Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05158 Crash/Freeze Critical (emulator) Always Feb 12, 2013, 18:30 Nov 24, 2014, 14:53
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To R. Belmont Resolution Fixed OS
Status [?] Resolved Driver
Version 0.148u1 Fixed in Version 0.156 Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05158: agat7: Access Violation with "-debug -ramsize 16384"
Description
-----------------------------------------------------
Exception at EIP=000000013FA19FE2 (+0x3fa19fe2): ACCESS VIOLATION
While attempting to read memory at 0000000005569800
-----------------------------------------------------
RAX=0000000000007800 RBX=0000000000000000 RCX=0000000005562000 RDX=00000000042B11A8
RSI=00000000002F6C58 RDI=00000000002F69A0 RBP=0000000000000000 RSP=00000000002F6960
 R8=0000000000003800  R9=00000000000000FF R10=FEFEFEFEFEFEFEFF R11=8080808080808080
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  00000000002F6960: 000000013FA19FE2 (apple2_state::apple2_mainram4000_r+0x0032, s:\svn\mame\src\mess\machine\apple2.c:1229)
  00000000002F69A0: 000000013FA218DD (delegate_mfp::method_stub<apple2_state,unsigned char,address_space & __ptr64,unsigned int,unsigned char>+0x006d, s:\svn\mame\src\emu\delegate.h:329)
  00000000002F69D0: 000000013FA2205D (delegate_base<unsigned char,address_space & __ptr64,unsigned int,unsigned char,_noparam,_noparam>::operator()+0x004d, s:\svn\mame\src\emu\delegate.h:542)
  00000000002F6A00: 000000014134EC50 (handler_entry_read::read8+0x0050, s:\svn\mame\src\emu\memory.c:393)
  00000000002F6A50: 0000000141352B1A (address_space_specific<unsigned char,0,0>::read_native+0x00da, s:\svn\mame\src\emu\memory.c:1084)
  00000000002F6A90: 000000014134EFB7 (address_space_specific<unsigned char,0,0>::read_byte+0x0037, s:\svn\mame\src\emu\memory.c:1389)
  00000000002F6AD0: 0000000140B2B079 (m6502_device::mi_default_normal::read+0x0059, s:\svn\mame\src\emu\cpu\m6502\m6502.c:684)
  00000000002F6B00: 0000000140B6CBD6 (m6502_device::read+0x0046, s:\svn\mame\src\emu\cpu\m6502\m6502.h:196)
  00000000002F6B30: 0000000140B52341 (m6502_device::sta_idy_full+0x01a1, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:6134)
  00000000002F6B70: 0000000140B2D41C (m6502_device::do_exec_full+0x08dc, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:10751)
  00000000002F6BD0: 0000000140B2BB8F (m6502_device::execute_run+0x016f, s:\svn\mame\src\emu\cpu\m6502\m6502.c:414)
  00000000002F6C00: 0000000141447271 (device_execute_interface::run+0x0031, s:\svn\mame\src\emu\diexec.h:216)
  00000000002F6D20: 0000000141443D82 (device_scheduler::timeslice+0x0472, s:\svn\mame\src\emu\schedule.c:493)
  00000000002F7290: 000000014145EFAC (running_machine::run+0x034c, s:\svn\mame\src\emu\machine.c:396)
  00000000002FDA10: 00000001412D2B28 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190)
  00000000002FF930: 000000014141139F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:258)
  00000000002FFE20: 0000000141A31B2B (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:493)
  00000000002FFE60: 0000000141A2D760 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82)
  00000000002FFEB0: 00000001419CCD0C (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241)
  00000000002FFEE0: 00000001419CCE4E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164)
  00000000002FFF10: 0000000076CE652D (BaseThreadInitThunk+0x000d)
  00000000002FFF60: 000000007728C521 (RtlUserThreadStart+0x0021)
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems agat7
Attached Files
 
Relationships
related to 05157ResolvedR. Belmont  ace100: Access Violation with "-debug -flop1 4080trkd -ramsize 12288" 
Notes
2
User avatar
No.09360
Tafoid
Administrator
Feb 13, 2013, 10:14
edited on: Feb 14, 2013, 19:39
Emulation keeps running for me but the Debug window is stuck on a "KIL" opcode.
Possible regression in r14832 when slots were rewitten for apple2.c
User avatar
No.11196
Firewave
Senior Tester
Oct 31, 2014, 17:26
==22828==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000adea9 at pc 0x0000010c7f73 bp 0x7fffe82414c0 sp 0x7fffe82414b8
READ of size 1 at 0x6290000adea9 thread T0
    #0 0x10c7f72 in apple2_state::apple2_mainram4000_r(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/mess/machine/apple2.c:1383:2
    #1 0x58f683d in delegate_base<unsigned char, address_space&, unsigned int, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:652:76
    #2 0x58f683d in handler_entry_read::read8(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/emu/memory.c:358
    #3 0x58f683d in address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) /home/notroot/trunk/src/emu/memory.c:1094
    #4 0x58f4b68 in address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412:64
    #5 0x3e5fc96 in m6502_device::mi_default_normal::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:703:9
    #6 0x3e72eeb in m6502_device::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.h:207:34
    #7 0x3e72eeb in m6502_device::bit_aba_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:1138
    #8 0x3f1355e in m6502_device::do_exec_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:10648:13
    #9 0x3e5dd45 in m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:413:3
    #10 0x3e5dd45 in non-virtual thunk to m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:415
    #11 0x59614ea in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15
    #12 0x59614ea in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
    #13 0x5883278 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:388:5
    #14 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #15 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #16 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #17 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #18 0xe3373c in _start (/home/notroot/trunk/mess64d+0xe3373c)

0x6290000adea9 is located 15529 bytes inside of 16544-byte region [0x6290000aa200,0x6290000ae2a0)
freed by thread T0 here:
    #0 0xe15e4b in free /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:30:3
    #1 0x5c10dca in free_zip_file(zip_file*) /home/notroot/trunk/src/lib/util/unzip.c:399:3
    #2 0x5c10dca in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:206
    #3 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #4 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #5 0x576e7ea in emu_file::open(char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9
    #6 0x576e7ea in emu_file::open(char const*, char const*, char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321
    #7 0x5948ca0 in common_process_file(emu_options&, char const*, bool, unsigned int, rom_entry const*, emu_file**) /home/notroot/trunk/src/emu/romload.c:113:12
    #8 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/diimage.c:827:15
    #9 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125
    #10 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334
    #11 0x56e1b16 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1275:16
    #12 0x56e08d4 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:893:15
    #13 0x56e2bb2 in device_image_interface::load(char const*) /home/notroot/trunk/src/emu/diimage.c:1004:9
    #14 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18
    #15 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2
    #16 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2
    #17 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3
    #18 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #19 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #20 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #21 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

previously allocated by thread T0 here:
    #0 0xe160cb in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x5c10cdf in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:152:23
    #2 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #3 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #4 0x576e7ea in emu_file::open(char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9
    #5 0x576e7ea in emu_file::open(char const*, char const*, char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321
    #6 0x5948ca0 in common_process_file(emu_options&, char const*, bool, unsigned int, rom_entry const*, emu_file**) /home/notroot/trunk/src/emu/romload.c:113:12
    #7 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/diimage.c:827:15
    #8 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125
    #9 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334
    #10 0x56e1b16 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1275:16
    #11 0x56e08d4 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:893:15
    #12 0x56e2bb2 in device_image_interface::load(char const*) /home/notroot/trunk/src/emu/diimage.c:1004:9
    #13 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18
    #14 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2
    #15 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2
    #16 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3
    #17 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #18 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #19 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #20 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

Happens without -debug. I am also getting heap-use-after-free with ramsize 32768 with or without a floppy. 16384 without floppy is fine.