03445: znpwfv: Segmentation Fault

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
03445	Crash/Freeze	Critical (emulator)	Sometimes	Sep 22, 2009, 22:10	May 26, 2011, 00:03

Tester	Tafoid	View Status	Public	Platform
Assigned To	Kale	Resolution	Fixed	OS
Status [?]	Resolved			Driver	sega/saturn.cpp
Version	0.142u1	Fixed in Version	0.142u5	Build	Normal
		Fixed in Git Commit		Github Pull Request #

Summary	03445: znpwfv: Segmentation Fault
Description	When you try to start a fight as the screen is fading and zooming in, MAME crashes with the following: Program received signal SIGSEGV, Segmentation fault. 0x00e49dfc in draw_sprites (machine=..., bitmap=0x13db974c, cliprect=0x22ecb0, pri=1 '\001') at src/mame/video/stvvdp2.c:6258 6258 bitmap_line[x*2] = machine.pens[ pix ];
Steps To Reproduce	Begin MAME and let it run until a demonstration match starts.
Additional Information	stv.c merged into saturn.c in 0.142u2 First bug: 0.134-0.138u1 Reopened: 0.142u2 This may have always been an issue and the bug not truly resolved. Reopened from message from Solstar: http://www.mameworld.info/ubbthreads/showthreaded.php?Cat=&Number=252430
Github Commit

Flags
Regression Version
Affected Sets / Systems	znpwfv

Attached Files

No.04964 wuemura Viewer Sep 22, 2009, 23:43	In my computer I've got a game reset followed by mame crash: ----------------------------------------------------- Exception at EIP=00878EF3: ACCESS VIOLATION While attempting to write memory at 0FF942C8 ----------------------------------------------------- EAX=00000000 EBX=0FF942C8 ECX=04E93320 EDX=00000DC9 ESI=0F6B0020 EDI=00000000 EBP=0022FBB8 ESP=0022FA20
No.04969 Fujix Administrator Sep 23, 2009, 06:30	Confirmed him Gary Albright.
No.06073 Firewave Senior Tester May 10, 2010, 14:22	Here's a stack trace with Visual Studio 2010: > vmamevs10d.exe!draw_sprites(running_machine * machine=0x0023d008, bitmap_t * bitmap=0x0c009768, const _rectangle * cliprect=0x0012da5c, unsigned char pri='') Line 6179 + 0x19 bytes C++ vmamevs10d.exe!video_update_stv_vdp2(running_device * screen=0x0024b078, bitmap_t * bitmap=0x0c009768, const _rectangle * cliprect=0x0012da5c) Line 6288 + 0x28 bytes C++ vmamevs10d.exe!video_screen_update_partial(running_device * screen=0x0024b078, int scanline=447) Line 655 + 0x2a bytes C++ vmamevs10d.exe!finish_screen_updates(running_machine * machine=0x0023d008) Line 1362 + 0x19 bytes C++ vmamevs10d.exe!video_frame_update(running_machine * machine=0x0023d008, int debug=0) Line 1291 + 0x9 bytes C++ vmamevs10d.exe!vblank_end_callback(running_machine * machine=0x0023d008, void * ptr=0x0024b078, int param=0) Line 1213 + 0xb bytes C++ vmamevs10d.exe!timer_execute_timers(running_machine * machine=0x0023d008) Line 406 + 0x1c bytes C++ vmamevs10d.exe!cpuexec_timeslice(running_machine * machine=0x0023d008) Line 375 + 0x9 bytes C++ vmamevs10d.exe!mame_execute(_core_options * options=0x07dc34a0) Line 320 + 0x9 bytes C++ vmamevs10d.exe!cli_execute(int argc=6, char * * argv=0x07dc3448, const _options_entry * osd_options=0x035240b0) Line 177 + 0x9 bytes C++ vmamevs10d.exe!utf8_main(int argc=6, char * * argv=0x07dc3448) Line 318 + 0x12 bytes C++ vmamevs10d.exe!wmain(int argc=6, wchar_t * * argv=0x07dc36b0) Line 82 + 0xd bytes C++ vmamevs10d.exe!__tmainCRTStartup() Line 278 + 0x19 bytes C vmamevs10d.exe!wmainCRTStartup() Line 189 C The code in question is bitmap_line[x2] = machine->pens[ pix ]; The debugger shows, that "bitmap_line" is invalid. It is read in line 6075 cause "interlace_framebuffer" is 1 with bitmap_line = BITMAP_ADDR16(bitmap, 2y, 0); "y" is 256 and bitmap looks like this - bitmap 0x0c009768 bitmap_t * - _bitmap_base {alloc=0x07c70040 base=0x07c70040 rowpixels=912 ...} _bitmap_base alloc 0x07c70040 void * base 0x07c70040 void * rowpixels 912 int width 912 int height 488 int format BITMAP_FORMAT_RGB15 _bitmap_format bpp 16 int + palette 0x07ee08f0 {refcount=5 numcolors=6144 numgroups=1 ...} _palette_t * + cliprect {min_x=0 max_x=911 min_y=0 ...} _rectangle Maybe the issue is, that it tries to access 5line 12, but it only has a height of 488?
No.06162 Kale Developer May 22, 2010, 17:32	Same issue as sokyugrt (MT #3710)