Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05010 Crash/Freeze Critical (emulator) Always Sep 19, 2012, 10:43 20 days ago
Tester Tafoid View Status Public Platform
Assigned To Resolution Open OS
Status [?] Acknowledged Driver namcos2.cpp
Version 0.147 Fixed in Version Build
Summary 05010: luckywld, luckywldj, metlhawk, metlhawkj: [debug] Crash after OK
Description For both games, you get a similar crash. With metlhawk, it takes a few emulated seconds to hit the crashpoint. Only seems to be present in DEBUG=1 builds.

Program received signal SIGSEGV, Segmentation fault.
0x01006a21 in namcos2_shared_state::c169_roz_get_info (this=0x31500c,
    tileinfo=..., tile_index=32768, which=1) at src/mame/drivers/namcoic.c:961
961 UINT16 tile = m_c169_roz_videoram[tile_index];
(gdb) bt
#0 0x01006a21 in namcos2_shared_state::c169_roz_get_info (this=0x31500c,
    tileinfo=..., tile_index=32768, which=1) at src/mame/drivers/namcoic.c:961
#1 0x01006cf3 in namcos2_shared_state::c169_roz_get_info1 (this=0x31500c,
    tileinfo=..., tile_index=32768, param=0x0)
    at src/mame/drivers/namcoic.c:1030
#2 0x0325808c in delegate_base<void, tile_data&, unsigned int, void*, _noparam,
 _noparam>::operator() (this=0x35224700, p1=..., p2=32768, p3=0x0)
    at src/emu/delegate.h:619
#3 0x0256c217 in tilemap_t::tile_update (this=0x352246bc, logindex=128,
    col=128, row=0) at src/emu/tilemap.c:740
#4 0x0256c176 in tilemap_t::pixmap_update (this=0x352246bc)
    at src/emu/tilemap.c:721
#5 0x032510ad in tilemap_t::pixmap (this=0x352246bc) at src/emu/tilemap.h:475
#6 0x010071b5 in namcos2_shared_state::c169_roz_draw_helper (this=0x31500c,
    bitmap=..., tmap=..., clip=..., params=...)
    at src/mame/drivers/namcoic.c:1122
#7 0x01007638 in namcos2_shared_state::c169_roz_draw (this=0x31500c,
    bitmap=..., cliprect=..., pri=0) at src/mame/drivers/namcoic.c:1212
#8 0x0100a051 in namcos2_state::screen_update_luckywld (this=0x31500c,
    screen=..., bitmap=..., cliprect=...) at src/mame/video/namcos2.c:504
#9 0x032576d8 in delegate_base<unsigned int, screen_device&, bitmap_ind16&, rec
tangle const&, _noparam, _noparam>::operator() (this=0x323e06a4, p1=...,
    p2=..., p3=...) at src/emu/delegate.h:619
#10 0x02490b89 in screen_device::update_partial (this=0x323e03b4,
    scanline=223) at src/emu/screen.c:598
#11 0x027ff5a3 in video_manager::finish_screen_updates (this=0x2ac72c)
    at src/emu/video.c:647
#12 0x027fdf1a in video_manager::frame_update (this=0x2ac72c, debug=false)
    at src/emu/video.c:218
#13 0x024916bf in screen_device::vblank_begin (this=0x323e03b4)
    at src/emu/screen.c:808
#14 0x0248ff4b in screen_device::device_timer (this=0x323e03b4, timer=...,
    id=0, param=0, ptr=0x0) at src/emu/screen.c:393
#15 0x03201e7c in device_t::timer_expired (this=0x323e03b4, timer=..., id=0,
    param=0, ptr=0x0) at src/emu/device.h:221
#16 0x0249e13e in device_scheduler::execute_timers (this=0x22f258)
    at src/emu/schedule.c:910
#17 0x0249ce17 in device_scheduler::timeslice (this=0x22f258)
    at src/emu/schedule.c:429
#18 0x0254585b in running_machine::run (this=0x22c340, firstrun=true)
    at src/emu/machine.c:389
#19 0x0248da42 in mame_execute (options=..., osd=...) at src/emu/mame.c:190
#20 0x027c8406 in cli_frontend::execute (this=0x22fe80, argc=4, argv=0x3f4c20)
    at src/emu/clifront.c:252
#21 0x01d5c1bc in utf8_main (argc=4, argv=0x3f4c20)
    at src/osd/windows/winmain.c:482
#22 0x02a48f8a in wmain (argc=4, argv=0x3f4600) at src/osd/windows/main.c:82
#23 0x0040140b in __tmainCRTStartup ()
    at /home/ruben/mingw-w64/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:310
#24 0x7c817077 in RegisterWaitForInputIdle ()
   from C:\WINDOWS\system32\kernel32.dll
#25 0x00000000 in ?? ()
Steps To Reproduce
Additional Information
Flags Debug build specific
Regression Version 0.147
Affected Sets / Systems luckywld, luckywldj, metlhawk, metlhawkj
Attached Files
 
Relationships
There are no relationsihp linked to this issue.
Notes
8
User avatar
No.08910
Firewave
Senior Tester
Sep 19, 2012, 18:24
The problem is, that the tilemap is too big for the rozvideoram. It is defined as 0x100000 in these two sets where all other define it as 0x20000.
User avatar
No.10555
Firewave
Senior Tester
Apr 10, 2014, 21:46
edited on: Apr 10, 2014, 21:47
AddressSanitizer output from 0.153:

==1610==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310000757fe at pc 0x30405da bp 0x7fff388f80a0 sp 0x7fff388f8098
READ of size 2 at 0x6310000757fe thread T0
    #0 0x30405d9 in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int) /home/notroot/trunk/src/mame/drivers/namcoic.c:951
    #1 0x7fa4bd3 in delegate_base<void, tilemap_t&, tile_data&, unsigned int, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(tilemap_t&, tile_data&, unsigned int) const /home/notroot/trunk/src/emu/delegate.h:651
    #2 0x7fa4bd3 in tilemap_t::tile_update(unsigned int, unsigned int, unsigned int) /home/notroot/trunk/src/emu/tilemap.c:731
    #3 0x7fa4808 in tilemap_t::pixmap_update() /home/notroot/trunk/src/emu/tilemap.c:712
    #4 0x304187d in tilemap_t::pixmap() /home/notroot/trunk/src/emu/tilemap.h:506
    #5 0x304187d in namcos2_shared_state::c169_roz_draw_helper(screen_device&, bitmap_ind16&, tilemap_t&, rectangle const&, namcos2_shared_state::roz_parameters const&) /home/notroot/trunk/src/mame/drivers/namcoic.c:1112
    #6 0x3042778 in namcos2_shared_state::c169_roz_draw(screen_device&, bitmap_ind16&, rectangle const&, int) /home/notroot/trunk/src/mame/drivers/namcoic.c:1203
    #7 0x30ee89f in namcos2_state::screen_update_luckywld(screen_device&, bitmap_ind16&, rectangle const&) /home/notroot/trunk/src/mame/video/namcos2.c:505
    #8 0x7f806d9 in delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /home/notroot/trunk/src/emu/delegate.h:651
    #9 0x7f806d9 in screen_device::update_partial(int) /home/notroot/trunk/src/emu/screen.c:613
    #10 0x801a7e0 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:624
    #11 0x8019e84 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:200
    #12 0x7f7fa9f in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:812
    #13 0x7f76b63 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:199
    #14 0x7f76b63 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:900
    #15 0x7e8adf1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:378
    #16 0x7e821d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #17 0x7c82758 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #18 0x5608f55 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #19 0x7f2a38dc7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #20 0x101071c in _start (/home/notroot/trunk/mame64d+0x101071c)

0x6310000757ff is located 0 bytes to the right of 69631-byte region [0x631000064800,0x6310000757ff)
allocated by thread T0 here:
    #0 0xffa639 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74
    #1 0x82bd41a in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:104
    #2 0x788bef0 in operator new[](unsigned long, char const*, int) /home/notroot/trunk/src/lib/util/corealloc.h:84
    #3 0x788bef0 in dynamic_array<unsigned char>::expand_internal(int) /home/notroot/trunk/src/lib/util/coretmpl.h:107
    #4 0x788bef0 in dynamic_array<unsigned char>::resize(int) /home/notroot/trunk/src/lib/util/coretmpl.h:94
    #5 0x788bef0 in dynamic_array<unsigned char>::resize_and_clear(int, unsigned char) /home/notroot/trunk/src/lib/util/coretmpl.h:99
    #6 0x7ecb800 in memory_block::memory_block(address_space&, unsigned int, unsigned int, void*) /home/notroot/trunk/src/emu/memory.c:4083
    #7 0x7ea0782 in address_space::allocate_memory() /home/notroot/trunk/src/emu/memory.c:2142
    #8 0x7e9d217 in memory_manager::initialize() /home/notroot/trunk/src/emu/memory.c:1605
    #9 0x7e874a8 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:253
    #10 0x7e8ac8d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349
    #11 0x7e821d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194
    #12 0x7c82758 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237
    #13 0x5608f55 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379
    #14 0x7f2a38dc7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260

User avatar
No.11493
Firewave
Senior Tester
Mar 5, 2015, 17:43
Added additional sets from 0.159 testrun.
User avatar
No.11525
peterferrie
Developer
Mar 19, 2015, 07:03
They all work if the ROM size is increased to 128kb.
Any idea why they were set at 64kb? Can we just increase to 128kb and go home?
User avatar
No.11531
AWJ
Developer
Mar 20, 2015, 07:01
Probably because there's only 64KB of RAM (not ROM) on those boards. Fixing the namcoic.c code to work with variable RAM sizes is the answer, not adding nonexistent RAM to the address maps.
User avatar
No.11769
peterferrie
Developer
Jun 19, 2015, 20:09
this appears to be fixed in 0.162, but I haven't found the check-in that's responsible for it...
User avatar
No.11774
Tafoid
Administrator
Jun 19, 2015, 22:19
looks like it was fixed in 0.161, my local copy of mamed for 0.161 doesn't crash. Resolving.
User avatar
No.14593
Firewave
Senior Tester
20 days ago
Still happening in 0.193

==118926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310010157fe at pc 0x00000342d0bd bp 0x7ffea1b8cf40 sp 0x7ffea1b8cf38
READ of size 2 at 0x6310010157fe thread T0
    #0 0x342d0bc in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:869:18
    #1 0x342d274 in namcos2_shared_state::c169_roz_get_info1(tilemap_t&, tile_data&, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:938:2
    #2 0xe7eef5c in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #3 0xe7eef5c in tilemap_t::tile_update(unsigned int, unsigned int, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:750
    #4 0xe7eea7f in tilemap_t::pixmap_update() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:731:5
    #5 0x342e151 in pixmap /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.h:516:27
    #6 0x342e151 in namcos2_shared_state::c169_roz_draw_helper(screen_device&, bitmap_ind16&, tilemap_t&, rectangle const&, namcos2_shared_state::roz_parameters const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:1032
    #7 0x342f7e4 in namcos2_shared_state::c169_roz_draw(screen_device&, bitmap_ind16&, rectangle const&, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:1123:6
    #8 0x34a6343 in namcos2_state::screen_update_luckywld(screen_device&, bitmap_ind16&, rectangle const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/namcos2.cpp:502:4
    #9 0xe7ac132 in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #10 0xe7ac132 in screen_device::update_partial(int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1219
    #11 0xe833c67 in video_manager::finish_screen_updates() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:694:10
    #12 0xe8332a0 in video_manager::frame_update(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:208:27
    #13 0xe7aa719 in screen_device::vblank_begin() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1524:21
    #14 0xe7a9c7c in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:997:4
    #15 0xe795168 in timer_expired /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.h:520:83
    #16 0xe795168 in device_scheduler::execute_timers() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:906
    #17 0xe78ea0f in device_scheduler::timeslice() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:530:2
    #18 0xe6a324b in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:357:17
    #19 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #20 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #21 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #22 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #23 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #24 0x7f172faf282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #25 0x1431838 in _start (/mnt/mame/mame64+0x1431838)

0x6310010157ff is located 0 bytes to the right of 69631-byte region [0x631001004800,0x6310010157ff)
allocated by thread T0 here:
    #0 0x14fd722 in operator new(unsigned long) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3
    #1 0xe225de3 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/ext/new_allocator.h:104:27
    #2 0xe225de3 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/alloc_traits.h:491
    #3 0xe225de3 in _M_allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:170
    #4 0xe225de3 in _M_default_append /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/vector.tcc:557
    #5 0xe225de3 in resize /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:676
    #6 0xe225de3 in memory_block::memory_block(address_space&, unsigned int, unsigned int, void*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:4241
    #7 0xe2082c1 in make_unique<memory_block, address_space &, unsigned int &, unsigned int &> /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/unique_ptr.h:765:34
    #8 0xe2082c1 in address_space::allocate_memory() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:2397
    #9 0xe1f7e59 in allocate_memory /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/dimemory.h:112:87
    #10 0xe1f7e59 in memory_manager::initialize() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1848
    #11 0xe69f9d6 in running_machine::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:239:11
    #12 0xe6a2a41 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:310:3
    #13 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #14 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #15 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #16 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #17 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #18 0x7f172faf282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:869:18 in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int)
Shadow bytes around the buggy address:
  0x0c62801faaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c62801faab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c62801faac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c62801faad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c62801faae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c62801faaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]
  0x0c62801fab00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801fab10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801fab20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801fab30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c62801fab40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb