02770: aceattac: Interger Overflow

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
02770	Crash/Freeze	Critical (emulator)	Always	Dec 25, 2008, 03:50	Dec 26, 2008, 06:37

Tester	Tafoid	View Status	Public	Platform
Assigned To	aaron	Resolution	Fixed	OS
Status [?]	Resolved			Driver	sega/segas16b.cpp
Version	0.128u7	Fixed in Version	0.129	Build
		Fixed in Git Commit		Github Pull Request #

Summary	02770: aceattac: Interger Overflow
Description	Program received signal SIGFPE, Arithmetic exception. 0x00a51d7a in cpu_clocks_to_attotime (device=0xa141f7c, clocks=18446744073709551615) at src/emu/eigccx86.h:286 286 __asm__ ( (gdb) bt full #0 0x00a51d7a in cpu_clocks_to_attotime (device=0xa141f7c, clocks=18446744073709551615) at src/emu/eigccx86.h:286 remainder = 10813608 quotient = 303443928 classdata = (cpu_class_data ) 0x121617a8 #1 0x00a51d7a in cpu_clocks_to_attotime (device=0xa141f7c, clocks=726240057349898240) at src/emu/eigccx86.h:286 remainder = 11051116 quotient = 3182997456 classdata = (cpu_class_data ) 0x0 #2 0x00a51d7a in cpu_clocks_to_attotime (device=0xa0f1efc, clocks=10430) at src/emu/eigccx86.h:286 remainder = 0 quotient = 4294967295 classdata = (cpu_class_data ) 0x121617a8 #3 0x00a51d7a in cpu_clocks_to_attotime (device=0xa0f1efc, clocks=44800000000000) at src/emu/eigccx86.h:286 remainder = 11050208 quotient = 168763132 classdata = (cpu_class_data ) 0x22fa20 #4 0x00a51d7a in cpu_clocks_to_attotime (device=0xa8ce24, clocks=724832132712823328) at src/emu/eigccx86.h:286 remainder = 13448728 quotient = 169091013 classdata = (cpu_class_data ) 0x4003 #5 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=157014392204951640) at src/emu/eigccx86.h:286 remainder = 10818913 quotient = 10824122 classdata = (cpu_class_data ) 0xa161f6c #6 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=168763132) at src/emu/eigccx86.h:286 remainder = 0 quotient = 0 classdata = (cpu_class_data ) 0x0 #7 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=377993679825) at src/emu/eigccx86.h:286 remainder = 7991366 quotient = 8192255 classdata = (cpu_class_data ) 0xa141f7c #8 0x00a51d7a in cpu_clocks_to_attotime (device=0xff, clocks=1303281914602594172) at src/emu/eigccx86.h:286 remainder = 7991307 quotient = 0 classdata = (cpu_class_data ) 0x119c1750 #9 0x00a51d7a in cpu_clocks_to_attotime (device=0x27802b0, clocks=1095385423612) at src/emu/eigccx86.h:286 remainder = 10823106 quotient = 255 classdata = (cpu_class_data ) 0xa151f7b #10 0x00a51d7a in cpu_clocks_to_attotime (device=0x167fe3, clocks=70821678679664) at src/emu/eigccx86.h:286 remainder = 2292684 quotient = 295442256 classdata = (cpu_class_data ) 0x840b34 #11 0x00a51d7a in cpu_clocks_to_attotime (device=0x2cffc6, clocks=6333062717380432) at src/emu/eigccx86.h:286 remainder = 65535 quotient = 17 classdata = (cpu_class_data ) 0xa0f1efc #12 0x00a51d7a in cpu_clocks_to_attotime (device=0x202cffc6, clocks=12666125139582336) at src/emu/eigccx86.h:286 remainder = 0 quotient = 537083 classdata = (cpu_class_data ) 0xeda2afd0 #13 0x00a51d7a in cpu_clocks_to_attotime (device=0x202cffc4, clocks=12666125139318608) at src/emu/eigccx86.h:286 remainder = 65535 quotient = 255 classdata = (cpu_class_data ) 0x11 #14 0x00a51d7a in cpu_clocks_to_attotime (device=0x202cffc4, clocks=2318509134353012560) at src/emu/eigccx86.h:286 remainder = 10855778 quotient = 303437232 classdata = (cpu_class_data ) 0xffffffff #15 0x00a51d7a in cpu_clocks_to_attotime (device=0xf00ff, clocks=2318509125763077968) at src/emu/eigccx86.h:286 remainder = 17 quotient = 3986862032 classdata = (cpu_class_data ) 0x239c1f7c #16 0x00a51d7a in cpu_clocks_to_attotime (device=0xf00ff, clocks=17123442041701539708) at src/emu/eigccx86.h:286 remainder = 17767799 quotient = 539819972 classdata = (cpu_class_data ) 0x121615b0 #17 0x00a51d7a in cpu_clocks_to_attotime (device=0xf00ff, clocks=1039550848764) at src/emu/eigccx86.h:286 remainder = 17767712 quotient = 983295 classdata = (cpu_class_data ) 0x121615b0 #18 0x00a51d7a in cpu_clocks_to_attotime (device=0x4, clocks=481331779408) at src/emu/eigccx86.h:286 remainder = 17821107 quotient = 983295 classdata = (cpu_class_data ) 0x121615b0 #19 0x00a51d7a in cpu_clocks_to_attotime (device=0x12, clocks=4223220170757552) at src/emu/eigccx86.h:286 remainder = 28 quotient = 983040 classdata = (cpu_class_data ) 0xa141f7c #20 0x00a51d7a in cpu_clocks_to_attotime (device=0x12, clocks=4222124819750780) at src/emu/eigccx86.h:286 remainder = 28 quotient = 9116 classdata = (cpu_class_data ) 0x12 #21 0x00a51d7a in cpu_clocks_to_attotime (device=0x40a, clocks=77612848560) at src/emu/eigccx86.h:286 remainder = 18096719 quotient = 18 classdata = (cpu_class_data ) 0x121615b0 #22 0x00a51d7a in cpu_clocks_to_attotime (device=0x5a1b, clocks=86255829188863) at src/emu/eigccx86.h:286 remainder = 13436476 quotient = 1034 classdata = (cpu_class_data ) 0x121615b0 #23 0x00a51d7a in cpu_clocks_to_attotime (device=0x5a1b, clocks=44800000000000) at src/emu/eigccx86.h:286 remainder = 0 quotient = 303437232 classdata = (cpu_class_data ) 0xbdb8afd0 #24 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=6710886400303503272) at src/emu/eigccx86.h:286 remainder = 8391 quotient = 1937006964 classdata = (cpu_class_data ) 0x0 #25 0x00a51d7a in cpu_clocks_to_attotime (device=0x68a1f08, clocks=109780568) at src/emu/eigccx86.h:286 remainder = 0 quotient = 30844336 classdata = (cpu_class_data ) 0x0 #26 0x00a51d7a in cpu_clocks_to_attotime (device=0x6841ff4, clocks=36385186) at src/emu/eigccx86.h:286 remainder = 0 quotient = 109322236 classdata = (cpu_class_data ) 0x0 #27 0x00a51d7a in cpu_clocks_to_attotime (device=0x6841ff4, clocks=4294967295) at src/emu/eigccx86.h:286 remainder = 10401835 quotient = 109322228 classdata = (cpu_class_data ) 0x3 #28 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=469535393985855491) at src/emu/eigccx86.h:286 remainder = 60 quotient = 2013314410 classdata = (cpu_class_data ) 0x22ffe0 #29 0x00a51d7a in cpu_clocks_to_attotime (device=0x9, clocks=18034511843622832) at src/emu/eigccx86.h:286 remainder = 108602624 quotient = 37867520 classdata = (cpu_class_data ) 0x6792a88 #30 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=162639760089229960) at src/emu/eigccx86.h:286 remainder = 0 quotient = 0 classdata = (cpu_class_data ) 0x22ffa8 #31 0x00a51d7a in cpu_clocks_to_attotime (device=0x0, clocks=38654705665) at src/emu/eigccx86.h:286 remainder = 2086242773 quotient = 0 classdata = (cpu_class_data ) 0x0
Steps To Reproduce
Additional Information
Github Commit

Flags
Regression Version	0.128u6
Affected Sets / Systems	aceattac

Attached Files

No.03394 Firewave Senior Tester Dec 25, 2008, 13:56	I can confirm this issue and my backtrace looks more useful: Program received signal SIGFPE, Arithmetic exception. 0x009daf9b in cpu_clocks_to_attotime (device=0xad81f7c, clocks=18446744073709551615) at src/emu/eigccx86.h:286 286 __asm__ ( (gdb) bt full #0 0x009daf9b in cpu_clocks_to_attotime (device=0xad81f7c, clocks=18446744073709551615) at src/emu/eigccx86.h:286 remainder = 547514 quotient = 329527256 classdata = (cpu_class_data ) 0x13a417a8 #1 0x009db100 in cpu_get_local_time (device=0xad81f7c) at src/emu/cpuexec.c:899 cycles = -1 classdata = (cpu_class_data ) 0x13a417a8 result = {seconds = 0, attoseconds = 44800000000000} #2 0x009db315 in cpuexec_override_local_time (machine=0xad31efc, default_time={seconds = 0, attoseconds = 44800000000000}) at src/emu/cpuexec.c:915 No locals. #3 0x009f639c in get_current_time (machine=0xad31efc) at src/emu/timer.c:141 global = (timer_private ) 0xb2a15b8 #4 0x009f6219 in _timer_alloc_common (machine=0xad31efc, callback=0x9fb712 <latch_callback>, ptr=0x0, file=0x21d94d1 "src/emu/audio/generic.c", line=88, func=0x21d94c2 "latch_callback", temp=1) at src/emu/timer.c:609 time = {seconds = 2291928, attoseconds = 70381811015548} timer = (emu_timer ) 0x21dae30 #5 0x009f6a76 in _timer_set_internal (machine=0xad31efc, duration= {seconds = 0, attoseconds = 0}, ptr=0x0, param=65280, callback=0x9fb712 <latch_callback>, file=0x21d94d1 "src/emu/audio/generic.c", line=88, func=0x21d94c2 "latch_callback") at src/emu/timer.c:783 timer = (emu_timer ) 0x9da799 #6 0x009fb811 in latch_w (space=0x133f1750, which=0, value=255) at src/emu/audio/generic.c:88 No locals. #7 0x009fb7a8 in soundlatch_w (space=0x133f1750, offset=0, data=255 ' ') at src/emu/audio/generic.c:118 No locals. #8 0x007477ee in sound_w (machine=0xad31efc, data=255 ' ') at src/mame/drivers/segas16b.c:1043 space = (const address_space ) 0x133f1750 #9 0x007820c7 in memory_mapper_w (space=0x133f1750, chip=0x267d2a0, offset=3, data=255 ' ') at src/mame/machine/segaic16.c:226 oldval = 117 'u' #10 0x0078279f in segaic16_memory_mapper_lsb_w (space=0x133f1750, offset=1474531, data=255, mem_mask=65535) at src/mame/machine/segaic16.c:415 No locals. #11 0x009b4de3 in write_word_generic (space=0x133f1750, byteaddress=2949062, data=255, mem_mask=65535) at src/emu/memory.c:554 handler = (const handler_data ) 0x13431d80 byteoffset = 2949062 entry = 72 #12 0x009b6e04 in memory_write_word_16be (space=0x133f1750, address=539819974, data=255) at src/emu/memory.c:3996 No locals. #13 0x009b6f12 in memory_write_dword_16be (space=0x133f1750, address=539819972, data=983295) at src/emu/memory.c:4019 No locals. #14 0x01008ced in m68ki_write_32_fc (m68k=0x13a415b0, address=539819972, fc=5, value=983295) at src/emu/cpu/m68000/m68kcpu.h:878 No locals. #15 0x01008c76 in m68ki_push_32 (m68k=0x13a415b0, value=983295) at src/emu/cpu/m68000/m68kcpu.h:1091 No locals. #16 0x01008c2a in m68ki_stack_frame_3word (m68k=0x13a415b0, pc=983295, sr=18) at src/emu/cpu/m68000/m68kcpu.h:1277 No locals. #17 0x01008bd8 in m68ki_stack_frame_0000 (m68k=0x13a415b0, pc=983295, sr=18, vector=28) at src/emu/cpu/m68000/m68kcpu.h:1289 No locals. #18 0x01015b0b in m68ki_exception_interrupt (m68k=0x13a415b0, int_level=4) at src/emu/cpu/m68000/m68kcpu.h:1707 vector = 28 sr = 18 new_pc = 9116 #19 0x010159cd in m68ki_check_interrupts (m68k=0x13a415b0) at src/emu/cpu/m68000/m68kcpu.h:1732 No locals. #20 0x01015863 in m68ki_set_sr (m68k=0x13a415b0, value=18) at src/emu/cpu/m68000/m68kcpu.h:1253 No locals. #21 0x0105743c in m68k_op_rte_32 (m68k=0x13a415b0) at obj/windows/mameu43d/emu/cpu/m68000/m68kops.c:27139 new_sr = 18 new_pc = 983295 format_word = 20083 #22 0x00c29cb1 in cpu_execute_m68k (device=0xad81f7c, cycles=23067) at src/emu/cpu/m68000/m68kcpu.c:484 m68k = (m68ki_cpu_core ) 0x13a415b0 #23 0x009d9e71 in cpu_execute (device=0xad81f7c, cycles=23067) at src/emu/cpuintrf.h:557 classheader = (cpu_class_header ) 0x13a42fd8 #24 0x009d95a7 in cpuexec_timeslice (machine=0xad31efc) at src/emu/cpuexec.c:276 delta = {seconds = 0, attoseconds = 2306757907099600} classdata = (cpu_class_data ) 0x13a417a8 call_debugger = 0 global = (cpuexec_private ) 0x13661efc target = {seconds = 0, attoseconds = 2351557907099600} base = {seconds = 0, attoseconds = 44800000000000} cpu = (const device_config ) 0xad81f7c ran = 230 #25 0x009c765d in mame_execute (options=0x8041e58) at src/emu/mame.c:360 settingsloaded = 0 driver = (const game_driver ) 0x1c66170 machine = (running_machine ) 0xad31efc mame = (mame_private ) 0xad41f68 cb = (callback_item ) 0x8041e58 gamename = (astring ) 0xad31f00 exit_pending = 0 error = 0 firstgame = 0 firstrun = 0 #26 0x00bdb66c in cli_execute (argc=5, argv=0x7fb1fec, osd_options=0x21ae990) at src/emu/clifront.c:171 options = (core_options ) 0x8041e58 gamename = (astring ) 0x8021f00 exename = (astring ) 0x8031f00 gamename_option = 0x8071f08 "aceattac" driver = (const game_driver ) 0x1c66170 result = -1 #27 0x009618b8 in utf8_main (argc=5, argv=0x7fb1fec) at src/osd/windows/winmain.c:257 ext = 0x28e86b8 ".map" #28 0x0123f599 in main (argc=5, a_argv=0x6452898) at src/osd/windows/main.c:72 i = 5 rc = 2293624 utf8_argv = (char ) 0x7fb1fec argv = (TCHAR ) 0x6452908 wenviron = (WCHAR *) 0x6455110 startupinfo = -1

No.03394

Firewave

Senior Tester

Dec 25, 2008, 13:56

I can confirm this issue and my backtrace looks more useful:

Program received signal SIGFPE, Arithmetic exception.
0x009daf9b in cpu_clocks_to_attotime (device=0xad81f7c,
    clocks=18446744073709551615) at src/emu/eigccx86.h:286
286             __asm__ (
(gdb) bt full
#0  0x009daf9b in cpu_clocks_to_attotime (device=0xad81f7c,
    clocks=18446744073709551615) at src/emu/eigccx86.h:286
        remainder = 547514
        quotient = 329527256
        classdata = (cpu_class_data *) 0x13a417a8
#1  0x009db100 in cpu_get_local_time (device=0xad81f7c)
    at src/emu/cpuexec.c:899
        cycles = -1
        classdata = (cpu_class_data *) 0x13a417a8
        result = {seconds = 0, attoseconds = 44800000000000}
#2  0x009db315 in cpuexec_override_local_time (machine=0xad31efc,
    default_time={seconds = 0, attoseconds = 44800000000000})
    at src/emu/cpuexec.c:915
No locals.
#3  0x009f639c in get_current_time (machine=0xad31efc) at src/emu/timer.c:141
        global = (timer_private *) 0xb2a15b8
#4  0x009f6219 in _timer_alloc_common (machine=0xad31efc,
    callback=0x9fb712 <latch_callback>, ptr=0x0,
    file=0x21d94d1 "src/emu/audio/generic.c", line=88,
    func=0x21d94c2 "latch_callback", temp=1) at src/emu/timer.c:609
        time = {seconds = 2291928, attoseconds = 70381811015548}
        timer = (emu_timer *) 0x21dae30
#5  0x009f6a76 in _timer_set_internal (machine=0xad31efc, duration=
      {seconds = 0, attoseconds = 0}, ptr=0x0, param=65280,
    callback=0x9fb712 <latch_callback>,
    file=0x21d94d1 "src/emu/audio/generic.c", line=88,
    func=0x21d94c2 "latch_callback") at src/emu/timer.c:783
        timer = (emu_timer *) 0x9da799
#6  0x009fb811 in latch_w (space=0x133f1750, which=0, value=255)
    at src/emu/audio/generic.c:88
No locals.
#7  0x009fb7a8 in soundlatch_w (space=0x133f1750, offset=0, data=255 ' ')
    at src/emu/audio/generic.c:118
No locals.
#8  0x007477ee in sound_w (machine=0xad31efc, data=255 ' ')
    at src/mame/drivers/segas16b.c:1043
        space = (const address_space *) 0x133f1750
#9  0x007820c7 in memory_mapper_w (space=0x133f1750, chip=0x267d2a0,
    offset=3, data=255 ' ') at src/mame/machine/segaic16.c:226
        oldval = 117 'u'
#10 0x0078279f in segaic16_memory_mapper_lsb_w (space=0x133f1750,
    offset=1474531, data=255, mem_mask=65535)
    at src/mame/machine/segaic16.c:415
No locals.
#11 0x009b4de3 in write_word_generic (space=0x133f1750, byteaddress=2949062,
    data=255, mem_mask=65535) at src/emu/memory.c:554
        handler = (const handler_data *) 0x13431d80
        byteoffset = 2949062
        entry = 72
#12 0x009b6e04 in memory_write_word_16be (space=0x133f1750,
    address=539819974, data=255) at src/emu/memory.c:3996
No locals.
#13 0x009b6f12 in memory_write_dword_16be (space=0x133f1750,
    address=539819972, data=983295) at src/emu/memory.c:4019
No locals.
#14 0x01008ced in m68ki_write_32_fc (m68k=0x13a415b0, address=539819972,
    fc=5, value=983295) at src/emu/cpu/m68000/m68kcpu.h:878
No locals.
#15 0x01008c76 in m68ki_push_32 (m68k=0x13a415b0, value=983295)
    at src/emu/cpu/m68000/m68kcpu.h:1091
No locals.
#16 0x01008c2a in m68ki_stack_frame_3word (m68k=0x13a415b0, pc=983295, sr=18)
    at src/emu/cpu/m68000/m68kcpu.h:1277
No locals.
#17 0x01008bd8 in m68ki_stack_frame_0000 (m68k=0x13a415b0, pc=983295, sr=18,
    vector=28) at src/emu/cpu/m68000/m68kcpu.h:1289
No locals.
#18 0x01015b0b in m68ki_exception_interrupt (m68k=0x13a415b0, int_level=4)
    at src/emu/cpu/m68000/m68kcpu.h:1707
        vector = 28
        sr = 18
        new_pc = 9116
#19 0x010159cd in m68ki_check_interrupts (m68k=0x13a415b0)
    at src/emu/cpu/m68000/m68kcpu.h:1732
No locals.
#20 0x01015863 in m68ki_set_sr (m68k=0x13a415b0, value=18)
    at src/emu/cpu/m68000/m68kcpu.h:1253
No locals.
#21 0x0105743c in m68k_op_rte_32 (m68k=0x13a415b0)
    at obj/windows/mameu43d/emu/cpu/m68000/m68kops.c:27139
        new_sr = 18
        new_pc = 983295
        format_word = 20083
#22 0x00c29cb1 in cpu_execute_m68k (device=0xad81f7c, cycles=23067)
    at src/emu/cpu/m68000/m68kcpu.c:484
        m68k = (m68ki_cpu_core *) 0x13a415b0
#23 0x009d9e71 in cpu_execute (device=0xad81f7c, cycles=23067)
    at src/emu/cpuintrf.h:557
        classheader = (cpu_class_header *) 0x13a42fd8
#24 0x009d95a7 in cpuexec_timeslice (machine=0xad31efc)
    at src/emu/cpuexec.c:276
        delta = {seconds = 0, attoseconds = 2306757907099600}
        classdata = (cpu_class_data *) 0x13a417a8
        call_debugger = 0
        global = (cpuexec_private *) 0x13661efc
        target = {seconds = 0, attoseconds = 2351557907099600}
        base = {seconds = 0, attoseconds = 44800000000000}
        cpu = (const device_config *) 0xad81f7c
        ran = 230
#25 0x009c765d in mame_execute (options=0x8041e58) at src/emu/mame.c:360
        settingsloaded = 0
        driver = (const game_driver *) 0x1c66170
        machine = (running_machine *) 0xad31efc
        mame = (mame_private *) 0xad41f68
        cb = (callback_item *) 0x8041e58
        gamename = (astring *) 0xad31f00
        exit_pending = 0
        error = 0
        firstgame = 0
        firstrun = 0
#26 0x00bdb66c in cli_execute (argc=5, argv=0x7fb1fec, osd_options=0x21ae990)
    at src/emu/clifront.c:171
        options = (core_options *) 0x8041e58
        gamename = (astring *) 0x8021f00
        exename = (astring *) 0x8031f00
        gamename_option = 0x8071f08 "aceattac"
        driver = (const game_driver *) 0x1c66170
        result = -1
#27 0x009618b8 in utf8_main (argc=5, argv=0x7fb1fec)
    at src/osd/windows/winmain.c:257
        ext = 0x28e86b8 ".map"
#28 0x0123f599 in main (argc=5, a_argv=0x6452898) at src/osd/windows/main.c:72
        i = 5
        rc = 2293624
        utf8_argv = (char **) 0x7fb1fec
        argv = (TCHAR **) 0x6452908
        wenviron = (WCHAR **) 0x6455110
        startupinfo = -1