Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
04147 Crash/Freeze Critical (emulator) Always Dec 19, 2010, 17:57 Jan 16, 2011, 13:41
Tester Kale View Status Public Platform MAME (Self-compiled)
Assigned To AWJ Resolution Fixed OS Windows Vista/7 (32-bit)
Status [?] Resolved Driver
Version 0.140u2 Fixed in Version 0.141u1 Build Normal
Fixed in Git Commit Github Pull Request #
Summary 04147: raiden: crashes if you use -debug switch
Description Raiden randomly exits the emulation if you're under the debugger enviroment, happens pseudo-randomly if you are playing or even if the game is into attract mode. It's not necessary that the debugger is active, it happens even if it's minimized.
Steps To Reproduce
Additional Information C:\MAMES>mame raiden -debug
ep910pc-1.bin NOT FOUND (NO GOOD DUMP KNOWN)
ep910pc-2.bin NOT FOUND (NO GOOD DUMP KNOWN)
WARNING: the game might not run correctly.

Crash from 0.140u3

-----------------------------------------------------
Exception at EIP=77C42A16 (__tcf_0+0x75753cb6): ACCESS VIOLATION
While attempting to read memory at 6D650031
-----------------------------------------------------
EAX=6D650031 EBX=00000073 ECX=7FFFFFFE EDX=0022F5A8
ESI=0022F4A4 EDI=037ECD86 EBP=0022F264 ESP=0022EFF8
-----------------------------------------------------
Stack crawl:
  0022F264: 77C42A16 (wscanf+0x0750)
  0022F2A0: 77C3F962 (sprintf+0x0031)
  0022F2D0: 01E8FE45 (handle_param(char*, unsigned int)+0x05a9)
  0022F310: 01E9181D (decode_opcode(char*, I386_OPCODE const*, unsigned char)+0x022e)
  0022F350: 01E9163F (decode_opcode(char*, I386_OPCODE const*, unsigned char)+0x0050)
  0022F380: 01E9195E (necv_dasm_one(char*, unsigned int, unsigned char const*, _nec_config const*)+0x009a)
  0022F3A0: 015FC1E8 (cpu_disassemble_nec(legacy_cpu_device*, char*, unsigned in t, unsigned char const*, unsigned char const*, int)+0x0027)
  0022F3E0: 01E0CFBB (legacy_cpu_device::disasm_disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int)+0x0047)
  0022F410: 024417F3 (device_disasm_interface::disassemble(char*, unsigned int, unsigned char const*, unsigned char const*, unsigned int)+0x003b)
  0022F650: 01E0709D (debug_view_disasm::recompute(unsigned int, int, int)+0x0711)
  0022F6D0: 01E076C2 (debug_view_disasm::view_update()+0x033a)
  0022F760: 01DDA51A (debug_view::end_update()+0x0196)
  0022F780: 020623A7 (debug_view::force_update()+0x0023)
  0022F7B0: 01DDB292 (debug_view_manager::update_all(debug_view_type)+0x0042)
  0022F870: 01DB5768 (device_debug::start_hook(_attotime)+0x02d2)
  0022F8B0: 01BDB812 (debugger_start_cpu_hook(device_t*, _attotime)+0x0060)
  0022FA10: 01BDBEC5 (device_scheduler::timeslice()+0x0627)
  0022FAD0: 01AE6ED1 (running_machine::run(bool)+0x0227)
  0022FC10: 01B5896F (mame_execute(osd_interface&, _core_options*)+0x0467)
  0022FD80: 01DF31FA (cli_execute(int, char**, osd_interface&, _options_entry const*)+0x031a)
  0022FF00: 0130C6FB (utf8_main(int, char**)+0x0177)
  0022FF30: 02021A0E (wmain+0x008a)
  0022FFC0: 004013D1 (__tmainCRTStartup+0x0241)
  0022FFF0: 7C817077 (RegisterWaitForInputIdle+0x0049)
Github Commit
Flags
Regression Version 0.137u2
Affected Sets / Systems raiden
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
6
User avatar
No.06947
Tafoid
Administrator
Dec 19, 2010, 20:33
First seems to crash in 0.137u2 and I have a suspected cause:

 r8735

i386/NEC disassembler updates: [Alex Jackson]
 * Made "MOV AL, offset" etc (opcodes A0-A3) properly indicate a
    segment override prefix.
 * Corrected the disassembly of various NEC-only instructions (mainly
    V25/V35-only instructions)
 * Changed CPUINFO_INT_MAX_INSTRUCTION_BYTES on i86 and NEC from 15 to
    8.
User avatar
No.06948
AWJ
Developer
Dec 20, 2010, 00:35
Thanks for the diagnosis, Tafoid. I'm about to submit a patch for this.
User avatar
No.06958
Kale
Developer
Dec 23, 2010, 00:48
Re-opening because it's NOT fixed.
User avatar
No.06993
Kale
Developer
Jan 2, 2011, 15:20
It looks like that this happens on Raiden and Raiden 2 drivers only ... I wonder why ...
User avatar
No.06995
Kale
Developer
Jan 2, 2011, 18:30
edited on: Jan 2, 2011, 18:30
case PARAM_SFREG:
d8 = FETCHD();
s += sprintf( s, "%s", nec_sfreg[d8] );
break;

Cause of the crash. For now I've masked d8 with 0xff, if you have a better fix please step up :)
User avatar
No.06997
AWJ
Developer
Jan 2, 2011, 19:36
Whoops, looks like this really was my bad after all :-) It's crashing because it's reading from a negative array index. Change the case for that parameter type to:

i8 = FETCHD();
s += sprintf( s, "%s", nec_sfreg[i8] );

(d8 is signed, i8 is unsigned)