- --
Viewing Issue Advanced Details
ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
---|---|---|---|---|---|
05010 | Crash/Freeze | Critical (emulator) | Always | Sep 19, 2012, 10:43 | Nov 5, 2022, 08:46 |
Tester | Tafoid | View Status | Public | Platform | |
Assigned To | Resolution | Fixed | OS | ||
Status [?] | Resolved | Driver | |||
Version | 0.147 | Fixed in Version | Build | ||
Fixed in Git Commit | Github Pull Request # | ||||
Summary | 05010: luckywld, luckywldj, metlhawk, metlhawkj: [debug] Crash after OK | ||||
Description |
For both games, you get a similar crash. With metlhawk, it takes a few emulated seconds to hit the crashpoint. Only seems to be present in DEBUG=1 builds.Program received signal SIGSEGV, Segmentation fault. |
||||
Steps To Reproduce | |||||
Additional Information | |||||
Github Commit | |||||
Flags | Debug build specific | ||||
Regression Version | 0.147 | ||||
Affected Sets / Systems | luckywld, luckywldj, metlhawk, metlhawkj | ||||
Attached Files
|
|||||
Relationships
There are no relationship linked to this issue. |
Notes
11
No.08910
Firewave Senior Tester
Sep 19, 2012, 18:24
|
The problem is, that the tilemap is too big for the rozvideoram. It is defined as 0x100000 in these two sets where all other define it as 0x20000. |
---|---|
No.10555
Firewave Senior Tester
Apr 10, 2014, 21:46
edited on: Apr 10, 2014, 21:47 |
AddressSanitizer output from 0.153:==1610==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310000757fe at pc 0x30405da bp 0x7fff388f80a0 sp 0x7fff388f8098 READ of size 2 at 0x6310000757fe thread T0 #0 0x30405d9 in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int) /home/notroot/trunk/src/mame/drivers/namcoic.c:951 #1 0x7fa4bd3 in delegate_base<void, tilemap_t&, tile_data&, unsigned int, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(tilemap_t&, tile_data&, unsigned int) const /home/notroot/trunk/src/emu/delegate.h:651 #2 0x7fa4bd3 in tilemap_t::tile_update(unsigned int, unsigned int, unsigned int) /home/notroot/trunk/src/emu/tilemap.c:731 #3 0x7fa4808 in tilemap_t::pixmap_update() /home/notroot/trunk/src/emu/tilemap.c:712 #4 0x304187d in tilemap_t::pixmap() /home/notroot/trunk/src/emu/tilemap.h:506 #5 0x304187d in namcos2_shared_state::c169_roz_draw_helper(screen_device&, bitmap_ind16&, tilemap_t&, rectangle const&, namcos2_shared_state::roz_parameters const&) /home/notroot/trunk/src/mame/drivers/namcoic.c:1112 #6 0x3042778 in namcos2_shared_state::c169_roz_draw(screen_device&, bitmap_ind16&, rectangle const&, int) /home/notroot/trunk/src/mame/drivers/namcoic.c:1203 #7 0x30ee89f in namcos2_state::screen_update_luckywld(screen_device&, bitmap_ind16&, rectangle const&) /home/notroot/trunk/src/mame/video/namcos2.c:505 #8 0x7f806d9 in delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const /home/notroot/trunk/src/emu/delegate.h:651 #9 0x7f806d9 in screen_device::update_partial(int) /home/notroot/trunk/src/emu/screen.c:613 #10 0x801a7e0 in video_manager::finish_screen_updates() /home/notroot/trunk/src/emu/video.c:624 #11 0x8019e84 in video_manager::frame_update(bool) /home/notroot/trunk/src/emu/video.c:200 #12 0x7f7fa9f in screen_device::vblank_begin() /home/notroot/trunk/src/emu/screen.c:812 #13 0x7f76b63 in device_t::timer_expired(emu_timer&, unsigned int, int, void*) /home/notroot/trunk/src/emu/device.h:199 #14 0x7f76b63 in device_scheduler::execute_timers() /home/notroot/trunk/src/emu/schedule.c:900 #15 0x7e8adf1 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:378 #16 0x7e821d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194 #17 0x7c82758 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237 #18 0x5608f55 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379 #19 0x7f2a38dc7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #20 0x101071c in _start (/home/notroot/trunk/mame64d+0x101071c) 0x6310000757ff is located 0 bytes to the right of 69631-byte region [0x631000064800,0x6310000757ff) allocated by thread T0 here: #0 0xffa639 in __interceptor_malloc /home/ben/development/llvm/3.4/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:74 #1 0x82bd41a in malloc_file_line(unsigned long, char const*, int, bool, bool, bool) /home/notroot/trunk/src/lib/util/corealloc.c:104 #2 0x788bef0 in operator new[](unsigned long, char const*, int) /home/notroot/trunk/src/lib/util/corealloc.h:84 #3 0x788bef0 in dynamic_array<unsigned char>::expand_internal(int) /home/notroot/trunk/src/lib/util/coretmpl.h:107 #4 0x788bef0 in dynamic_array<unsigned char>::resize(int) /home/notroot/trunk/src/lib/util/coretmpl.h:94 #5 0x788bef0 in dynamic_array<unsigned char>::resize_and_clear(int, unsigned char) /home/notroot/trunk/src/lib/util/coretmpl.h:99 #6 0x7ecb800 in memory_block::memory_block(address_space&, unsigned int, unsigned int, void*) /home/notroot/trunk/src/emu/memory.c:4083 #7 0x7ea0782 in address_space::allocate_memory() /home/notroot/trunk/src/emu/memory.c:2142 #8 0x7e9d217 in memory_manager::initialize() /home/notroot/trunk/src/emu/memory.c:1605 #9 0x7e874a8 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:253 #10 0x7e8ac8d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:349 #11 0x7e821d7 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194 #12 0x7c82758 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237 #13 0x5608f55 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:379 #14 0x7f2a38dc7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 |
No.11493
Firewave Senior Tester
Mar 5, 2015, 17:43
|
Added additional sets from 0.159 testrun. |
No.11525
peterferrie Developer
Mar 19, 2015, 07:03
|
They all work if the ROM size is increased to 128kb. Any idea why they were set at 64kb? Can we just increase to 128kb and go home? |
No.11531
AWJ Developer
Mar 20, 2015, 07:01
|
Probably because there's only 64KB of RAM (not ROM) on those boards. Fixing the namcoic.c code to work with variable RAM sizes is the answer, not adding nonexistent RAM to the address maps. |
No.11769
peterferrie Developer
Jun 19, 2015, 20:09
|
this appears to be fixed in 0.162, but I haven't found the check-in that's responsible for it... |
No.11774
Tafoid Administrator
Jun 19, 2015, 22:19
|
looks like it was fixed in 0.161, my local copy of mamed for 0.161 doesn't crash. Resolving. |
No.14593
Firewave Senior Tester
Dec 31, 2017, 23:44
|
Still happening in 0.193==118926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310010157fe at pc 0x00000342d0bd bp 0x7ffea1b8cf40 sp 0x7ffea1b8cf38 READ of size 2 at 0x6310010157fe thread T0 #0 0x342d0bc in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:869:18 #1 0x342d274 in namcos2_shared_state::c169_roz_get_info1(tilemap_t&, tile_data&, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:938:2 #2 0xe7eef5c in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11 #3 0xe7eef5c in tilemap_t::tile_update(unsigned int, unsigned int, unsigned int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:750 #4 0xe7eea7f in tilemap_t::pixmap_update() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:731:5 #5 0x342e151 in pixmap /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.h:516:27 #6 0x342e151 in namcos2_shared_state::c169_roz_draw_helper(screen_device&, bitmap_ind16&, tilemap_t&, rectangle const&, namcos2_shared_state::roz_parameters const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:1032 #7 0x342f7e4 in namcos2_shared_state::c169_roz_draw(screen_device&, bitmap_ind16&, rectangle const&, int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:1123:6 #8 0x34a6343 in namcos2_state::screen_update_luckywld(screen_device&, bitmap_ind16&, rectangle const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/namcos2.cpp:502:4 #9 0xe7ac132 in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11 #10 0xe7ac132 in screen_device::update_partial(int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1219 #11 0xe833c67 in video_manager::finish_screen_updates() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:694:10 #12 0xe8332a0 in video_manager::frame_update(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:208:27 #13 0xe7aa719 in screen_device::vblank_begin() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1524:21 #14 0xe7a9c7c in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:997:4 #15 0xe795168 in timer_expired /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.h:520:83 #16 0xe795168 in device_scheduler::execute_timers() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:906 #17 0xe78ea0f in device_scheduler::timeslice() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:530:2 #18 0xe6a324b in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:357:17 #19 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19 #20 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22 #21 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3 #22 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18 #23 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9 #24 0x7f172faf282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #25 0x1431838 in _start (/mnt/mame/mame64+0x1431838) 0x6310010157ff is located 0 bytes to the right of 69631-byte region [0x631001004800,0x6310010157ff) allocated by thread T0 here: #0 0x14fd722 in operator new(unsigned long) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3 #1 0xe225de3 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/ext/new_allocator.h:104:27 #2 0xe225de3 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/alloc_traits.h:491 #3 0xe225de3 in _M_allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:170 #4 0xe225de3 in _M_default_append /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/vector.tcc:557 #5 0xe225de3 in resize /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:676 #6 0xe225de3 in memory_block::memory_block(address_space&, unsigned int, unsigned int, void*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:4241 #7 0xe2082c1 in make_unique<memory_block, address_space &, unsigned int &, unsigned int &> /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/unique_ptr.h:765:34 #8 0xe2082c1 in address_space::allocate_memory() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:2397 #9 0xe1f7e59 in allocate_memory /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/dimemory.h:112:87 #10 0xe1f7e59 in memory_manager::initialize() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.cpp:1848 #11 0xe69f9d6 in running_machine::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:239:11 #12 0xe6a2a41 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:310:3 #13 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19 #14 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22 #15 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3 #16 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18 #17 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9 #18 0x7f172faf282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/machine/namcoic.cpp:869:18 in namcos2_shared_state::c169_roz_get_info(tile_data&, int, int) Shadow bytes around the buggy address: 0x0c62801faaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c62801faab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c62801faac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c62801faad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c62801faae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c62801faaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07] 0x0c62801fab00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c62801fab10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c62801fab20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c62801fab30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c62801fab40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb |
No.14972
Tafoid Administrator
Apr 21, 2018, 22:10
|
Also seem to be hitting quite often during regular build testing as well now. |
No.15444
Haze Senior Tester
Sep 10, 2018, 23:09
|
the most recent part of this regression should be fix (it had got to the point where it crashed every single time for me) however if there was an older bug, that might not be fixed. |
No.17362
Firewave Senior Tester
Jan 14, 2020, 22:24
edited on: Jan 14, 2020, 22:27 |
Testing with 0.217 on Windows there is no longer an ASAN error and it plays fine. So it appears to be fixed since September 2018. |