Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05669 Crash/Freeze Critical (emulator) Always Aug 11, 2014, 19:01 Oct 16, 2015, 08:04
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To Resolution Open OS Linux
Status [?] Acknowledged Driver megadriv.cpp
Version 0.154 Fixed in Version Build Debug
Summary MESS-specific 05669: megadrij [688atsub]: Crash loading save state
Description
Program received signal SIGSEGV, Segmentation fault.
0x0000000004a13fa9 in z80_device::op_dd (this=0x62600008d100)
    at src/emu/cpu/z80/z80.c:3094
3094 OP(op,dd) { m_r++; EXEC(dd,rop()); } /* **** DD xx */
(gdb) bt
#0 0x0000000004a13fa9 in z80_device::op_dd (this=0x62600008d100)
    at src/emu/cpu/z80/z80.c:3094
#1 0x0000000004a2042a in dd_00 (this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
    this=<optimized out>, this=<optimized out>, this=<optimized out>,
---Type <return> to continue, or q <return> to quit---

Looks very much like a stack overflow. Happens running it with "-str 2 -autosave" twice.
Steps To Reproduce
Additional Information
Flags
Regression Version
Affected Sets / Systems megadrij [688atsub]
Attached Files
 
Relationships
related to 05667Acknowledged genesis [xinqig1]: Crash 
Notes
3
User avatar
No.10932
Tafoid
Administrator
Aug 17, 2014, 20:42
Unable to duplicate on Windows 32 or 64bit, regular or debug (through GDB)
User avatar
No.11324
Firewave
Senior Tester
Dec 25, 2014, 11:36
The problem is m_genz80.z80_prgram being uninitialized in md_base_state::megadriv_init_common().

==13576== Use of uninitialised value of size 8
==13576== at 0x229C638: z80_device::execute_run() (z80.c:3521)
==13576== by 0x229D50B: non-virtual thunk to z80_device::execute_run() (z80.c:3523)
==13576== by 0x292E9D8: device_execute_interface::run() (diexec.h:191)
==13576== by 0x292D530: device_scheduler::timeslice() (schedule.c:476)
==13576== by 0x28AB6CC: running_machine::run(bool) (machine.c:391)
==13576== by 0x28A774D: machine_manager::execute() (mame.c:216)
==13576== by 0x27A6BF5: cli_frontend::execute(int, char**) (clifront.c:244)
==13576== by 0x16AD6B8: main (sdlmain.c:343)
==13576== Uninitialised value was created by a heap allocation
==13576== at 0x5406B80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13576== by 0x2D19D04: osd_malloc_array(unsigned long) (sdlos_unix.c:108)
==13576== by 0x2AF3733: malloc_file_line(unsigned long, char const*, int, bool, bool, bool) (corealloc.c:112)
==13576== by 0x1633BAB: md_base_state::megadriv_init_common() (corealloc.h:72)
==13576== by 0x1633F18: md_base_state::init_megadrij() (megadriv.c:1074)
==13576== by 0xEFA66E: md_cons_state::init_md_jpn() (megadriv.c:448)
==13576== by 0xEFEF89: void driver_device::driver_init_wrapper<md_cons_state, &md_cons_state::init_md_jpn>(running_machine&) (driver.h:131)
==13576== by 0x2801ECB: driver_device::device_start() (driver.c:210)
==13576== by 0x27BAA83: device_t::start() (device.c:392)
==13576== by 0x28AAC4E: running_machine::start_all_devices() (machine.c:1099)
==13576== by 0x28AA090: running_machine::start() (machine.c:281)
==13576== by 0x28AB45C: running_machine::run(bool) (machine.c:345)
==13576== by 0x28A774D: machine_manager::execute() (mame.c:216)
==13576== by 0x27A6BF5: cli_frontend::execute(int, char**) (clifront.c:244)
==13576== by 0x16AD6B8: main (sdlmain.c:343)
User avatar
No.12073
kazblox
Tester
Oct 16, 2015, 08:04
This may have been fixed a long while ago, but I tried a self compile of 0.166 on Linux with GCC 5 and it doesn't seem to happen anymore.