Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
04849 Core Major Always May 20, 2012, 15:56 Nov 5, 2022, 09:56
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Windows Vista/7 (64-bit)
Status [?] Resolved Driver
Version 0.145u8 Fixed in Version Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 04849: tourtabl, tourtab2: stack corruption in src/mame/video/tia.c
Description The Visual Studio run-time checks reports a stack corruption around the variables "linePF" and "lineBL" in tia_video_device::update_bitmap(). The problem is, that collision_check() will be called with a negative value of "x2", which is the "next_x" parameter passed into the function. The actual values of x2 until the corruption are 34, 49, 88, 103, 160, -29.

I think the problem lies in this check at the beginning of the function.

if (prev_y >= next_y && prev_x >= next_x)

When the corruption occures we have the following values:

prev_y = 0
next_y = 1
prev_x = 103
next_x = -29

It needs to handle the increment of the y.
Steps To Reproduce
Additional Information
Github Commit
Regression Version
Affected Sets / Systems tourtabl, tourtab2
Attached Files
There are no relationship linked to this issue.
User avatar
May 20, 2012, 17:24
I can't find the cause by eye, but I'm sure that a negative x2 is fine, and the check at the start of the function is also ok.
User avatar
May 20, 2012, 17:42
Please discuss this on Dev List. If the game is not crashing or regressing or have a broken presentation, it should not be here as bug.

User avatar
Senior Tester
May 20, 2012, 17:54
It is actually crashing:

Program received signal SIGSEGV, Segmentation fault.
0x00000000005da3d3 in tia_video_device::update_bitmap (this=0x33cca8,
    next_x=34, next_y=0) at src/mame/video/tia.c:763
warning: Source file is more recent than executable.
763                     p = &helper[current_bitmap]->pix16(y % screen_height, 34
(gdb) bt
#0  0x00000000005da3d3 in tia_video_device::update_bitmap (this=0x33cca8,
    next_x=34, next_y=0) at src/mame/video/tia.c:763
#1  0x00000000005de326 in tia_video_device::read (this=0x33cca8, space=...,
    offset=0, mem_mask=255 'ÿ') at src/mame/video/tia.c:1623
#2  0x00000000039aad02 in delegate_base<unsigned char, address_space&, unsigned
int, unsigned char, _noparam, _noparam>::operator() (this=0x34c54060,
    p1=..., p2=0, p3=255 'ÿ') at src/emu/delegate.h:619
#3  0x00000000039ba10f in handler_entry_read::read8 (this=0x34c53fa8,
    space=..., offset=0, mask=255 'ÿ') at src/emu/memory.c:403
#4  0x000000000382f44f in address_space_specific<unsigned char, (endianness_t)0,
 false>::read_native (this=0x34c08818, offset=0) at src/emu/memory.c:1110
#5  0x00000000038305bd in address_space_specific<unsigned char, (endianness_t)0,
 false>::read_byte (this=0x34c08818, address=0) at src/emu/memory.c:1415
#6  0x0000000001f4697f in m6502_95 (cpustate=0x32c81f08)
    at src/emu/cpu/m6502/t6502.c:139
#7  0x0000000001f8dc80 in cpu_execute_m6502 (device=0x3396f8)
    at src/emu/cpu/m6502/m6502.c:244
#8  0x000000000298c655 in legacy_cpu_device::execute_run (this=0x3396f8)
    at src/emu/devcpu.c:260
#9  0x0000000003858292 in device_execute_interface::run (this=0x339b08)
    at src/emu/diexec.h:228
#10 0x00000000025df2e6 in device_scheduler::timeslice (this=0x22e770)
    at src/emu/schedule.c:489
#11 0x00000000026ad214 in running_machine::run (this=0x228d10, firstrun=true)
    at src/emu/machine.c:389
#12 0x00000000025c7854 in mame_execute (options=..., osd=...)
    at src/emu/mame.c:189
#13 0x0000000002963c45 in cli_frontend::execute (this=0x22fce0, argc=9,
    argv=0x314c5460) at src/emu/clifront.c:252
#14 0x0000000001e3adcf in utf8_main (argc=9, argv=0x314c5460)
    at src/osd/windows/winmain.c:482
#15 0x0000000002c68926 in wmain (argc=9, argv=0x314c2350)
    at src/osd/windows/main.c:88
#16 0x000000000040142e in __tmainCRTStartup ()
    at ../mingw-w64-crt/crt/crtexe.c:282
#17 0x0000000076fd652d in KERNEL32!BaseThreadInitThunk ()
   from C:\Windows\system32\kernel32.dll
#18 0x0000000000000000 in ?? ()
User avatar
Senior Tester
May 22, 2013, 18:50
No errors with ASAN.
User avatar
Senior Tester
Nov 5, 2022, 09:56
No ASAN error with 0.249 on Linux.