Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
06620 Crash/Freeze Critical (emulator) Always Jul 4, 2017, 20:55 Jul 16, 2017, 01:30
Tester -Misc Reporters- View Status Public Platform
Assigned To Phil Bennett Resolution Fixed OS
Status [?] Resolved Driver itech8.cpp
Version 0.186 Fixed in Version 0.188 Build
Summary 06620: ninclown: During final boss Twisto the game can potentially crash
Description When fighting the final boss TWISTO, if you get the boss in the upper right side of the playfield and attacking him so his heads fly out, there is a good chance you'll cause an exception and the game will stop,

You can view the issue here from a Twitch Live Stream:
https://www.twitch.tv/videos/155705393 - crash happens about 1:50:00 in
Steps To Reproduce -Get to final Boss
-Try to get him to move towards the upper left corner
-Hit him with an attack which causes damage and makes his heads fly out
Additional Information I was able to confirm with my normal symbols enabled build to get a backtrace.
I've attached a save state, but you need to be running the game/have started a game for it to work.

-----------------------------------------------------
Exception at EIP=00000000009323a0 (itech8_state::perform_blit(address_space&)+0x04b0): ACCESS VIOLATION
While attempting to read memory at 0000000114e1017a
-----------------------------------------------------
RAX=0000000000000007 RBX=000000000dac5880 RCX=0000000000000000 RDX=00000000fffffffa
RSI=00000000000000f0 RDI=0000000000000010 RBP=0000000000227e80 RSP=0000000000227e00
 R8=00000000fffffffa R9=0000000000000028 R10=00000000000000f0 R11=0000000114e1017a
R12=0000000000000080 R13=0000000000000008 R14=0000000000000000 R15=000000000000000f
-----------------------------------------------------
Stack crawl:
  0000000000227e40: 00000000009323a0 (itech8_state::perform_blit(address_space&)+0x04b0)
  0000000000227f10: 0000000000932885 (itech8_state::blitter_w(address_space&, unsigned int, unsigned char, unsigned char)+0x0035)
  0000000000227f60: 0000000004be42e4 (delegate_base<void, address_space&, unsigned int, unsigned char, unsigned char>::operator()(address_space&, unsigned int,unsigned char, unsigned char) const+0x0054)
  0000000000227fd0: 00000000031c7971 (handler_entry_write::write_stub_16(address_space&, unsigned int, unsigned short, unsigned short)+0x0311)
  0000000000228020: 0000000004be43a6 (delegate_base<void, address_space&, unsigned int, unsigned short, unsigned short>::operator()(address_space&, unsigned int, unsigned short, unsigned short) const+0x0056)
  0000000000228060: 0000000004501864 (address_space_specific<unsigned short, (endianness_t)1, true>::write_native(unsigned int, unsigned short, unsigned short)+0x00a4)
  0000000000228090: 0000000004501398 (address_space_specific<unsigned short, (endianness_t)1, true>::write_word(unsigned int, unsigned short, unsigned short)+0x0018)
  00000000002280c0: 0000000002472f6f (m68000_base_device::m68000_write_byte(unsigned int, unsigned char)+0x003f)
  0000000000228120: 00000000024cc302 (m68000_base_device_ops::m68k_op_move_8_al_i(m68000_base_device*)+0x00a2)
  0000000000228220: 00000000044341c8 (m68000_base_device::cpu_execute()+0x0878)
  0000000000228250: 000000000247d1ed (m68000_base_device::execute_run()+0x000d)
  0000000000228300: 0000000003254ae7 (device_scheduler::timeslice()+0x0187)
  0000000000228400: 000000000321078a (running_machine::run(bool)+0x03aa)
  000000000022f1d0: 0000000001bf2d53 (mame_machine_manager::execute()+0x01e3)
  000000000022f490: 0000000001c4d406 (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x0416)
  000000000022f600: 0000000001c4d8b5 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0045)
  000000000022f660: 0000000001bf0e9a (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002a)
  000000000022fdb0: 0000000001b446b2 (utf8_main(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0122)
  000000000022fe50: 0000000003782f99 (wmain+0x0169)
  000000000022ff20: 0000000000401410 (__tmainCRTStartup+0x0260)
  000000000022ff50: 000000000040153b (mainCRTStartup+0x001b)
  000000000022ff80: 00000000776359cd (BaseThreadInitThunk+0x000d)
  000000000022ffd0: 000000007786a561 (RtlUserThreadStart+0x0021)
Flags
Regression Version
Affected Sets / Systems ninclown
Attached Files
zip file icon r.zip (236,802 bytes) Jul 4, 2017, 21:03 Uploaded by Tafoid
Save State "r", ninclown (From 0.187)
Relationships
There are no relationsihp linked to this issue.
Notes
1
User avatar
No.13979
Phil Bennett
Developer
Jul 16, 2017, 01:30
The blitter code was writing outside the limits of the VRAM.

https://github.com/mamedev/mame/commit/b91d1825d141b1f075e822fc981826710b11e8e8