Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05047 Crash/Freeze Critical (emulator) Always Oct 27, 2012, 16:17 Aug 29, 2016, 22:54
Tester Tafoid View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Windows XP
Status [?] Resolved Driver itech32.cpp
Version 0.147u1 Fixed in Version 0.161 Build Debug
Summary 05047: pairsred: [debug] Crash after OK
Description Attempting to run causes a crash after OK:
Exception at EIP=030EB9D8 (direct_read_data::read_decrypted_byte(unsigned int, unsigned int)+0x0034): ACCESS VIOLATION
Steps To Reproduce
Additional Information
Flags Debug build specific
Regression Version 0.146u5
Affected Sets / Systems pairsred
Attached Files
 
Relationships
There are no relationsihp linked to this issue.
Notes
4
User avatar
No.09062
Osso
Developer
Oct 29, 2012, 16:59
Can't reproduce with current SVN build (r18769)

(gdb) run pairsred -window
Starting program: /home/potschet/Scrivania/mame/mame64d pairsred -window
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffedd27700 (LWP 24876)]
[New Thread 0x7fffe9191700 (LWP 24877)]
[Thread 0x7fffe9191700 (LWP 24877) exited]
[New Thread 0x7fffe9191700 (LWP 24878)]
Average speed: 100.00% (20 seconds)
[Thread 0x7fffe9191700 (LWP 24878) exited]
[Thread 0x7fffedd27700 (LWP 24876) exited]
Speaker ":mono" - max = 65756 (gain *= 0.498312) - 0% samples clipped
[Inferior 1 (process 24875) exited normally]
User avatar
No.09319
Firewave
Senior Tester
Feb 9, 2013, 14:04

-----------------------------------------------------
Exception at EIP=000000014188458B (+0x4188458b): ACCESS VIOLATION
While attempting to read memory at 0000000003B5BB43
-----------------------------------------------------
RAX=0000000000005B43 RBX=0000000000000000 RCX=0000000003B56000 RDX=0000000000000005
RSI=00000000032A5C58 RDI=0000000000176650 RBP=0000000000000000 RSP=0000000000176630
 R8=0000000000000001 R9=00000000001764C4 R10=FEFEFEFEFEFEFEFF R11=8080808080808080
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  0000000000176650: 000000014188458B (direct_read_data::read_decrypted_byte+0x005b, s:\svn\mame\src\emu\memory.h:1028)
  0000000000176680: 00000001418C505B (m6809_base_device::execute_run+0x00fb, s:\svn\mame\src\emu\cpu\m6809\m6809.c:752)
  00000000001766B0: 00000001422DD121 (device_execute_interface::run+0x0031, s:\svn\mame\src\emu\diexec.h:216)
  00000000001767D0: 00000001422D9E72 (device_scheduler::timeslice+0x0432, s:\svn\mame\src\emu\schedule.c:489)
  0000000000176D40: 00000001422DF16C (running_machine::run+0x034c, s:\svn\mame\src\emu\machine.c:396)
  000000000017D4C0: 0000000142237B88 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190)
  000000000017F3E0: 00000001422F436F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:258)
  000000000017F8D0: 0000000142E604BB (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:493)
  000000000017F910: 0000000142E5C0F0 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82)
  000000000017F960: 0000000142DF82CC (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241)
  000000000017F990: 0000000142DF840E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164)
  000000000017F9C0: 0000000076CE652D (BaseThreadInitThunk+0x000d)
  000000000017FA10: 000000007728C521 (RtlUserThreadStart+0x0021)
User avatar
No.09320
Firewave
Senior Tester
Feb 9, 2013, 14:06
==35789== Invalid read of size 1
==35789== at 0x383B28E: direct_read_data::read_decrypted_byte(unsigned int, unsigned int) (memory.h:1028)
==35789== by 0x44B7E74: m6809_base_device::execute_run() (m6809.c:752)
==35789== by 0x44B82CB: non-virtual thunk to m6809_base_device::execute_run() (debugger.h:50)
==35789== by 0x5245218: device_execute_interface::run() (diexec.h:216)
==35789== by 0x5242987: device_scheduler::timeslice() (schedule.c:488)
==35789== by 0x51744BE: running_machine::run(bool) (machine.c:393)
==35789== by 0x516F6DB: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==35789== by 0x4FF2F22: cli_frontend::execute(int, char**) (clifront.c:255)
==35789== by 0x36FC4B9: main (sdlmain.c:371)
==35789== Address 0x16432673 is 4,611 bytes inside a block of size 12,960 free'd
==35789== at 0xFFAE7A6: free (vg_replace_malloc.c:446)
==35789== by 0x101E397C: SDL_FreeSurface (SDL_surface.c:935)
==35789== by 0x36FF207: sdl_osd_interface::font_get_bitmap(void*, unsigned int, bitmap_argb32&, int&, int&, int&) (sdlmain.c:1148)
==35789== by 0x5208981: render_font::char_expand(unsigned int, render_font::glyph&) (rendfont.c:194)
==35789== by 0x520D33D: render_font::get_char(unsigned int) (rendfont.c:93)
==35789== by 0x520A158: render_font::char_width(float, float, unsigned int) (rendfont.c:347)
==35789== by 0x528DEC4: ui_draw_text_full(render_container*, char const*, float, float, float, int, int, int, unsigned int, unsigned int, float*, float*) (ui.c:632)
==35789== by 0x528D220: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:806)
==35789== by 0x52877E5: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==35789== by 0x528CCC1: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==35789== by 0x52DC229: video_manager::frame_update(bool) (video.c:241)
==35789== by 0x528CAB2: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
==35789==
==35789== Invalid read of size 1
==35789== at 0xC4572E: direct_read_data::read_raw_byte(unsigned int, unsigned int) (memory.h:1021)
==35789== by 0x44599F0: m6809_base_device::neg_di() (6809ops.c:31)
==35789== by 0x44B7FCA: m6809_base_device::execute_run() (m6809.c:754)
==35789== by 0x44B82CB: non-virtual thunk to m6809_base_device::execute_run() (debugger.h:50)
==35789== by 0x5245218: device_execute_interface::run() (diexec.h:216)
==35789== by 0x5242987: device_scheduler::timeslice() (schedule.c:488)
==35789== by 0x51744BE: running_machine::run(bool) (machine.c:393)
==35789== by 0x516F6DB: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==35789== by 0x4FF2F22: cli_frontend::execute(int, char**) (clifront.c:255)
==35789== by 0x36FC4B9: main (sdlmain.c:371)
==35789== Address 0x16432674 is 4,612 bytes inside a block of size 12,960 free'd
==35789== at 0xFFAE7A6: free (vg_replace_malloc.c:446)
==35789== by 0x101E397C: SDL_FreeSurface (SDL_surface.c:935)
==35789== by 0x36FF207: sdl_osd_interface::font_get_bitmap(void*, unsigned int, bitmap_argb32&, int&, int&, int&) (sdlmain.c:1148)
==35789== by 0x5208981: render_font::char_expand(unsigned int, render_font::glyph&) (rendfont.c:194)
==35789== by 0x520D33D: render_font::get_char(unsigned int) (rendfont.c:93)
==35789== by 0x520A158: render_font::char_width(float, float, unsigned int) (rendfont.c:347)
==35789== by 0x528DEC4: ui_draw_text_full(render_container*, char const*, float, float, float, int, int, int, unsigned int, unsigned int, float*, float*) (ui.c:632)
==35789== by 0x528D220: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:806)
==35789== by 0x52877E5: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==35789== by 0x528CCC1: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==35789== by 0x52DC229: video_manager::frame_update(bool) (video.c:241)
==35789== by 0x528CAB2: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
User avatar
No.09327
Phil Bennett
Developer
Feb 10, 2013, 18:04
There's a bug in the sound program that causes a jump to unmapped space. The crash is an unpleasant side-effect.