectangle const&, unsigned int*, unsigned long, unsigned int*) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/sknsspr.cpp:470:6
#2 0x1ebdf91 in skns_state::screen_vblank(int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/suprnova.cpp:612:16
#3 0x4a2e15c in util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:673:11
#4 0x4a5f834 in std::enable_if<is_write_form3<int, emu::device_delegate<void (int)> >::value, void>::type devcb_write_base::invoke_write<int, emu::device_delegate<void (int)> >(emu::device_delegate<void (int)> const&, unsigned int&, int, std::make_unsigned<int>::type) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:305:198
#5 0x4a5f7af in devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> >::build()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:1361:8
#6 0x4a5f516 in devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:960:104
#7 0x4a5f4cf in devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > std::__invoke_impl<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(std::__invoke_other, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:60:14
#8 0x4a5f33b in std::enable_if<is_invocable_r_v<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> >, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>, devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::type std::__invoke_r<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:110:2
#9 0x4a5f0ab in std::_Function_handler<void (unsigned int, int, unsigned int), devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)>::_M_invoke(std::_Any_data const&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:291:9
#10 0x485357c in std::function<void (unsigned int, int, unsigned int)>::operator()(unsigned int, int, unsigned int) const /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:622:14
#11 0x4852fc5 in devcb_write<int, 1u>::operator()(unsigned int, int, unsigned int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2376:2
#12 0x4853843 in devcb_write<int, 1u>::operator()(int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2384:8
#13 0xa70acb8 in screen_device::vblank_begin() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1662:2
#14 0xa70a587 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:943:4
#15 0xa6eb189 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.h:711:83
#16 0xa6e4f99 in emu_timer::device_timer_expired(emu_timer&, void*, int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:317:18
#17 0xa6efc32 in util::detail::delegate_base<delegate_late_bind, void, void*, int>::operator()(void*, int) const /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:673:11
#18 0xa6ecc6a in device_scheduler::execute_timers() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:907:5
#19 0xa6e7894 in device_scheduler::timeslice() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:544:2
#20 0xa3b5510 in running_machine::run(bool) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:381:17
#21 0x22e053c in mame_machine_manager::execute() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:269:19
#22 0x3d9844f in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:271:22
#23 0x3d9b50a in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:287:3
#24 0x22e24a8 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:400:18
#25 0x1ec1e04 in main /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:219:9
#26 0x7fe4b8d2ed09 in __libc_start_main csu/../csu/libc-start.c:308:16
#27 0x1da9209 in _start (/home/mame/mamegit+0x1da9209)
0x6250001719ed is located 237 bytes to the right of 8192-byte region [0x62500016f900,0x625000171900)
allocated by thread T0 here:
#0 0x1e52f3d in operator new(unsigned long) (/home/mame/mamegit+0x1e52f3d)
#1 0x8e6911b in __gnu_cxx::new_allocator<handler_entry_write_dispatch<24, 0, 0>::range_array>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:121:27
#2 0x8e690c3 in std::allocator_traits<std::allocator<handler_entry_write_dispatch<24, 0, 0>::range_array> >::allocate(std::allocator<handler_entry_write_dispatch<24, 0, 0>::range_array>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
#3 0x8e68c62 in std::_Vector_base<handler_entry_write_dispatch<24, 0, 0>::range_array, std::allocator<handler_entry_write_dispatch<24, 0, 0>::range_array> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
#4 0x8e6841a in std::vector<handler_entry_write_dispatch<24, 0, 0>::range_array, std::allocator<handler_entry_write_dispatch<24, 0, 0>::range_array> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
#5 0x89ce588 in std::vector<handler_entry_write_dispatch<24, 0, 0>::range_array, std::allocator<handler_entry_write_dispatch<24, 0, 0>::range_array> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
#6 0x89ce1be in handler_entry_write_dispatch<24, 0, 0>::handler_entry_write_dispatch(address_space*, handler_entry::range const&, handler_entry_write<0, 0>*) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:22:17
#7 0x4ed98c8 in address_space_specific<1, 0, 0, (util::endianness)0>::address_space_specific(memory_manager&, device_memory_interface&, int, int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:334:119
#8 0x4ed6d72 in std::_MakeUniq<address_space_specific<1, 0, 0, (util::endianness)0> >::__single_object std::make_unique<address_space_specific<1, 0, 0, (util::endianness)0>, memory_manager&, device_memory_interface&, int&, int>(memory_manager&, device_memory_interface&, int&, int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/unique_ptr.h:962:34
#9 0x4cae6a1 in void device_memory_interface::allocate<address_space_specific<1, 0, 0, (util::endianness)0> >(memory_manager&, int) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/dimemory.h:100:27
#10 0x4ca7a30 in memory_manager::allocate(device_memory_interface&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:674:40
#11 0x4c32107 in memory_manager::initialize() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:288:3
#12 0xa3b16d1 in running_machine::start() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:235:11
#13 0xa3b4a01 in running_machine::run(bool) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:3
#14 0x22e053c in mame_machine_manager::execute() /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:269:19
#15 0x3d9844f in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:271:22
#16 0x3d9b50a in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:287:3
#17 0x22e24a8 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:400:18
#18 0x1ec1e04 in main /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:219:9
#19 0x7fe4b8d2ed09 in __libc_start_main csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/sknsspr.cpp:231:4 in blit_fxy_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int)
Shadow bytes around the buggy address:
0x0c4a800262e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a800262f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4a80026330: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
0x0c4a80026340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: ccLast commit on sknsspr.cpp point to this commit.
Command used to compile mame: make clean && make SOURCES=src/mame/drivers/suprnova.cpp SYMBOLS=1 SYMLEVEL=1 OPTIMIZE=0 SANITIZE=address -j8
I hope this helps, the AddressSanitizer also points others erros that I don't understand, maybe a developer can look into it and see what is relevant (or not) to investigate.
Thanks.
cuavas
commented
2 years ago OK, that trace explains it. The SKNS sprite device is doing an out-of-bounds access when drawing zoomed sprites – it’s crashing in the z_draw_pixel macro in blit_fxy_z when called from here:
if(zoomx_m || zoomx_s || zoomy_m || zoomy_s)
{
blit_z[ (xflip<<1) | yflip ](bitmap, cliprect, m_decodebuffer.get(), sx, sy, xsize, ysize, zoomx_m, zoomx_s, zoomy_m, zoomy_s, NewColour);
}I’d guess what’s happening is it isn’t checking the row against the clipping rectangle when drawing zoomed and writing past the end of the bitmap. However, the code is so obfuscated by the macros I can’t really follow the logic.
Thanks for running it under a memory analyser – that’s the very best thing you can do for this kind of crash.
cd4053
commented
2 years ago Thank you @cuavas
galibert
commented
2 years ago Ok, the drawing is going oob in the (source) sprite decompression buffer (m_decodebuffer) when transitioning from the "bios" intro to the game one. It's reading before the start afaict. Need to find out what combination of probably transitory values allows it to happen.
galibert
commented
2 years ago It should be fixed with my latest push, let me know.
cd4053
commented
2 years ago Test run for about 4 hours with the latest commit, no crashes. Thank you @galibert
Closing.
Robbbert
commented
1 year ago This problem still happens. See https://mametesters.org/view.php?id=8401
cd4053
commented
1 year ago mame: 0.246 (mame0246-265-gc25246cd261)
=================================================================
==39274==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000147100 at pc 0x55b72f7b58ed bp 0x7ffc68e25cf0 sp 0x7ffc68e25ce8
READ of size 1 at 0x625000147100 thread T0
#0 0x55b72f7b58ec in blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:189:4
#1 0x55b72f7b3e90 in sknsspr_device::skns_draw_sprites(bitmap_ind16&, rectangle const&, unsigned int*, unsigned long, unsigned int*) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:470:6
#2 0x55b72f7cf9e1 in skns_state::screen_vblank(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/suprnova_v.cpp:612:16
#3 0x55b73243a3df in util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#4 0x55b732469b71 in std::enable_if<is_write_form3<int, emu::device_delegate<void (int)> >::value, void>::type devcb_write_base::invoke_write<int, emu::device_delegate<void (int)> >(emu::device_delegate<void (int)> const&, unsigned int&, int, std::make_unsigned<int>::type) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:299:198
#5 0x55b732469af9 in devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> >::build()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:1355:8
#6 0x55b7324698a6 in devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:954:104
#7 0x55b732469861 in void std::__invoke_impl<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(std::__invoke_other, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
#8 0x55b7324696fb in std::enable_if<is_invocable_r_v<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>, void>::type std::__invoke_r<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2
#9 0x55b73246946b in std::_Function_handler<void (unsigned int, int, unsigned int), devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)>::_M_invoke(std::_Any_data const&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
#10 0x55b73227ba66 in std::function<void (unsigned int, int, unsigned int)>::operator()(unsigned int, int, unsigned int) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
#11 0x55b73227b4f9 in devcb_write<int, 1u>::operator()(unsigned int, int, unsigned int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2370:2
#12 0x55b73227bd11 in devcb_write<int, 1u>::operator()(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2378:8
#13 0x55b737c7da23 in screen_device::vblank_begin(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1651:2
#14 0x55b73243a3df in util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#15 0x55b737c66480 in device_scheduler::execute_timers() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:910:5
#16 0x55b737c620f2 in device_scheduler::timeslice() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
#17 0x55b7378e450a in running_machine::run(bool) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
#18 0x55b72fa118cc in mame_machine_manager::execute() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
#19 0x55b731f95f00 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:274:22
#20 0x55b731f992de in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:290:3
#21 0x55b72fa1428e in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
#22 0x55b737e4b1e1 in main /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
#23 0x7fe080346209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#24 0x7fe0803462bb in __libc_start_main csu/../csu/libc-start.c:389:3
#25 0x55b72f6a9290 in _start (/home/mame/mamegit+0x2120290) (BuildId: b6f3e49f6b7ef8cd)
0x625000147100 is located 0 bytes to the right of 8192-byte region [0x625000145100,0x625000147100)
allocated by thread T9 here:
#0 0x55b72f766f2d in operator new(unsigned long) (/home/mame/mamegit+0x21ddf2d) (BuildId: b6f3e49f6b7ef8cd)
#1 0x7fe0706d7fc2 (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xfeafc2) (BuildId: c69cf9ec1c702c87e6eb2cb474b5f2196becbc6b)
Thread T9 created by T0 here:
#0 0x55b72f71555c in pthread_create (/home/mame/mamegit+0x218c55c) (BuildId: b6f3e49f6b7ef8cd)
#1 0x7fe07617d7ff (/usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so+0x1087ff) (BuildId: 0667a527a39958b5159c379634eeabae56cc1861)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:189:4 in blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int)
Shadow bytes around the buggy address:
0x0c4a80020dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80020de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80020df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80020e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80020e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a80020e20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80020e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80020e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80020e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80020e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80020e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==39274==ABORTING
happppp
commented
1 year ago Off-by-1 boundary check bugfix here: https://github.com/mamedev/mame/commit/43e74c683f14c20b1b63a0eaa07fecea2e94d4f2
I don't know if it fixes this issue, it's very hard to repro the crash here since it rarely happens for me.
cd4053
commented
1 year ago Over here still happens after https://github.com/mamedev/mame/commit/43e74c683f14c20b1b63a0eaa07fecea2e94d4f2
mame:0.246 (mame0246-296-gb51139afb5d)
==110650==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000176900 at pc 0x55786ec578ed bp 0x7fffc7a11cf0 sp 0x7fffc7a11ce8
READ of size 1 at 0x625000176900 thread T0
#0 0x55786ec578ec in blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:189:4
#1 0x55786ec55e90 in sknsspr_device::skns_draw_sprites(bitmap_ind16&, rectangle const&, unsigned int*, unsigned long, unsigned int*) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:470:6
#2 0x55786ec719e1 in skns_state::screen_vblank(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/suprnova_v.cpp:612:16
#3 0x5578718dc3df in util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#4 0x55787190bb71 in std::enable_if<is_write_form3<int, emu::device_delegate<void (int)> >::value, void>::type devcb_write_base::invoke_write<int, emu::device_delegate<void (int)> >(emu::device_delegate<void (int)> const&, unsigned int&, int, std::make_unsigned<int>::type) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:299:198
#5 0x55787190baf9 in devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> >::build()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:1355:8
#6 0x55787190b8a6 in devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)::operator()(unsigned int, int, unsigned int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:954:104
#7 0x55787190b861 in void std::__invoke_impl<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(std::__invoke_other, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
#8 0x55787190b6fb in std::enable_if<is_invocable_r_v<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>, void>::type std::__invoke_r<void, devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int, int, unsigned int>(devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2
#9 0x55787190b46b in std::_Function_handler<void (unsigned int, int, unsigned int), devcb_write<int, 1u>::creator_impl<devcb_write<int, 1u>::delegate_builder<emu::device_delegate<void (int)> > >::create()::'lambda'(unsigned int, int, unsigned int)>::_M_invoke(std::_Any_data const&, unsigned int&&, int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
#10 0x55787171da66 in std::function<void (unsigned int, int, unsigned int)>::operator()(unsigned int, int, unsigned int) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
#11 0x55787171d4f9 in devcb_write<int, 1u>::operator()(unsigned int, int, unsigned int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2370:2
#12 0x55787171dd11 in devcb_write<int, 1u>::operator()(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/devcb.h:2378:8
#13 0x55787711fa23 in screen_device::vblank_begin(int) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1651:2
#14 0x5578718dc3df in util::detail::delegate_base<delegate_late_bind, void, int>::operator()(int) const /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
#15 0x557877108480 in device_scheduler::execute_timers() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:910:5
#16 0x5578771040f2 in device_scheduler::timeslice() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
#17 0x557876d8650a in running_machine::run(bool) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
#18 0x55786eeb38cc in mame_machine_manager::execute() /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
#19 0x557871437f00 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:274:22
#20 0x55787143b2de in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:290:3
#21 0x55786eeb628e in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
#22 0x5578772ed1e1 in main /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
#23 0x7f80a52c4209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#24 0x7f80a52c42bb in __libc_start_main csu/../csu/libc-start.c:389:3
#25 0x55786eb4b290 in _start (/home/mame/mamegit+0x2120290) (BuildId: 675d70822312da4d)
0x625000176900 is located 0 bytes to the right of 8192-byte region [0x625000174900,0x625000176900)
allocated by thread T12 here:
#0 0x55786ec08f2d in operator new(unsigned long) (/home/mame/mamegit+0x21ddf2d) (BuildId: 675d70822312da4d)
#1 0x7f809565dfc2 (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xfeafc2) (BuildId: c69cf9ec1c702c87e6eb2cb474b5f2196becbc6b)
Thread T12 created by T0 here:
#0 0x55786ebb755c in pthread_create (/home/mame/mamegit+0x218c55c) (BuildId: 675d70822312da4d)
#1 0x7f809b1037ff (/usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so+0x1087ff) (BuildId: 0667a527a39958b5159c379634eeabae56cc1861)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mame/build/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/kaneko/sknsspr.cpp:189:4 in blit_nf_z(bitmap_ind16&, rectangle const&, unsigned char const*, int, int, int, int, unsigned short, unsigned short, unsigned short, unsigned short, int)
Shadow bytes around the buggy address:
0x0c4a80026cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a80026d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a80026d20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a80026d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==110650==ABORTING
smf-
commented
1 year ago Are you sure? I thought max_x / max_y were inclusive?
On 25/08/2022 20:38, hap wrote:
Off-by-1 boundary check bugfix here: 43e74c6 https://github.com/mamedev/mame/commit/43e74c683f14c20b1b63a0eaa07fecea2e94d4f2
I don't know if it fixes this issue, it's very hard to repro the crash here since it rarely happens for me.
— Reply to this email directly, view it on GitHub https://github.com/mamedev/mame/issues/8506#issuecomment-1227683706, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGVYYTHE2OI4FPC4JNU4O3V27DSLANCNFSM5DALNYAQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>
cuavas
commented
1 year ago By the time you get to those macros, the numbers are exclusive. I’d have to search for the exact line where it happens, but when it calculates the destination coordinates taking sprite scaling into account, it produces exclusive right/bottom values.
happppp
commented
1 year ago clip.max_x = (cliprect.max_x+1)<<16; note the +1 clip.max_y = (cliprect.max_y+1)<<16;
if yd or xd == max y or x then bitmap.pix(yd>>16, xd>>16) = val + colour; will go outside the cliprect
happppp
commented
1 year ago signed integer overflow fix: https://github.com/mamedev/mame/commit/e4f8802192a3e97c4c77ffdd8274831a93f69fa6
cd4053
commented
1 year ago smf-
commented
1 year ago Well that obviously confused the person who wrote the code, is there any advantage?
On 26/08/2022 09:13, Vas Crabb wrote:
By the time you get to those macros, the numbers are exclusive. I’d have to search for the exact line where it happens, but when it calculates the destination coordinates taking sprite scaling into account, it produces exclusive right/bottom values.
Message ID: @.***>
cuavas
commented
1 year ago Well that obviously confused the person who wrote the code, is there any advantage?
It’s generally easier to work with exclusive right/bottom coordinates – size and scaling calculations are cleaner. Using inclusive coordinates for MAME’s rectangle structure was probably a mistake, but it’s too late to change that now.
mame:
0.235 (mame0235-73-g0510428a31d), also tested with this binary. OS:Windows 10 20H2 19042.1110Issue:galpans2crashes soon after boot, after some further testing, looks like other games from the same driver crashes too.Crash happens with:
cyvern,galpans2,galpans2j,galpans3,panicstr,ryouranandteljan.Generating a game list to run tests:
mame galpans2 -lb > list.txt | cat list.txt | awk '{print $2}' >to_test.txtResult:
Command:
cmd /c for /F "tokens=*" %a in (to_test.txt) do mame -norc -rompath h:\roms -window -wdog 25 -bench 90 %a > log.txt 2>&1log.txt to_test.txt