Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05116 Misc. Minor Always Jan 19, 2013, 13:47 Mar 9, 2013, 09:40
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To Firewave Resolution Fixed OS
Status [?] Resolved Driver
Version 0.148 Fixed in Version 0.148u2 Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05116: Sets using MC6847: Invalid read of size 1
Description
==62745== Invalid read of size 1
==62745==    at 0x1193F11: unsigned int mc6847_friend_device::emit_mc6847_samples<1>(unsigned char, unsigned char const*, int, unsigned int*, unsigned int const*, unsigned char (*)(running_machine&, unsigned char, int), int, int) (mc6847.h:148)
==62745==    by 0x1191944: mc6847_base_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) (mc6847.c:766)
==62745==    by 0x1B118D8: delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const (delegate.h:542)
==62745==    by 0x1B0EDF2: screen_device::update_partial(int) (screen.c:603)
==62745==    by 0x1B52275: video_manager::finish_screen_updates() (video.c:658)
==62745==    by 0x1B50DE7: video_manager::frame_update(bool) (video.c:229)
==62745==    by 0x1B0F7CC: screen_device::vblank_begin() (screen.c:812)
==62745==    by 0x1B0E309: screen_device::device_timer(emu_timer&, unsigned int, int, void*) (screen.c:397)
==62745==    by 0x1B0B9B0: device_t::timer_expired(emu_timer&, unsigned int, int, void*) (device.h:227)
==62745==    by 0x1B0BC7C: device_scheduler::execute_timers() (schedule.c:914)
==62745==    by 0x1B0A3BB: device_scheduler::timeslice() (schedule.c:429)
==62745==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==62745==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==62745==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==62745==    by 0x13154D8: main (sdlmain.c:371)
==62745==  Address 0x10b43c6a is not stack'd, malloc'd or (recently) free'd
Steps To Reproduce
Additional Information Systems which use MC6847 or variant:
alice
apfimag
apfm1000
atom
atomeb
coco
coco2
coco2b
cocoe
cp400
d64plus
dgnalpha
dragon200
dragon32
dragon64
fellow
las110de
las210de
laser110
laser200
laser210
laser310
laser310h
mc10
mc1000
phc25
phc25j
spc1000
tanodr64
tx8000
vz200
vz300
z80net
z80netb
z80netf
Github Commit
Flags
Regression Version
Affected Sets / Systems Sets using MC6847
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
7
User avatar
No.09259
Tafoid
Administrator
Jan 19, 2013, 17:45
Doesn't crash? Is there supposed to be a popup warning?
User avatar
No.09260
Firewave
Senior Tester
Jan 19, 2013, 22:50
No warning at all - just valgrind complaining.

fellow also has this at different lines:

==64789== Invalid read of size 1
==64789==    at 0x119398D: unsigned int mc6847_friend_device::emit_mc6847_samples<1>(unsigned char, unsigned char const*, int, unsigned int*, unsigned int const*, unsigned char (*)(running_machine&, unsigned char, int), int, int) (mc6847.h:379)
==64789==    by 0x1191944: mc6847_base_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) (mc6847.c:766)
==64789==    by 0x1B118D8: delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const (delegate.h:542)
==64789==    by 0x1B0EDF2: screen_device::update_partial(int) (screen.c:603)
==64789==    by 0x1B52275: video_manager::finish_screen_updates() (video.c:658)
==64789==    by 0x1B50DE7: video_manager::frame_update(bool) (video.c:229)
==64789==    by 0x1B0F7CC: screen_device::vblank_begin() (screen.c:812)
==64789==    by 0x1B0E309: screen_device::device_timer(emu_timer&, unsigned int, int, void*) (screen.c:397)
==64789==    by 0x1B0B9B0: device_t::timer_expired(emu_timer&, unsigned int, int, void*) (device.h:227)
==64789==    by 0x1B0BC7C: device_scheduler::execute_timers() (schedule.c:914)
==64789==    by 0x1B0A3BB: device_scheduler::timeslice() (schedule.c:429)
==64789==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==64789==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==64789==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==64789==    by 0x13154D8: main (sdlmain.c:371)
==64789==  Address 0x10b1d17d is not stack'd, malloc'd or (recently) free'd
==64789== 
==64789== Invalid read of size 1
==64789==    at 0x119187D: mc6847_base_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) (mc6847.c:754)
==64789==    by 0x1B118D8: delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const (delegate.h:542)
==64789==    by 0x1B0EDF2: screen_device::update_partial(int) (screen.c:603)
==64789==    by 0x1B52275: video_manager::finish_screen_updates() (video.c:658)
==64789==    by 0x1B50DE7: video_manager::frame_update(bool) (video.c:229)
==64789==    by 0x1B0F7CC: screen_device::vblank_begin() (screen.c:812)
==64789==    by 0x1B0E309: screen_device::device_timer(emu_timer&, unsigned int, int, void*) (screen.c:397)
==64789==    by 0x1B0B9B0: device_t::timer_expired(emu_timer&, unsigned int, int, void*) (device.h:227)
==64789==    by 0x1B0BC7C: device_scheduler::execute_timers() (schedule.c:914)
==64789==    by 0x1B0A3BB: device_scheduler::timeslice() (schedule.c:429)
==64789==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==64789==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==64789==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==64789==    by 0x13154D8: main (sdlmain.c:371)
==64789==  Address 0x10b1d160 is 0 bytes after a block of size 19,808 alloc'd
==64789==    at 0x63303F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==64789==    by 0x1F162BF: osd_malloc (sdlos_unix.c:87)
==64789==    by 0x1A1AA49: malloc_file_line(unsigned long, char const*, int) (emualloc.c:146)
==64789==    by 0x1194269: device_t* device_creator<mc6847_pal_device>(machine_config const&, char const*, device_t*, unsigned int) (emualloc.h:145)
==64789==    by 0x19E07D3: device_t::add_subdevice(device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), char const*, unsigned int) (device.c:827)
==64789==    by 0x1AAA6A5: machine_config::device_add(device_t*, char const*, device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), unsigned int) (mconfig.c:182)
==64789==    by 0x10DC91A: construct_machine_config_laser200(machine_config&, device_t*) (vtech1.c:1006)
==64789==    by 0x1AA9E8A: machine_config::machine_config(game_driver const&, emu_options&) (mconfig.c:68)
==64789==    by 0x1AA2240: mame_execute(emu_options&, osd_interface&) (mame.c:179)
==64789==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==64789==    by 0x13154D8: main (sdlmain.c:371)
User avatar
No.09261
Firewave
Senior Tester
Jan 20, 2013, 17:06
edited on: Jan 20, 2013, 17:06
mc1000 shows another variation

==4729== Invalid read of size 1
==4729==    at 0x1191910: mc6847_base_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) (mc6847.c:759)
==4729==    by 0x1B118D8: delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const (delegate.h:542)
==4729==    by 0x1B0EDF2: screen_device::update_partial(int) (screen.c:603)
==4729==    by 0x1B52275: video_manager::finish_screen_updates() (video.c:658)
==4729==    by 0x1B50DE7: video_manager::frame_update(bool) (video.c:229)
==4729==    by 0x1B0F7CC: screen_device::vblank_begin() (screen.c:812)
==4729==    by 0x1B0E309: screen_device::device_timer(emu_timer&, unsigned int, int, void*) (screen.c:397)
==4729==    by 0x1B0B9B0: device_t::timer_expired(emu_timer&, unsigned int, int, void*) (device.h:227)
==4729==    by 0x1B0BC7C: device_scheduler::execute_timers() (schedule.c:914)
==4729==    by 0x1B0A3BB: device_scheduler::timeslice() (schedule.c:429)
==4729==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==4729==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==4729==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==4729==    by 0x13154D8: main (sdlmain.c:371)
==4729==  Address 0x10d7bd20 is 0 bytes after a block of size 19,808 alloc'd
==4729==    at 0x63303F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4729==    by 0x1F162BF: osd_malloc (sdlos_unix.c:87)
==4729==    by 0x1A1AA49: malloc_file_line(unsigned long, char const*, int) (emualloc.c:146)
==4729==    by 0x119415A: device_t* device_creator<mc6847_ntsc_device>(machine_config const&, char const*, device_t*, unsigned int) (emualloc.h:145)
==4729==    by 0x19E07D3: device_t::add_subdevice(device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), char const*, unsigned int) (device.c:827)
==4729==    by 0x1AAA6A5: machine_config::device_add(device_t*, char const*, device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), unsigned int) (mconfig.c:182)
==4729==    by 0x7A4EF6: construct_machine_config_mc1000(machine_config&, device_t*) (mc1000.c:454)
==4729==    by 0x1AA9E8A: machine_config::machine_config(game_driver const&, emu_options&) (mconfig.c:68)
==4729==    by 0x1AA2240: mame_execute(emu_options&, osd_interface&) (mame.c:179)
==4729==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==4729==    by 0x13154D8: main (sdlmain.c:371) 
User avatar
No.09266
Firewave
Senior Tester
Jan 22, 2013, 05:03
spc1000 shows yet another location

==13823== Invalid read of size 1
==13823==    at 0x11919D2: mc6847_base_device::screen_update(screen_device&, bitmap_rgb32&, rectangle const&) (mc6847.c:775)
==13823==    by 0x1B118D8: delegate_base<unsigned int, screen_device&, bitmap_rgb32&, rectangle const&, _noparam, _noparam>::operator()(screen_device&, bitmap_rgb32&, rectangle const&) const (delegate.h:542)
==13823==    by 0x1B0EDF2: screen_device::update_partial(int) (screen.c:603)
==13823==    by 0x1B52275: video_manager::finish_screen_updates() (video.c:658)
==13823==    by 0x1B50DE7: video_manager::frame_update(bool) (video.c:229)
==13823==    by 0x1B0F7CC: screen_device::vblank_begin() (screen.c:812)
==13823==    by 0x1B0E309: screen_device::device_timer(emu_timer&, unsigned int, int, void*) (screen.c:397)
==13823==    by 0x1B0B9B0: device_t::timer_expired(emu_timer&, unsigned int, int, void*) (device.h:227)
==13823==    by 0x1B0BC7C: device_scheduler::execute_timers() (schedule.c:914)
==13823==    by 0x1B0A3BB: device_scheduler::timeslice() (schedule.c:429)
==13823==    by 0x1AA49B0: running_machine::run(bool) (machine.c:393)
==13823==    by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190)
==13823==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==13823==    by 0x13154D8: main (sdlmain.c:371)
==13823==  Address 0x10d874ca is 6 bytes before a block of size 1,192 alloc'd
==13823==    at 0x63303F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13823==    by 0x1F162BF: osd_malloc (sdlos_unix.c:87)
==13823==    by 0x1A1AA49: malloc_file_line(unsigned long, char const*, int) (emualloc.c:146)
==13823==    by 0x1A29158: device_t* device_creator<speaker_device>(machine_config const&, char const*, device_t*, unsigned int) (emualloc.h:145)
==13823==    by 0x19E07D3: device_t::add_subdevice(device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), char const*, unsigned int) (device.c:827)
==13823==    by 0x1AAA6A5: machine_config::device_add(device_t*, char const*, device_t* (*)(machine_config const&, char const*, device_t*, unsigned int), unsigned int) (mconfig.c:182)
==13823==    by 0xCD3468: construct_machine_config_spc1000(machine_config&, device_t*) (spc1000.c:311)
==13823==    by 0x1AA9E8A: machine_config::machine_config(game_driver const&, emu_options&) (mconfig.c:68)
==13823==    by 0x1AA2240: mame_execute(emu_options&, osd_interface&) (mame.c:179)
==13823==    by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255)
==13823==    by 0x13154D8: main (sdlmain.c:371) 
User avatar
No.09290
Firewave
Senior Tester
Jan 28, 2013, 02:00
I debugged alice and it seems, that the m_ram_base is not initialized when read in mc10_state::mc10_mc6847_videoram_r.
User avatar
No.09311
Bletch
Developer
Feb 8, 2013, 00:49
Unfortunately it isn't obvious to me what the problem is. I'm on Win32, so I cannot Valgrind this myself.
User avatar
No.09419
Firewave
Senior Tester
Mar 9, 2013, 09:39
Fixed in r21763