Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05108 Crash/Freeze Critical (emulator) Always Jan 19, 2013, 13:25 Jul 1, 2014, 17:38
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To Resolution Fixed OS
Status [?] Resolved Driver atari400.cpp
Version 0.148 Fixed in Version 0.154 Build Debug
Summary MESS-specific 05108: a600xl: Crash with "-cart salt100"
Description
-----------------------------------------------------
Exception at EIP=000000013FFF1535 (+0x3fff1535): ACCESS VIOLATION
While attempting to write memory at 0000000002F62000
-----------------------------------------------------
RAX=00000000031D2000 RBX=0000000000000000 RCX=0000000000002000 RDX=0000000000000000
RSI=00000000031D2000 RDI=0000000002F62000 RBP=0000000000000000 RSP=0000000000245D10
 R8=00000001420B3F80  R9=0000000000000007 R10=0000000000000047 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  0000000000245DD0: 000000013FFF1535 (a800_setbank+0x04c5, s:\svn\mame\src\mess\machine\ataricrt.c:81)
  0000000000245E00: 000000013FFF1CB1 (ms_atari800xl_machine_start+0x0041, s:\svn\mame\src\mess\machine\ataricrt.c:144)
  0000000000245E30: 000000013FFF040D (machine_start_a800xl+0x003d, s:\svn\mame\src\mess\machine\ataricrt.c:588)
  0000000000245E60: 0000000140EB827E (delegate_base<void,_noparam,_noparam,_noparam,_noparam,_noparam>::operator()+0x002e, s:\svn\mame\src\emu\delegate.h:539)
  0000000000245F50: 00000001418753E4 (driver_device::device_start+0x0284, s:\svn\mame\src\emu\driver.c:282)
  0000000000246450: 000000014186B695 (device_t::start+0x01b5, s:\svn\mame\src\emu\device.c:452)
  0000000000246910: 00000001418BB795 (running_machine::start_all_devices+0x0125, s:\svn\mame\src\emu\machine.c:960)
  0000000000246C70: 00000001418BADC8 (running_machine::start+0x0738, s:\svn\mame\src\emu\machine.c:314)
  00000000002471E0: 00000001418B95D3 (running_machine::run+0x0203, s:\svn\mame\src\emu\machine.c:375)
  000000000024D960: 0000000141743868 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190)
  000000000024F880: 0000000141ECC51F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:255)
  000000000024FD70: 0000000141E4D88B (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:484)
  000000000024FDB0: 0000000141E494E0 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82)
  000000000024FE00: 0000000141DE8B4C (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241)
  000000000024FE30: 0000000141DE8C8E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164)
  000000000024FE60: 000000007738652D (BaseThreadInitThunk+0x000d)
  000000000024FEB0: 000000007791C521 (RtlUserThreadStart+0x0021)
Steps To Reproduce
Additional Information
Flags
Regression Version
Affected Sets / Systems a600xl
Attached Files
 
Relationships
There are no relationsihp linked to this issue.
Notes
4
User avatar
No.09251
Firewave
Senior Tester
Jan 19, 2013, 13:25
Invalid write of size 8
==15017==    at 0x6331C9B: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15017==    by 0x626D14: a800_setbank(running_machine&, int) (ataricrt.c:81)
==15017==    by 0x627395: ms_atari800xl_machine_start(running_machine&, int, int) (ataricrt.c:143)
==15017==    by 0x62891B: machine_start_a800xl(running_machine&) (ataricrt.c:587)
==15017==    by 0xECA071: delegate_base<void, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()() const (delegate.h:539)
==15017==    by 0x1A13603: driver_device::device_start() (driver.c:281)
==15017==    by 0x19DFCD8: device_t::start() (device.c:449)
==15017==    by 0x1AA6133: running_machine::start_all_devices() (machine.c:960)
==15017==    by 0x1AA4360: running_machine::start() (machine.c:311)
==15017==    by 0x1AA48E7: running_machine::run(bool) (machine.c:372)
==15017==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==15017==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==15017==    by 0x13154D8: main (sdlmain.c:371)
==15017==  Address 0x109c3970 is 0 bytes after a block of size 65,536 alloc'd
==15017==    at 0x63303F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15017==    by 0x1F162D9: osd_malloc_array (sdlos_unix.c:101)
==15017==    by 0x1A1AAAA: malloc_array_file_line(unsigned long, char const*, int) (emualloc.c:171)
==15017==    by 0x19EFB73: dynamic_array<unsigned char>::expand_internal(int, bool) (emualloc.h:122)
==15017==    by 0x19EFA65: dynamic_array<unsigned char>::dynamic_array(int) (in /home/notroot/trunk/mess64d)
==15017==    by 0x1AB6C36: memory_region::memory_region(running_machine&, char const*, unsigned int, unsigned char, endianness_t) (memory.c:4275)
==15017==    by 0x1AAB027: memory_manager::region_alloc(char const*, unsigned int, unsigned char, endianness_t) (memory.c:1579)
==15017==    by 0x1B06385: process_region_list(romload_private*) (romload.c:1427)
==15017==    by 0x1B06998: rom_init(running_machine&) (romload.c:1501)
==15017==    by 0x1AA3EFA: running_machine::start() (machine.c:278)
==15017==    by 0x1AA48E7: running_machine::run(bool) (machine.c:372)
==15017==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==15017==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==15017==    by 0x13154D8: main (sdlmain.c:371) 
User avatar
No.09252
Tafoid
Administrator
Jan 19, 2013, 16:20
When I run with that above mentioned cart, my UI does not work properly and only shows as as line from top to bottom on the screen with the expected background color. As soon as I escape, I get a crash.
User avatar
No.09427
Firewave
Senior Tester
Mar 9, 2013, 18:57
The problem is, that the "maincpu" region only has a size of 0x10000, but the code tries to copy data to it starting with 0x10000.
User avatar
No.10822
Tafoid
Administrator
Jul 1, 2014, 17:38
Fixed by alegend45 (r31156)