Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
03659 Crash/Freeze Critical (emulator) Always Jan 12, 2010, 08:32 Dec 22, 2014, 20:32
Tester Firewave View Status Public Platform MAME (Official Binary)
Assigned To Osso Resolution Fixed OS
Status [?] Resolved Driver atarisy2.cpp
Version 0.136 Fixed in Version 0.157 Build Normal
Fixed in Git Commit Github Pull Request #
Summary 03659: All Sets in atarisy2.c: Crashes when loading autosave with "-str 2"
Description Run apb or one of its clones with

-autosave -str 2

to create a autosave state. After it finished run it again and it will crash:
While attempting to read memory at 00004000
EAX=00006000 EBX=00000002 ECX=00000800 EDX=00000000
ESI=00004000 EDI=00000000 EBP=0022FCF8 ESP=0022FCF0

Other sets in the driver either crash, or when you run the second -str 2-autosave - the game loads up but drops out way before the 2 seconds would have counted.
Steps To Reproduce
Additional Information
Github Commit
Regression Version > 0.135u3
Affected Sets / Systems All Sets in atarisy2.c
Attached Files
jpg file icon apb_debugger_indo.jpg (76,386 bytes) May 10, 2010, 14:04
There are no relationship linked to this issue.
User avatar
Jan 12, 2010, 14:20
Added some observations of other games in the driver and changed affected to entire driver.
User avatar
Senior Tester
May 10, 2010, 14:04
got a backtrace in Visual Studio 2010:

>	vmamevs10d.exe!update_bank(_atarigen_state * state=0x002e44b0, int bank=2)  Line 479 + 0x27 bytes	C++
 	vmamevs10d.exe!slapstic_postload(running_machine * machine=0x0023faa0, void * param=0x00000000)  Line 490 + 0xf bytes	C++
 	vmamevs10d.exe!state_save_read_file(running_machine * machine=0x0023faa0, _mame_file * file=0x09160588)  Line 596 + 0x15 bytes	C++
 	vmamevs10d.exe!handle_load(running_machine * machine=0x0023faa0)  Line 1641 + 0xd bytes	C++
 	vmamevs10d.exe!mame_execute(_core_options * options=0x07dc34a8)  Line 328 + 0xe bytes	C++
 	vmamevs10d.exe!cli_execute(int argc=9, char * * argv=0x07dc3448, const _options_entry * osd_options=0x035240b0)  Line 177 + 0x9 bytes	C++
 	vmamevs10d.exe!utf8_main(int argc=9, char * * argv=0x07dc3448)  Line 318 + 0x12 bytes	C++
 	vmamevs10d.exe!wmain(int argc=9, wchar_t * * argv=0x07dc36b0)  Line 82 + 0xd bytes	C++
 	vmamevs10d.exe!__tmainCRTStartup()  Line 278 + 0x19 bytes	C
 	vmamevs10d.exe!wmainCRTStartup()  Line 189	C

Code at fault looks like this:

memcpy(state->slapstic, &state->slapstic[bank * 0x1000], 0x2000);

The problem is, that state->slapstic is NULL. I also added an image showing all the values of state since a few other pointers are also NULL.
User avatar
Senior Tester
Jul 22, 2013, 10:20
edited on: Aug 7, 2014, 18:48
==27382==ERROR: AddressSanitizer: SEGV on unknown address 0x000000004000 (pc 0x000001e53d30 sp 0x7fff32ce65a8 bp 0x7fff32ce6df0 T0)
AddressSanitizer can not provide additional info.
    #0 0x1e53d2f in _ZN11__sanitizer15internal_memcpyEPvPKvm ??:?
    #1 0x1e48efe in __interceptor_memcpy ??:?
    #2 0x31fbe19 in _ZN14atarigen_state20slapstic_update_bankEi /home/notroot/trunk/src/mame/machine/atarigen.c:701
    #3 0x31e8e8e in _ZN14atarigen_state16device_post_loadEv /home/notroot/trunk/src/mame/machine/atarigen.c:711
    #4 0x2526977 in _ZN14atarisy2_state16device_post_loadEv /home/notroot/trunk/src/mame/drivers/atarisy2.c:321
    #5 0x17349a60 in _ZN8device_t9post_loadEv /home/notroot/trunk/src/emu/device.c:527
    #6 0x17939be0 in _ZN15running_machine20postload_all_devicesEv /home/notroot/trunk/src/emu/machine.c:1192
    #7 0xa4b3c10 in _ZNK13delegate_baseIv8_noparamS0_S0_S0_S0_EclEv /home/notroot/trunk/src/emu/delegate.h:539
    #8 0x17d819b7 in _ZN12save_manager9read_fileER8emu_file /home/notroot/trunk/src/emu/save.c:289
    #9 0x1793eadf in _ZN15running_machine15handle_saveloadEv /home/notroot/trunk/src/emu/machine.c:927
    #10 0x1793c66e in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:420
    #11 0x17927f11 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
    #12 0x172a5a56 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
    #13 0x10602751 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
    #14 0x7f417e45eea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #15 0x1e5a56c in _start ??:?
User avatar
Dec 22, 2014, 16:13
This doesn't seem to happen anymore with current from GIT.
User avatar
Dec 22, 2014, 20:32
Yeah, this was fixed by Haze's slapstic device conversion along with 9c9e6dafb16b692ebd7317c2d82cdc146fd5947d.

atarisy2.c uses the Slapstic to bankswitch VRAM rather than ROM; it should never have been calling the slapstic functions in atarigen.c at all.