| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 03659 | Crash/Freeze | Critical (emulator) | Always | Jan 12, 2010, 08:32 | Dec 22, 2014, 20:32 |
| Tester | Firewave | View Status | Public | Platform | MAME (Official Binary) |
| Assigned To | Osso | Resolution | Fixed | OS | |
| Status [?] | Resolved | Driver | |||
| Version | 0.136 | Fixed in Version | 0.157 | Build | Normal |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary | 03659: All Sets in atarisy2.c: Crashes when loading autosave with "-str 2" | ||||
| Description |
Run apb or one of its clones with-autosave -str 2 to create a autosave state. After it finished run it again and it will crash: ----------------------------------------------------- Exception at EIP=77BD7E23: ACCESS VIOLATION While attempting to read memory at 00004000 ----------------------------------------------------- EAX=00006000 EBX=00000002 ECX=00000800 EDX=00000000 ESI=00004000 EDI=00000000 EBP=0022FCF8 ESP=0022FCF0 Other sets in the driver either crash, or when you run the second -str 2-autosave - the game loads up but drops out way before the 2 seconds would have counted. |
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | > 0.135u3 | ||||
| Affected Sets / Systems | All Sets in atarisy2.c | ||||
|
Attached Files
|
 apb_debugger_indo.jpg (76,386 bytes) May 10, 2010, 14:04 | ||||
 No.05496
Tafoid Administrator
Jan 12, 2010, 14:20
|
Added some observations of other games in the driver and changed affected to entire driver. |
|---|---|
 No.06072
Firewave Senior Tester
May 10, 2010, 14:04
|
got a backtrace in Visual Studio 2010:> vmamevs10d.exe!update_bank(_atarigen_state * state=0x002e44b0, int bank=2) Line 479 + 0x27 bytes C++ vmamevs10d.exe!slapstic_postload(running_machine * machine=0x0023faa0, void * param=0x00000000) Line 490 + 0xf bytes C++ vmamevs10d.exe!state_save_read_file(running_machine * machine=0x0023faa0, _mame_file * file=0x09160588) Line 596 + 0x15 bytes C++ vmamevs10d.exe!handle_load(running_machine * machine=0x0023faa0) Line 1641 + 0xd bytes C++ vmamevs10d.exe!mame_execute(_core_options * options=0x07dc34a8) Line 328 + 0xe bytes C++ vmamevs10d.exe!cli_execute(int argc=9, char * * argv=0x07dc3448, const _options_entry * osd_options=0x035240b0) Line 177 + 0x9 bytes C++ vmamevs10d.exe!utf8_main(int argc=9, char * * argv=0x07dc3448) Line 318 + 0x12 bytes C++ vmamevs10d.exe!wmain(int argc=9, wchar_t * * argv=0x07dc36b0) Line 82 + 0xd bytes C++ vmamevs10d.exe!__tmainCRTStartup() Line 278 + 0x19 bytes C vmamevs10d.exe!wmainCRTStartup() Line 189 C Code at fault looks like this: memcpy(state->slapstic, &state->slapstic[bank * 0x1000], 0x2000); The problem is, that state->slapstic is NULL. I also added an image showing all the values of state since a few other pointers are also NULL. |
|
No.09662
Firewave Senior Tester
Jul 22, 2013, 10:20
edited on: Aug 7, 2014, 18:48
|
==27382==ERROR: AddressSanitizer: SEGV on unknown address 0x000000004000 (pc 0x000001e53d30 sp 0x7fff32ce65a8 bp 0x7fff32ce6df0 T0)
AddressSanitizer can not provide additional info.
#0 0x1e53d2f in _ZN11__sanitizer15internal_memcpyEPvPKvm ??:?
#1 0x1e48efe in __interceptor_memcpy ??:?
#2 0x31fbe19 in _ZN14atarigen_state20slapstic_update_bankEi /home/notroot/trunk/src/mame/machine/atarigen.c:701
#3 0x31e8e8e in _ZN14atarigen_state16device_post_loadEv /home/notroot/trunk/src/mame/machine/atarigen.c:711
#4 0x2526977 in _ZN14atarisy2_state16device_post_loadEv /home/notroot/trunk/src/mame/drivers/atarisy2.c:321
#5 0x17349a60 in _ZN8device_t9post_loadEv /home/notroot/trunk/src/emu/device.c:527
#6 0x17939be0 in _ZN15running_machine20postload_all_devicesEv /home/notroot/trunk/src/emu/machine.c:1192
#7 0xa4b3c10 in _ZNK13delegate_baseIv8_noparamS0_S0_S0_S0_EclEv /home/notroot/trunk/src/emu/delegate.h:539
#8 0x17d819b7 in _ZN12save_manager9read_fileER8emu_file /home/notroot/trunk/src/emu/save.c:289
#9 0x1793eadf in _ZN15running_machine15handle_saveloadEv /home/notroot/trunk/src/emu/machine.c:927
#10 0x1793c66e in _ZN15running_machine3runEb /home/notroot/trunk/src/emu/machine.c:420
#11 0x17927f11 in _Z12mame_executeR11emu_optionsR13osd_interface /home/notroot/trunk/src/emu/mame.c:190
#12 0x172a5a56 in _ZN12cli_frontend7executeEiPPc /home/notroot/trunk/src/emu/clifront.c:255
#13 0x10602751 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:378
#14 0x7f417e45eea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#15 0x1e5a56c in _start ??:?
==27382==ABORTING
|
|
No.11315
Osso Moderator
Dec 22, 2014, 16:13
|
This doesn't seem to happen anymore with current from GIT. |
|
No.11316
AWJ Developer
Dec 22, 2014, 20:32
|
Yeah, this was fixed by Haze's slapstic device conversion along with 9c9e6dafb16b692ebd7317c2d82cdc146fd5947d. atarisy2.c uses the Slapstic to bankswitch VRAM rather than ROM; it should never have been calling the slapstic functions in atarigen.c at all. |