04303: nost, nostk: Intermittent crash when the sun starts rising during demonstration

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
04303	Crash/Freeze	Critical (emulator)	Random	Apr 7, 2011, 21:37	Mar 23, 2012, 21:07

Tester	Robbbert	View Status	Public	Platform	MAME (Official Binary)
Assigned To	Haze	Resolution	Fixed	OS
Status [?]	Resolved			Driver	misc/mcatadv.cpp
Version	0.142	Fixed in Version	0.145u5	Build	I686
		Fixed in Git Commit		Github Pull Request #

Summary	04303: nost, nostk: Intermittent crash when the sun starts rising during demonstration
Description	Start nost, when the sun starts rising, and access violation can occur.
Steps To Reproduce	Start nost, when the sun starts rising, and access violation can occur. Sometimes it works instead. For me to make it reliably crash, start a pinball game (taf_l1 is a good one), press escape then start nostk.
Additional Information	C:\Compile\MAME>mame nostk ----------------------------------------------------- Exception at EIP=01319609 (screen_update_mcatadv(screen_device, bitmap_t, _rectangle const)+0x0429): ACCESS VIOLATION While attempting to read memory at 07DBFFB0 ----------------------------------------------------- EAX=00000001 EBX=00000001 ECX=07DBFFB0 EDX=00314200 ESI=FFFFFF68 EDI=07DF7E30 EBP=0022E7F0 ESP=0022E758 ----------------------------------------------------- Stack crawl: 0022E7F0: 01319609 (screen_update_mcatadv(screen_device, bitmap_t, _rectangle const)+0x0429) 0022E830: 01945AD8 (screen_device::update_partial(int)+0x00d8) 0022E860: 01BB31FB (video_manager::finish_screen_updates()+0x002b) 0022E8C0: 01BB347D (video_manager::frame_update(bool)+0x014d) 0022E9C0: 01942A8B (screen_device::vblank_begin_callback()+0x063b) 0022EA10: 019BE66F (device_scheduler::execute_timers()+0x013f) 0022EAA0: 019BE91D (device_scheduler::timeslice()+0x002d) 0022EB30: 0194C930 (running_machine::run(bool)+0x03d0) 0022F900: 0199D289 (mame_execute(emu_options&, osd_interface&)+0x01e9) 0022FB80: 01B80694 (cli_execute(cli_options&, osd_interface&, int, char)+0x0134) 0022FEF0: 013505D5 (utf8_main(int, char)+0x01a5) 0022FF30: 01DC9C5E (wmain+0x006e) 0022FFC0: 004013D1 (__tmainCRTStartup+0x0241) 0022FFF0: 7C817067 (RegisterWaitForInputIdle+0x0049)
Github Commit

Flags
Regression Version
Affected Sets / Systems	nost, nostk

Attached Files

No.07373 Tafoid Administrator Apr 7, 2011, 22:01	I can confirm it, but it's very random and only seems to happen just once.
No.08396 Haze Senior Tester Mar 22, 2012, 23:52	Apparently Magical Cat Adventure is prone to the same random crashes. Probably something uninitialized combined with a potential access beyond the bounds of a buffer.
No.08400 Haze Senior Tester Mar 23, 2012, 21:07	priority check code wasn't safe (didn't check if x was in rage of priority bitmap, check only happened later on actual draw call)