Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05047 Crash/Freeze Critical (emulator) Always Oct 27, 2012, 16:17 Jan 8, 2020, 15:33
Tester Tafoid View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Windows XP
Status [?] Resolved Driver
Version 0.147u1 Fixed in Version 0.161 Build Debug
Fixed in Git Commit Github Pull Request #
Summary 05047: pairsred: [debug] Crash after OK
Description Attempting to run causes a crash after OK:
Exception at EIP=030EB9D8 (direct_read_data::read_decrypted_byte(unsigned int, unsigned int)+0x0034): ACCESS VIOLATION
Steps To Reproduce
Additional Information
Github Commit
Flags Debug build specific
Regression Version 0.146u5
Affected Sets / Systems pairsred
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
5
User avatar
No.09062
Osso
Moderator
Oct 29, 2012, 16:59
Can't reproduce with current SVN build (r18769)

(gdb) run pairsred -window
Starting program: /home/potschet/Scrivania/mame/mame64d pairsred -window
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffedd27700 (LWP 24876)]
[New Thread 0x7fffe9191700 (LWP 24877)]
[Thread 0x7fffe9191700 (LWP 24877) exited]
[New Thread 0x7fffe9191700 (LWP 24878)]
Average speed: 100.00% (20 seconds)
[Thread 0x7fffe9191700 (LWP 24878) exited]
[Thread 0x7fffedd27700 (LWP 24876) exited]
Speaker ":mono" - max = 65756 (gain *= 0.498312) - 0% samples clipped
[Inferior 1 (process 24875) exited normally]
User avatar
No.09319
Firewave
Senior Tester
Feb 9, 2013, 14:04

-----------------------------------------------------
Exception at EIP=000000014188458B (+0x4188458b): ACCESS VIOLATION
While attempting to read memory at 0000000003B5BB43
-----------------------------------------------------
RAX=0000000000005B43 RBX=0000000000000000 RCX=0000000003B56000 RDX=0000000000000005
RSI=00000000032A5C58 RDI=0000000000176650 RBP=0000000000000000 RSP=0000000000176630
 R8=0000000000000001  R9=00000000001764C4 R10=FEFEFEFEFEFEFEFF R11=8080808080808080
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  0000000000176650: 000000014188458B (direct_read_data::read_decrypted_byte+0x005b, s:\svn\mame\src\emu\memory.h:1028)
  0000000000176680: 00000001418C505B (m6809_base_device::execute_run+0x00fb, s:\svn\mame\src\emu\cpu\m6809\m6809.c:752)
  00000000001766B0: 00000001422DD121 (device_execute_interface::run+0x0031, s:\svn\mame\src\emu\diexec.h:216)
  00000000001767D0: 00000001422D9E72 (device_scheduler::timeslice+0x0432, s:\svn\mame\src\emu\schedule.c:489)
  0000000000176D40: 00000001422DF16C (running_machine::run+0x034c, s:\svn\mame\src\emu\machine.c:396)
  000000000017D4C0: 0000000142237B88 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190)
  000000000017F3E0: 00000001422F436F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:258)
  000000000017F8D0: 0000000142E604BB (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:493)
  000000000017F910: 0000000142E5C0F0 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82)
  000000000017F960: 0000000142DF82CC (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241)
  000000000017F990: 0000000142DF840E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164)
  000000000017F9C0: 0000000076CE652D (BaseThreadInitThunk+0x000d)
  000000000017FA10: 000000007728C521 (RtlUserThreadStart+0x0021)
User avatar
No.09320
Firewave
Senior Tester
Feb 9, 2013, 14:06
==35789== Invalid read of size 1
==35789==    at 0x383B28E: direct_read_data::read_decrypted_byte(unsigned int, unsigned int) (memory.h:1028)
==35789==    by 0x44B7E74: m6809_base_device::execute_run() (m6809.c:752)
==35789==    by 0x44B82CB: non-virtual thunk to m6809_base_device::execute_run() (debugger.h:50)
==35789==    by 0x5245218: device_execute_interface::run() (diexec.h:216)
==35789==    by 0x5242987: device_scheduler::timeslice() (schedule.c:488)
==35789==    by 0x51744BE: running_machine::run(bool) (machine.c:393)
==35789==    by 0x516F6DB: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==35789==    by 0x4FF2F22: cli_frontend::execute(int, char**) (clifront.c:255)
==35789==    by 0x36FC4B9: main (sdlmain.c:371)
==35789==  Address 0x16432673 is 4,611 bytes inside a block of size 12,960 free'd
==35789==    at 0xFFAE7A6: free (vg_replace_malloc.c:446)
==35789==    by 0x101E397C: SDL_FreeSurface (SDL_surface.c:935)
==35789==    by 0x36FF207: sdl_osd_interface::font_get_bitmap(void*, unsigned int, bitmap_argb32&, int&, int&, int&) (sdlmain.c:1148)
==35789==    by 0x5208981: render_font::char_expand(unsigned int, render_font::glyph&) (rendfont.c:194)
==35789==    by 0x520D33D: render_font::get_char(unsigned int) (rendfont.c:93)
==35789==    by 0x520A158: render_font::char_width(float, float, unsigned int) (rendfont.c:347)
==35789==    by 0x528DEC4: ui_draw_text_full(render_container*, char const*, float, float, float, int, int, int, unsigned int, unsigned int, float*, float*) (ui.c:632)
==35789==    by 0x528D220: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:806)
==35789==    by 0x52877E5: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==35789==    by 0x528CCC1: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==35789==    by 0x52DC229: video_manager::frame_update(bool) (video.c:241)
==35789==    by 0x528CAB2: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
==35789== 
==35789== Invalid read of size 1
==35789==    at 0xC4572E: direct_read_data::read_raw_byte(unsigned int, unsigned int) (memory.h:1021)
==35789==    by 0x44599F0: m6809_base_device::neg_di() (6809ops.c:31)
==35789==    by 0x44B7FCA: m6809_base_device::execute_run() (m6809.c:754)
==35789==    by 0x44B82CB: non-virtual thunk to m6809_base_device::execute_run() (debugger.h:50)
==35789==    by 0x5245218: device_execute_interface::run() (diexec.h:216)
==35789==    by 0x5242987: device_scheduler::timeslice() (schedule.c:488)
==35789==    by 0x51744BE: running_machine::run(bool) (machine.c:393)
==35789==    by 0x516F6DB: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==35789==    by 0x4FF2F22: cli_frontend::execute(int, char**) (clifront.c:255)
==35789==    by 0x36FC4B9: main (sdlmain.c:371)
==35789==  Address 0x16432674 is 4,612 bytes inside a block of size 12,960 free'd
==35789==    at 0xFFAE7A6: free (vg_replace_malloc.c:446)
==35789==    by 0x101E397C: SDL_FreeSurface (SDL_surface.c:935)
==35789==    by 0x36FF207: sdl_osd_interface::font_get_bitmap(void*, unsigned int, bitmap_argb32&, int&, int&, int&) (sdlmain.c:1148)
==35789==    by 0x5208981: render_font::char_expand(unsigned int, render_font::glyph&) (rendfont.c:194)
==35789==    by 0x520D33D: render_font::get_char(unsigned int) (rendfont.c:93)
==35789==    by 0x520A158: render_font::char_width(float, float, unsigned int) (rendfont.c:347)
==35789==    by 0x528DEC4: ui_draw_text_full(render_container*, char const*, float, float, float, int, int, int, unsigned int, unsigned int, float*, float*) (ui.c:632)
==35789==    by 0x528D220: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:806)
==35789==    by 0x52877E5: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==35789==    by 0x528CCC1: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==35789==    by 0x52DC229: video_manager::frame_update(bool) (video.c:241)
==35789==    by 0x528CAB2: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
User avatar
No.09327
Phil Bennett
Developer
Feb 10, 2013, 18:04
There's a bug in the sound program that causes a jump to unmapped space. The crash is an unpleasant side-effect.
User avatar
No.17329
Firewave
Senior Tester
Jan 8, 2020, 15:33
Still crashes in 0.217:
=================================================================
==19108==ERROR: AddressSanitizer: access-violation on unknown address 0x241db364 (pc 0x0684b0a6 bp 0x16b2b850 sp 0x16b2b820 T0)
==19108==The signal is caused by a READ memory access.
    #0 0x684b0a5 in handler_entry_read_memory_bank<0,0,1>::read+0xe5 (s:\dev\mame0217\mame.exe+0x617b0a5)
    #1 0x20e69b1 in memory_access_cache<0,0,1>::read_native+0x141 (s:\dev\mame0217\mame.exe+0x1a169b1)
    #2 0x7cf01db in m6809_base_device::mi_default::read_opcode+0x7b (s:\dev\mame0217\mame.exe+0x76201db)
    #3 0x7e0c927 in m6809_base_device::read_opcode+0xe7 (s:\dev\mame0217\mame.exe+0x773c927)
    #4 0x7e06ca8 in m6809_base_device::execute_one+0xb8 (s:\dev\mame0217\mame.exe+0x7736ca8)
    #5 0x7e0bcd6 in m6809_base_device::execute_run+0x26 (s:\dev\mame0217\mame.exe+0x773bcd6)
    #6 0x669d553 in device_scheduler::timeslice+0x683 (s:\dev\mame0217\mame.exe+0x5fcd553)
    #7 0x66abc95 in running_machine::run+0x305 (s:\dev\mame0217\mame.exe+0x5fdbc95)
    #8 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #9 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #10 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #11 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #12 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #13 0xa598c9a in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #14 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #15 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #16 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (s:\dev\mame0217\mame.exe+0x617b0a5) in handler_entry_read_memory_bank<0,0,1>::read+0xe5
==19108==ABORTING

How was this resolved in 0.161? If this crashes by design it should probably never be marked as working.