Viewing Issue Advanced Details
Jump to Notes ]
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
01968 Cheat System Critical (emulator) Always Jul 3, 2008, 18:02 Jul 4, 2008, 16:58
Tester Tafoid View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Windows 2000
Status [?] Resolved Driver
Version 0.125u9 Fixed in Version 0.126 Build Athlon
Fixed in Git Commit Github Pull Request #
Summary 01968: -CHEAT trigger causes MAME crash when starting or exiting with some sets.
Description Use of -CHEAT with any set causes a fatal exception when exiting MAME.

-----------------------------------------------------
Exception at EIP=77FCD989: ACCESS VIOLATION
While attempting to write memory at 0000002E
-----------------------------------------------------
EAX=69726F49 EBX=03140000 ECX=0000002E EDX=057609C8
ESI=057603C0 EDI=057609C8 EBP=0022FCB4 ESP=0022FCA8
Steps To Reproduce
Additional Information Examples:
MAME pacman -cheat
MAME mappy -cheat
MAME mk -cheat
MAME dino -cheat
Github Commit
Flags
Regression Version 0.125u9
Affected Sets / Systems
Attached Files
zip file icon cheat123.zip (1,360,891 bytes) Jul 4, 2008, 00:00
Relationships
related to 01952Resolved  sfex2p: Cheat crash. 
Notes
9
User avatar
No.01468
couriersud
Developer
Jul 3, 2008, 18:31
 Does not reproduce on linux 64bit.
What is your cheat_file setting? Please attach mame.ini?
Can someone provide a backtrace from windows?
User avatar
No.01469
Tafoid
Administrator
Jul 3, 2008, 18:57
 Latest official cheat.dat from Pugsy's (0.123) Dated February 5th.
I have only 2 items defined in my MAME.INI:
<UNADORNED0>

#
# CORE CONFIGURATION OPTIONS
#
readconfig 1

#
# CORE SEARCH PATH OPTIONS
#
rompath roms;misfitroms;F:\Documents and Settings\Administrator\My Documents\My BNR2 Downloads\CHD;ageroms

I'm taking the time (about 45 minutes) to build a symbols build and I'll report what I get.
User avatar
No.01470
robiza
Developer
Jul 3, 2008, 19:24
 confirmed
User avatar
No.01471
Tafoid
Administrator
Jul 3, 2008, 19:45
edited on: Jul 3, 2008, 19:49
 It's odd, it's crashing before the game start with a fresh symbols build, 32-bit baseline:
F:\MAMESRC>gdb mamesymbols.exe
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...
(gdb) run pacman -window -cheat
Starting program: F:\MAMESRC/mamesymbols.exe pacman -window -cheat
Loaded symbols for C:\WINNT\system32\ADVAPI32.DLL
Loaded symbols for C:\WINNT\system32\KERNEL32.DLL
Loaded symbols for C:\WINNT\system32\rpcrt4.dll
Loaded symbols for C:\WINNT\system32\secur32.dll
Loaded symbols for C:\WINNT\system32\comctl32.dll
Loaded symbols for C:\WINNT\system32\GDI32.DLL
Loaded symbols for C:\WINNT\system32\USER32.DLL
Loaded symbols for C:\WINNT\system32\dinput.dll
Loaded symbols for C:\WINNT\system32\msvcrt.dll
Loaded symbols for C:\WINNT\system32\winmm.dll
Loaded symbols for C:\WINNT\system32\dsound.dll
Loaded symbols for C:\WINNT\system32\OLE32.DLL
Loaded symbols for C:\WINNT\system32\version.dll
Loaded symbols for C:\WINNT\system32\lz32.dll
Loaded symbols for C:\WINNT\system32\SHLWAPI.DLL

Program received signal SIGSEGV, Segmentation fault.
0x78025a29 in wscanf () from C:\WINNT\system32\msvcrt.dll
(gdb) bt full
#0 0x78025a29 in wscanf () from C:\WINNT\system32\msvcrt.dll
No symbol table info available.
#1 0x7802392f in sscanf () from C:\WINNT\system32\msvcrt.dll
No symbol table info available.
#2 0x00c25532 in load_cheat_code_standard (machine=0x6fbe460,
    file_name=0x22fc8a "cheat.dat") at src/emu/cheat.c:9619
        type = 0
        data = 0
        extend_data = 0
        action = (cheat_action *) 0x7520656d
        address = 0
        is_error = 0
        entry = (cheat_entry *) 0x61672065
        format = (const struct _cheat_format *) 0x21f9720
        buf = ":2020bb:62000000:000000:00000000:00000000:Select Cartridge/NeoGeo
 Type:Enable it DURING the neogeo bios booting sequence. If you miss the boot se
quence reset and THEN enable it. The Home (NEOGEO) sett"...
        the_file = (mame_file *) 0x84d0d40
        buffer = (cheat_format_strings *) 0x6b616d20
Backtrace stopped: frame did not save the PC

Again, this only happens with -cheat toggled AND having a CHEAT.DAT in folder - as it's not reading in the .DAT file correctly.

EDIT: Modifying the summery to reflect that it can crash entering or exiting
User avatar
No.01473
couriersud
Developer
Jul 3, 2008, 23:59
 Tafoid, could you please attach the cheat.dat which is causing the issue?
It will help tracking down the issue. I am not able to reproduce this on linux64 and it looks like it is crashing on your cheat.dat. Thanks!
User avatar
No.01474
Tafoid
Administrator
Jul 4, 2008, 00:01
edited on: Jul 4, 2008, 01:17
 Same one as available on cheat.retrogames.com - but here it is.

EDIT: It also crashed out as soon as I selected a new random game from the UI.
User avatar
No.01477
Haze
Senior Tester
Jul 4, 2008, 10:19
 yeah.. the bug is probably when it's loading.. hence the -------------------- crashes etc. on some sets.

quite often on non-debug builds you'll find buggy drivers crashing on exit rather than crashing where the actual bug is..

IMO cheat loading is broken.
User avatar
No.01479
ShimaPong
Tester
Jul 4, 2008, 15:36
edited on: Jul 4, 2008, 15:39
 OK, I confirmed and found the reason.

Open cheat.c and go to line 9599.
static void load_cheat_code_standard(running_machine *machine, char *file_name)
{
	char		buf[256];
	mame_file	*the_file;
	cheat_format_strings
				*buffer = format_strings;

	/* open the database */
	if(open_cheat_database(&the_file, file_name, DATABASE_LOAD) == 0) return;
	found_database = 1;
	/* get a line from database */
	while(mame_fgets(buf, 2048, the_file)) <- line 9599
	{
And change "2048" to "255"
<Before>
	while(mame_fgets(buf, 2048, the_file))

<After>
	while(mame_fgets(buf, 255, the_file))
Sorry, it's complete my mistake because load_cheat_code_new() and load_cheat_code_old() has been already fixed with this value but not fixed against load_cheat_code_standard().
I have sent diff with small change to dev (I have replaced this value with a macro in submit version)

BTW, I doubt the code which causes the crash.
:2020bb:62000000:000000:00000000:00000000:Select Cartridge/NeoGeo Type:Enable it DURING the neogeo bios booting sequence. If you miss the boot sequence reset and THEN enable it. The Home (NEOGEO) setting may open up other aspects of the game or it may even make the game unplayable.
"Enable it...game unplayable." is set in the comment field.
I think that this field will be designed to display "SIMPLE and 1-LINE" comment.
But this code has "LONG and MULTI-LINE" comment.
I don't know why it has been set to comment "FIELD" because I'm not a original code creator/poster.
Anyway in this case, it's better to use (extend) comment "LINE" code instead of "FIELD".

Sample with new format and see screenshot
:2020bb::F100000000::000000::00000000::00000000:------ Cartridge/NeoGeo Type -----
:2020bb::F100010000::000000::00000000::00000000:Enable it DURING the neogeo bios booting sequence.
:2020bb::F100010000::000000::00000000::00000000:If you miss the boot sequence reset and THEN enable it,
:2020bb::F100010000::000000::00000000::00000000:the Home (NEOGEO) setting may open up other aspects
:2020bb::F100010000::000000::00000000::00000000:of the game or it may even make the game unplayable.
;2020bb::F100010000::000000::00000000::00000000:----------------------------------
:2020bb::F300000000::000000::00000000::00000000:Select Cartridge/NeoGeo Type
Multi-line comment codes are packed into "Read Me" line in code selection menu and displayed in new window when you select.
User avatar
No.01484
robiza
Developer
Jul 4, 2008, 16:58
 fixed by ShimaPong