Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
03114 Crash/Freeze Critical (emulator) Always Apr 21, 2009, 22:45 Nov 15, 2022, 09:27
Tester MrBadAxe View Status Public Platform MAME (Official Binary)
Assigned To Resolution Open OS
Status [?] Confirmed Driver
Version 0.129 Fixed in Version Build
Fixed in Git Commit Github Pull Request #
Summary 03114: area51, area51mx: Crash at high-score screen
Description Occurs at Enter Initials screen.

If you attempt to move the lightgun cursor to the top level of letters (A-K) MAME crashes.
Steps To Reproduce * Die with a high score. On a fresh NVRAM, lowest high score is Note: 11000 points; this amount can be achieved within the first two levels.
* Once at Enter Initials screen, attempt to move cursor to top level of letters.
Additional Information cojag.c merged into jaguar.c in 0.142u2

Occurs regardless of whether controlled by keyboard or mouse.
Originally discovered in Kronn Hunter secret gameplay mode, later duplicated in normal gameplay mode.
Github Commit
Flags
Regression Version
Affected Sets / Systems area51, area51mx
Attached Files
 
Relationships
has duplicate 07394Closed  area51mx: Segmentation fault at high score entry after completing Area 51 
child of 03840Closed  area51mx: Mame quits without any error message 
Notes
7
User avatar
No.06069
Firewave
Senior Tester
May 10, 2010, 12:36
Unfortunately I didn't ran a build with a fixed stack walk, but it's very easy to reproduce.

-----------------------------------------------------
Exception at EIP=00459025 (?blitter_09800009_000020_000020@@YAXPAVrunning_machin
e@@III@Z+0x17c5): ACCESS VIOLATION
While attempting to read memory at 0CA918E2
-----------------------------------------------------
EAX=013FFBCD EBX=7EFDE000 ECX=00000000 EDX=0A292148
ESI=0012E360 EDI=0012E314 EBP=0012E314 ESP=0012DF6C
User avatar
No.06070
Firewave
Senior Tester
May 10, 2010, 12:57
Crash is happening if you move the mouse cursor into the upper right area of the screen you enter your high score at. Here's the backtrace from VS2010:

>	vmamevs10d.exe!blitter_09800009_000020_000020(running_machine * machine=0x00238d78, unsigned int command=159384073, unsigned int a1flags=16928, unsigned int a2flags=24096)  Line 343 + 0x205 bytes	C++
 	vmamevs10d.exe!blitter_run(running_machine * machine=0x00238d78)  Line 514 + 0x1d bytes	C++
 	vmamevs10d.exe!jaguar_blitter_w(const _address_space * space=0x08a38728, unsigned int offset=14, unsigned int data=159384073, unsigned int mem_mask=4294967295)  Line 614 + 0xc bytes	C++
 	vmamevs10d.exe!write_dword_generic(const _address_space * space=0x08a38728, unsigned int byteaddress=82846264, unsigned int data=159384073, unsigned int mem_mask=4294967295)  Line 716 + 0x1f bytes	C++
 	vmamevs10d.exe!memory_write_dword_32be(const _address_space * space=0x08a38728, unsigned int address=2767200824, unsigned int data=159384073)  Line 4669 + 0x13 bytes	C++
 	vmamevs10d.exe!cpu_execute_r3000(running_device * device=0x0023a6a0, int cycles=1122)  Line 858 + 0x3d bytes	C++
 	vmamevs10d.exe!cpuexec_timeslice(running_machine * machine=0x00238d78)  Line 328 + 0x17 bytes	C++
 	vmamevs10d.exe!mame_execute(_core_options * options=0x07dc34a0)  Line 320 + 0x9 bytes	C++
 	vmamevs10d.exe!cli_execute(int argc=7, char * * argv=0x07dc3448, const _options_entry * osd_options=0x035240b0)  Line 177 + 0x9 bytes	C++
 	vmamevs10d.exe!utf8_main(int argc=7, char * * argv=0x07dc3448)  Line 318 + 0x12 bytes	C++
 	vmamevs10d.exe!wmain(int argc=7, wchar_t * * argv=0x07dc36b0)  Line 82 + 0xd bytes	C++
 	vmamevs10d.exe!__tmainCRTStartup()  Line 278 + 0x19 bytes	C
 	vmamevs10d.exe!wmainCRTStartup()  Line 189	C

The line it crashes at looks like this

				dstdata = READ_PIXEL(adest, adestflags);

And the variables involved look like this:

		adest_base_mem	0x0a332148	void *
		adest_pitch	0	int
		adest_width	320	int
		adest_x	11796480	int
		adest_y	-262144	int
		COMMAND	8	int
		adestflags	32	unsigned int
User avatar
No.06071
Haze
Senior Tester
May 10, 2010, 13:07
yeah, the Jaguar blitter code is *nasty*

Kale has been looking at it a bit, and .. ouch, the way it's been programmed means it can trash over memory as much as it likes, including romspace!

Any bugs there don't surprise me.
User avatar
No.13349
Fujix
Administrator
Nov 10, 2016, 17:51
Repro in 0.179.
User avatar
No.14604
Firewave
Senior Tester
Jan 2, 2018, 19:50
I wasn't able to reproduce this in 0.193 - tried Windows and Linux.
User avatar
No.16747
NekoEd
Senior Tester
Aug 13, 2019, 00:00
This is still around in 0.212
User avatar
No.20821
Firewave
Senior Tester
Nov 15, 2022, 09:27
I wasn't able to reproduce this with 0.249 on Linux. Also no UBSAN/ASAN errors.