05071: piopx7: [debug] Crash after OK

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
05071	Crash/Freeze	Critical (emulator)	Always	Nov 28, 2012, 01:53	May 24, 2013, 20:46

Tester	Tafoid	View Status	Public	Platform	MESS (Self-compiled)
Assigned To	wilbert	Resolution	Fixed	OS	Windows XP
Status [?]	Resolved			Driver	msx/msx.cpp
Version	0.147u3	Fixed in Version		Build	Debug
		Fixed in Git Commit		Github Pull Request #

Summary	05071: piopx7: [debug] Crash after OK
Description	About 5 seconds into emulation: Program received signal SIGSEGV, Segmentation fault. 0x01cd1fea in address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) ()
Steps To Reproduce
Additional Information
Github Commit

Flags	Debug build specific
Regression Version
Affected Sets / Systems	piopx7

Attached Files

No.09263 Firewave Senior Tester Jan 21, 2013, 13:59	==10443== Invalid read of size 1 ==10443== at 0x1ADE3AB: address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) (memory.c:1083) ==10443== by 0x1ACF9D1: address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) (memory.c:1389) ==10443== by 0x1906B3D: op_7e(z80_state) (z80.c:3067) ==10443== by 0x190C02D: cpu_execute_z80(legacy_cpu_device) (in /home/notroot/trunk/mess64d) ==10443== by 0x19DE15F: legacy_cpu_device::execute_run() (devcpu.c:260) ==10443== by 0x1B0B9D8: device_execute_interface::run() (diexec.h:214) ==10443== by 0x1B0A6BD: device_scheduler::timeslice() (schedule.c:488) ==10443== by 0x1AA49B0: running_machine::run(bool) (machine.c:393) ==10443== by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190) ==10443== by 0x19C94F4: cli_frontend::execute(int, char*) (clifront.c:255) ==10443== by 0x13154D8: main (sdlmain.c:371) ==10443== Address 0x121da850 is 16,064 bytes inside a block of size 16,704 free'd ==10443== at 0x632F739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10443== by 0x1E4B2F4: free__7z_file(_7z_file) (un7z.c:513) ==10443== by 0x1E4AFF5: _7z_file_open(char const, _7z_file) (un7z.c:398) ==10443== by 0x1A2153A: emu_file::attempt__7zped() (fileio.c:854) ==10443== by 0x1A20580: emu_file::open_next() (fileio.c:393) ==10443== by 0x1A1FFB2: emu_file::open(char const) (fileio.c:310) ==10443== by 0x131696E: sdl_osd_interface::font_open(char const, int&) (sdlmain.c:1042) ==10443== by 0x1AEFA45: render_font::render_font(render_manager&, char const) (rendfont.c:124) ==10443== by 0x1AEAC34: render_manager::font_alloc(char const) (render.c:2609) ==10443== by 0x1B28766: ui_get_font(running_machine&) (ui.c:469) ==10443== by 0x1B28793: ui_get_line_height(running_machine&) (ui.c:481) ==10443== by 0x1B2936A: ui_draw_text_box(render_container, char const, int, float, float, unsigned int) (ui.c:781) ==10443== by 0x1B2A9ED: handler_messagebox(running_machine&, render_container, unsigned int) (ui.c:1211) ==10443== by 0x1B2855D: ui_update_and_render(running_machine&, render_container) (ui.c:432) ==10443== by 0x1B50E8E: video_manager::frame_update(bool) (video.c:241) ==10443== by 0x1B283F9: ui_set_startup_text(running_machine&, char const, int) (ui.c:399) ==10443== by 0x1B02702: display_loading_rom_message(romload_private, char const) (romload.c:479) ==10443== by 0x1B02A24: open_rom_file(romload_private, char const, rom_entry const, astring&) (romload.c:565) ==10443== by 0x1B03F2D: process_rom_entries(romload_private, char const, rom_entry const, rom_entry const, device_t) (romload.c:908) ==10443== by 0x1B064D7: process_region_list(romload_private) (romload.c:1445) ==10443== by 0x1B06998: rom_init(running_machine&) (romload.c:1501) ==10443== by 0x1AA3EFA: running_machine::start() (machine.c:278) ==10443== by 0x1AA48E7: running_machine::run(bool) (machine.c:372) ==10443== by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190) ==10443== by 0x19C94F4: cli_frontend::execute(int, char) (clifront.c:255) ==10443== by 0x13154D8: main (sdlmain.c:371) ==10443== ==10443== Invalid read of size 1 ==10443== at 0x1ADE3AB: address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) (memory.c:1083) ==10443== by 0x1ACF9D1: address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) (memory.c:1389) ==10443== by 0x190821E: op_be(z80_state) (z80.c:3139) ==10443== by 0x190C46D: cpu_execute_z80(legacy_cpu_device) (in /home/notroot/trunk/mess64d) ==10443== by 0x19DE15F: legacy_cpu_device::execute_run() (devcpu.c:260) ==10443== by 0x1B0B9D8: device_execute_interface::run() (diexec.h:214) ==10443== by 0x1B0A6BD: device_scheduler::timeslice() (schedule.c:488) ==10443== by 0x1AA49B0: running_machine::run(bool) (machine.c:393) ==10443== by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190) ==10443== by 0x19C94F4: cli_frontend::execute(int, char) (clifront.c:255) ==10443== by 0x13154D8: main (sdlmain.c:371) ==10443== Address 0x121da850 is 16,064 bytes inside a block of size 16,704 free'd ==10443== at 0x632F739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10443== by 0x1E4B2F4: free__7z_file(_7z_file) (un7z.c:513) ==10443== by 0x1E4AFF5: _7z_file_open(char const, _7z_file) (un7z.c:398) ==10443== by 0x1A2153A: emu_file::attempt__7zped() (fileio.c:854) ==10443== by 0x1A20580: emu_file::open_next() (fileio.c:393) ==10443== by 0x1A1FFB2: emu_file::open(char const) (fileio.c:310) ==10443== by 0x131696E: sdl_osd_interface::font_open(char const, int&) (sdlmain.c:1042) ==10443== by 0x1AEFA45: render_font::render_font(render_manager&, char const) (rendfont.c:124) ==10443== by 0x1AEAC34: render_manager::font_alloc(char const) (render.c:2609) ==10443== by 0x1B28766: ui_get_font(running_machine&) (ui.c:469) ==10443== by 0x1B28793: ui_get_line_height(running_machine&) (ui.c:481) ==10443== by 0x1B2936A: ui_draw_text_box(render_container, char const, int, float, float, unsigned int) (ui.c:781) ==10443== by 0x1B2A9ED: handler_messagebox(running_machine&, render_container, unsigned int) (ui.c:1211) ==10443== by 0x1B2855D: ui_update_and_render(running_machine&, render_container) (ui.c:432) ==10443== by 0x1B50E8E: video_manager::frame_update(bool) (video.c:241) ==10443== by 0x1B283F9: ui_set_startup_text(running_machine&, char const, int) (ui.c:399) ==10443== by 0x1B02702: display_loading_rom_message(romload_private, char const) (romload.c:479) ==10443== by 0x1B02A24: open_rom_file(romload_private, char const, rom_entry const, astring&) (romload.c:565) ==10443== by 0x1B03F2D: process_rom_entries(romload_private, char const, rom_entry const, rom_entry const, device_t) (romload.c:908) ==10443== by 0x1B064D7: process_region_list(romload_private) (romload.c:1445) ==10443== by 0x1B06998: rom_init(running_machine&) (romload.c:1501) ==10443== by 0x1AA3EFA: running_machine::start() (machine.c:278) ==10443== by 0x1AA48E7: running_machine::run(bool) (machine.c:372) ==10443== by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190) ==10443== by 0x19C94F4: cli_frontend::execute(int, char*) (clifront.c:255) ==10443== by 0x13154D8: main (sdlmain.c:371)
No.09543 wilbert Developer May 24, 2013, 20:46	Fixed in revision 23142

No.09263

Firewave

Senior Tester

Jan 21, 2013, 13:59

==10443== Invalid read of size 1
==10443==    at 0x1ADE3AB: address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) (memory.c:1083)
==10443==    by 0x1ACF9D1: address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) (memory.c:1389)
==10443==    by 0x1906B3D: op_7e(z80_state*) (z80.c:3067)
==10443==    by 0x190C02D: cpu_execute_z80(legacy_cpu_device*) (in /home/notroot/trunk/mess64d)
==10443==    by 0x19DE15F: legacy_cpu_device::execute_run() (devcpu.c:260)
==10443==    by 0x1B0B9D8: device_execute_interface::run() (diexec.h:214)
==10443==    by 0x1B0A6BD: device_scheduler::timeslice() (schedule.c:488)
==10443==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==10443==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==10443==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==10443==    by 0x13154D8: main (sdlmain.c:371)
==10443==  Address 0x121da850 is 16,064 bytes inside a block of size 16,704 free'd
==10443==    at 0x632F739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10443==    by 0x1E4B2F4: free__7z_file(_7z_file*) (un7z.c:513)
==10443==    by 0x1E4AFF5: _7z_file_open(char const*, _7z_file**) (un7z.c:398)
==10443==    by 0x1A2153A: emu_file::attempt__7zped() (fileio.c:854)
==10443==    by 0x1A20580: emu_file::open_next() (fileio.c:393)
==10443==    by 0x1A1FFB2: emu_file::open(char const*) (fileio.c:310)
==10443==    by 0x131696E: sdl_osd_interface::font_open(char const*, int&) (sdlmain.c:1042)
==10443==    by 0x1AEFA45: render_font::render_font(render_manager&, char const*) (rendfont.c:124)
==10443==    by 0x1AEAC34: render_manager::font_alloc(char const*) (render.c:2609)
==10443==    by 0x1B28766: ui_get_font(running_machine&) (ui.c:469)
==10443==    by 0x1B28793: ui_get_line_height(running_machine&) (ui.c:481)
==10443==    by 0x1B2936A: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:781)
==10443==    by 0x1B2A9ED: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==10443==    by 0x1B2855D: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==10443==    by 0x1B50E8E: video_manager::frame_update(bool) (video.c:241)
==10443==    by 0x1B283F9: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
==10443==    by 0x1B02702: display_loading_rom_message(romload_private*, char const*) (romload.c:479)
==10443==    by 0x1B02A24: open_rom_file(romload_private*, char const*, rom_entry const*, astring&) (romload.c:565)
==10443==    by 0x1B03F2D: process_rom_entries(romload_private*, char const*, rom_entry const*, rom_entry const*, device_t*) (romload.c:908)
==10443==    by 0x1B064D7: process_region_list(romload_private*) (romload.c:1445)
==10443==    by 0x1B06998: rom_init(running_machine&) (romload.c:1501)
==10443==    by 0x1AA3EFA: running_machine::start() (machine.c:278)
==10443==    by 0x1AA48E7: running_machine::run(bool) (machine.c:372)
==10443==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==10443==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==10443==    by 0x13154D8: main (sdlmain.c:371)
==10443== 
==10443== Invalid read of size 1
==10443==    at 0x1ADE3AB: address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) (memory.c:1083)
==10443==    by 0x1ACF9D1: address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) (memory.c:1389)
==10443==    by 0x190821E: op_be(z80_state*) (z80.c:3139)
==10443==    by 0x190C46D: cpu_execute_z80(legacy_cpu_device*) (in /home/notroot/trunk/mess64d)
==10443==    by 0x19DE15F: legacy_cpu_device::execute_run() (devcpu.c:260)
==10443==    by 0x1B0B9D8: device_execute_interface::run() (diexec.h:214)
==10443==    by 0x1B0A6BD: device_scheduler::timeslice() (schedule.c:488)
==10443==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==10443==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==10443==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==10443==    by 0x13154D8: main (sdlmain.c:371)
==10443==  Address 0x121da850 is 16,064 bytes inside a block of size 16,704 free'd
==10443==    at 0x632F739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10443==    by 0x1E4B2F4: free__7z_file(_7z_file*) (un7z.c:513)
==10443==    by 0x1E4AFF5: _7z_file_open(char const*, _7z_file**) (un7z.c:398)
==10443==    by 0x1A2153A: emu_file::attempt__7zped() (fileio.c:854)
==10443==    by 0x1A20580: emu_file::open_next() (fileio.c:393)
==10443==    by 0x1A1FFB2: emu_file::open(char const*) (fileio.c:310)
==10443==    by 0x131696E: sdl_osd_interface::font_open(char const*, int&) (sdlmain.c:1042)
==10443==    by 0x1AEFA45: render_font::render_font(render_manager&, char const*) (rendfont.c:124)
==10443==    by 0x1AEAC34: render_manager::font_alloc(char const*) (render.c:2609)
==10443==    by 0x1B28766: ui_get_font(running_machine&) (ui.c:469)
==10443==    by 0x1B28793: ui_get_line_height(running_machine&) (ui.c:481)
==10443==    by 0x1B2936A: ui_draw_text_box(render_container*, char const*, int, float, float, unsigned int) (ui.c:781)
==10443==    by 0x1B2A9ED: handler_messagebox(running_machine&, render_container*, unsigned int) (ui.c:1211)
==10443==    by 0x1B2855D: ui_update_and_render(running_machine&, render_container*) (ui.c:432)
==10443==    by 0x1B50E8E: video_manager::frame_update(bool) (video.c:241)
==10443==    by 0x1B283F9: ui_set_startup_text(running_machine&, char const*, int) (ui.c:399)
==10443==    by 0x1B02702: display_loading_rom_message(romload_private*, char const*) (romload.c:479)
==10443==    by 0x1B02A24: open_rom_file(romload_private*, char const*, rom_entry const*, astring&) (romload.c:565)
==10443==    by 0x1B03F2D: process_rom_entries(romload_private*, char const*, rom_entry const*, rom_entry const*, device_t*) (romload.c:908)
==10443==    by 0x1B064D7: process_region_list(romload_private*) (romload.c:1445)
==10443==    by 0x1B06998: rom_init(running_machine&) (romload.c:1501)
==10443==    by 0x1AA3EFA: running_machine::start() (machine.c:278)
==10443==    by 0x1AA48E7: running_machine::run(bool) (machine.c:372)
==10443==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==10443==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==10443==    by 0x13154D8: main (sdlmain.c:371)

No.09543

wilbert

Developer

May 24, 2013, 20:46

Fixed in revision 23142