 No.01927
Tafoid Administrator
Aug 4, 2008, 01:53
|
Confirmed crash on 32-bit. Will attempt a symbols build crash if needed later. It runs painfully slow on my CPU and it takes a while to get to crash point :) |
|---|---|
 No.01930
etabeta Developer
Aug 4, 2008, 07:55
|
it's very slow on my macbook as well... and with my disappointment, when I finally reached the crash point, it only prompted outProgram exited with code 01. and 'No stack' when I ask for a backtrace. I'm using a debug build with symbols of SDLMAME. |
|
No.01933
Firewave Senior Tester
Aug 4, 2008, 15:29
edited on: Aug 4, 2008, 17:25
|
Try to set a breakpoint at the compiler-internal exit() or abort(). It should give you a usable backtrace. |
|
No.03460
Firewave Senior Tester
Jan 2, 2009, 02:39
|
Here is a backtrace from 0.128u7:
Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2348.0x90c]
0x0066036f in TransferDspData (machine=0xad51efc)
at src/mame/drivers/namcos21.c:504
504
TransmitWordToSlave( namcos21_dspram16[addr+i] );
(gdb) bt full
#0 0x0066036f in TransferDspData (machine=0xad51efc)
at src/mame/drivers/namcos21.c:504
primWords = 11015
subAddr = 4264
len = 65535
masterAddr = 3481
i = 30089
old = 2677
code = 54966
addr = 2679
mode = 32768
#1 0x006606ec in dspram16_w (space=0x14451750, offset=2651, data=35420,
mem_mask=65535) at src/mame/drivers/namcos21.c:608
No locals.
#2 0x009b4de3 in write_word_generic (space=0x14451750, byteaddress=70838,
data=35420, mem_mask=65535) at src/emu/memory.c:554
handler = (const handler_data *) 0x14491d80
byteoffset = 5302
entry = 72
#3 0x009b6e04 in memory_write_word_16be (space=0x14451750, address=70838,
data=35420) at src/emu/memory.c:3996
No locals.
#4 0x00f88e61 in M_WRTRAM (cpustate=0x15a01724, addr=35419, data=35420)
at src/emu/cpu/tms32025/tms32025.c:349
ram = (UINT16 *) 0x0
#5 0x00f88d98 in PUTDATA (cpustate=0x15a01724, data=35420)
at src/emu/cpu/tms32025/tms32025.c:531
No locals.
#6 0x00f8b3d9 in sacl (cpustate=0x15a01724)
at src/emu/cpu/tms32025/tms32025.c:1342
No locals.
#7 0x00f8d446 in cpu_execute_tms32025 (device=0xae01f77, cycles=2000)
at src/emu/cpu/tms32025/tms32025.c:2010
cpustate = (tms32025_state *) 0x15a01724
#8 0x009d9e71 in cpu_execute (device=0xae01f77, cycles=2000)
at src/emu/cpuintrf.h:557
classheader = (cpu_class_header *) 0x15a03fd8
#9 0x009d95a7 in cpuexec_timeslice (machine=0xad51efc)
at src/emu/cpuexec.c:276
delta = {seconds = 0, attoseconds = 83333333333000}
classdata = (cpu_class_data *) 0x15a027a8
call_debugger = 0
global = (cpuexec_private *) 0x15841efc
target = {seconds = 84, attoseconds = 89104123654575334}
base = {seconds = 84, attoseconds = 89020790321242334}
cpu = (const device_config *) 0xae01f77
ran = 44
#10 0x009c765d in mame_execute (options=0x8061e58) at src/emu/mame.c:360
settingsloaded = 0
driver = (const game_driver *) 0x19da9b0
machine = (running_machine *) 0xad51efc
mame = (mame_private *) 0xad61f68
cb = (callback_item *) 0x8061e58
gamename = (astring *) 0xad51f00
exit_pending = 0
error = 0
firstgame = 0
firstrun = 0
#11 0x00bdb66c in cli_execute (argc=7, argv=0x7fb1fe4, osd_options=0x21ae990)
at src/emu/clifront.c:171
options = (core_options *) 0x8061e58
gamename = (astring *) 0x8041f00
exename = (astring *) 0x8051f00
gamename_option = 0x8091f08 "solvalou"
driver = (const game_driver *) 0x19da9b0
result = -1
#12 0x009618b8 in utf8_main (argc=7, argv=0x7fb1fe4)
at src/osd/windows/winmain.c:257
ext = 0x28e86b8 ".map"
#13 0x0123f599 in main (argc=7, a_argv=0x64527f0) at src/osd/windows/main.c:72
i = 7
rc = 2293624
utf8_argv = (char **) 0x7fb1fe4
argv = (TCHAR **) 0x64528f0
wenviron = (WCHAR **) 0x64550e8
startupinfo = -1
|
 No.07009
hap Developer
Jan 5, 2011, 00:42
|
Ok, reason is simple, namcos21.c has many, many cases that can cause an array to be accessed out of bounds. Adding (hacking) masks everywhere (eg. value = array[offset & arraysize-1]) would fix this crash, but since it's an unexpected overflow, the game would probably mess up at that point anyway. This driver could really use a cleanup/update, too bad that Stroff isn't active lately. |
|
No.07010
Haze Senior Tester
Jan 5, 2011, 14:32
|
Most of the Namco stuff could do with a cleanup/update to be honest, and I doubt Stoff would be your man for doing that. He was very, very good at figuring things out, and making them work, but yeah, his code also tended to be very dirty and unsafe in places. Not as bad as Acho-code, it was readable, and he didn't start hacking core functions, but in some places just as problematic. I'd say if you want to clean it up, or at least make it safe, then go for it. I'm sure the more recent developments plus the likes of the C++ support we have now could be used to clean up a lot of the places where he's tried to fit multiple hardware emulations into a single file with 100000 defines in order to avoid duplicating code as well. To properly convert all the Namco stuff into video devices is going to be a considerable amount of work. |
 No.08357
NekoEd Senior Tester
Mar 15, 2012, 15:08
|
I've adjusted the severity to Critical (MAME) as the game crashes MAME, not just itself. Reproduced 2012-03-15 in SDLMAME64 0.145u4, game exited partway through first level with no error indication, but definitely an abnormal exit (no closeout information is displayed, it just punts back to the shell.) |
 No.10709
haynor666 Tester
May 15, 2014, 20:57
|
in 153 mame just quits without any error reaching the same point in first level. Finally it can played at 100% on 4670k |
|
No.11347
Firewave Senior Tester
Jan 3, 2015, 20:05
|
==5217==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310004717fe at pc 0x00000324f26a bp 0x7fffc1f02600 sp 0x7fffc1f025f8
READ of size 2 at 0x6310004717fe thread T0
#0 0x324f269 in namcos21_state::transfer_dsp_data() /home/notroot/trunk/src/mame/drivers/namcos21.c:466:33
#1 0x324ff2a in namcos21_state::dspram16_w(address_space&, unsigned int, unsigned short, unsigned short) /home/notroot/trunk/src/mame/drivers/namcos21.c:567:4
#2 0x8175e1e in delegate_base<void, address_space&, unsigned int, unsigned short, unsigned short, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned short, unsigned short) const /home/notroot/trunk/src/lib/util/delegate.h:653:88
#3 0x8175e1e in handler_entry_write::write16(address_space&, unsigned int, unsigned short, unsigned short) const /home/notroot/trunk/src/emu/memory.c:421
#4 0x8175e1e in address_space_specific<unsigned short, (endianness_t)1, false>::write_native(unsigned int, unsigned short) /home/notroot/trunk/src/emu/memory.c:1142
#5 0x817503b in address_space_specific<unsigned short, (endianness_t)1, false>::write_word(unsigned int, unsigned short) /home/notroot/trunk/src/emu/memory.c:1427:72
#6 0x6efd21d in tms32025_device::M_WRTRAM(unsigned int, unsigned short) /home/notroot/trunk/src/emu/cpu/tms32025/tms32025.c:308:7
#7 0x6efd21d in tms32025_device::PUTDATA(unsigned short) /home/notroot/trunk/src/emu/cpu/tms32025/tms32025.c:485
#8 0x6eee8f4 in tms32025_device::sacl() /home/notroot/trunk/src/emu/cpu/tms32025/tms32025.c:1287:2
#9 0x6efa5b4 in tms32025_device::execute_run() /home/notroot/trunk/src/emu/cpu/tms32025/tms32025.c:2066:4
#10 0x6efb96f in non-virtual thunk to tms32025_device::execute_run() /home/notroot/trunk/src/emu/cpu/tms32025/tms32025.c:2133:1
#11 0x81f345a in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15
#12 0x81f345a in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
#13 0x8112c98 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:391:5
#14 0x810b03a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
#15 0x7f3df3e in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
#16 0x576f669 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:345:9
#17 0x7f3ebfd31ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#18 0x11479ac in _start (/home/notroot/trunk/mame64d+0x11479ac)
0x6310004717ff is located 0 bytes to the right of 69631-byte region [0x631000460800,0x6310004717ff)
allocated by thread T0 here:
#0 0x112a33b in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
#1 0x89746a8 in osd_malloc_array(unsigned long) /home/notroot/trunk/src/osd/sdl/sdlos_unix.c:108:9
#2 0x84d703a in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:112:25
#3 0x7a34c43 in operator new[](unsigned long, char const*, int) /home/notroot/trunk/src/lib/util/corealloc.h:72:125
#4 0x7a34c43 in dynamic_array<unsigned char>::expand_internal(int) /home/notroot/trunk/src/lib/util/coretmpl.h:115
#5 0x7a34c43 in dynamic_array<unsigned char>::resize(int) /home/notroot/trunk/src/lib/util/coretmpl.h:94
#6 0x7a34c43 in dynamic_array<unsigned char>::resize_and_clear(int, unsigned char) /home/notroot/trunk/src/lib/util/coretmpl.h:99
#7 0x814da2e in memory_block::memory_block(address_space&, unsigned int, unsigned int, void*) /home/notroot/trunk/src/emu/memory.c:3857:4
#8 0x8127aef in address_space::allocate_memory() /home/notroot/trunk/src/emu/memory.c:2069:25
#9 0x8124557 in memory_manager::initialize() /home/notroot/trunk/src/emu/memory.c:1544:3
#10 0x810f189 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:250:2
#11 0x81129cc in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:345:3
#12 0x810b03a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
#13 0x7f3df3e in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
#14 0x576f669 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:345:9
#15 0x7f3ebfd31ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/notroot/trunk/src/mame/drivers/namcos21.c:466 namcos21_state::transfer_dsp_data()
Shadow bytes around the buggy address:
0x0c62800862a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c62800862b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c62800862c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c62800862d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c62800862e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c62800862f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]
0x0c6280086300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c6280086310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c6280086320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c6280086330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c6280086340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
|
|
No.15252
georgc3 Tester
Jul 8, 2018, 06:59
|
As of 0.198, Kale has demoted this and Cybersled to not working. He added notes describing the issue. |
|
No.15312
Augusto Tester
Aug 5, 2018, 05:01
|
MAME 0.92 the first level is playable without crash. |
 No.20113
Robbbert Senior Tester
Apr 28, 2022, 13:37
|
Tried now and after a while it quit to the command prompt with an error. Fatal error: IDC overflow |