| ID | Category [?] | Severity [?] | Reproducibility | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 05131 | Misc. | Minor | Always | Jan 26, 2013, 11:37 | May 24, 2013, 06:17 |
| Tester | Firewave | View Status | Public | Platform | |
| Assigned To | Resolution | Fixed | OS | ||
| Status [?] | Resolved | Driver | |||
| Version | 0.148 | Fixed in Version | 0.149 | Build | Debug |
| Fixed in Git Commit | Github Pull Request # | ||||
| Summary |
 05131: gen32, gen32_41, gen32_oc, lond020, lond030, lyon16, lyon32, van16, van32: Invalid read of size 4 |
||||
| Description |
==65493== Command: /home/notroot/trunk/mess64d gen32 -artpath /home/notroot/trunk/artwork -video none -nosound -nothrottle -nodebug -nomouse -window -seconds_to_run 2 -rompath /media/roms/mess;/media/roms/mess_software -hashpath /home/notroot/trunk/hash ... ==65493== Invalid read of size 4 ==65493== at 0x93E21E: mboard_state::read_board() (mboard.c:110) ==65493== by 0x93E4BD: mboard_state::mboard_read_board_32(address_space&, unsigned int, unsigned int) (mboard.c:199) ==65493== by 0x19DCA06: delegate_base<unsigned int, address_space&, unsigned int, unsigned int, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned int) const (delegate.h:542) ==65493== by 0x1ABCA9A: handler_entry_read::read32(address_space&, unsigned int, unsigned int) const (memory.c:395) ==65493== by 0x1AE0C37: address_space_specific<unsigned int, (endianness_t)1, true>::read_native(unsigned int, unsigned int) (memory.c:1061) ==65493== by 0x1AD542C: unsigned char address_space_specific<unsigned int, (endianness_t)1, true>::read_direct<unsigned char, true>(unsigned int, unsigned char) (memory.c:1157) ==65493== by 0x1ACBE5C: address_space_specific<unsigned int, (endianness_t)1, true>::read_byte(unsigned int) (memory.c:1389) ==65493== by 0x170DC1C: m68k_memory_interface::read_byte_32_mmu(unsigned int) (m68kcpu.c:1461) ==65493== by 0x4F8491: delegate_base<unsigned char, unsigned int, _noparam, _noparam, _noparam, _noparam>::operator()(unsigned int) const (delegate.h:540) ==65493== by 0x171B192: m68ki_read_8_fc(_m68ki_cpu_core*, unsigned int, unsigned int) (m68kcpu.h:1073) ==65493== by 0x171B757: OPER_AY_AI_8(_m68ki_cpu_core*) (m68kcpu.h:1273) ==65493== by 0x174F109: _m68ki_cpu_core::m68k_op_move_8_d_ai(_m68ki_cpu_core*) (m68kops.c:15818) ==65493== by 0x170B42D: cpu_execute_m68k(legacy_cpu_device*) (m68kcpu.c:809) ==65493== by 0x19DE15F: legacy_cpu_device::execute_run() (devcpu.c:260) ==65493== by 0x1B0B9D8: device_execute_interface::run() (diexec.h:214) ==65493== by 0x1B0A6BD: device_scheduler::timeslice() (schedule.c:488) ==65493== by 0x1AA49B0: running_machine::run(bool) (machine.c:393) ==65493== by 0x1AA22B3: mame_execute(emu_options&, osd_interface&) (mame.c:190) ==65493== by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255) ==65493== by 0x13154D8: main (sdlmain.c:371) ==65493== Address 0x10be1024 is 100 bytes inside a block of size 104 free'd ==65493== at 0x632F739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==65493== by 0x1F162F3: osd_free (sdlos_unix.c:115) ==65493== by 0x1A1AB7A: free_file_line(void*, char const*, int) (emualloc.c:216) ==65493== by 0x19D122E: tagmap_t<unsigned long long, 53>::remove_common(tagmap_t<unsigned long long, 53>::entry_t**) (emualloc.h:131) ==65493== by 0x19D0E75: tagmap_t<unsigned long long, 53>::reset() (tagmap.h:127) ==65493== by 0x19D0A3F: tagmap_t<unsigned long long, 53>::~tagmap_t() (tagmap.h:111) ==65493== by 0x1B4F28B: validity_checker::validate_devices() (validity.c:1132) ==65493== by 0x1B4BEE8: validity_checker::validate_one(game_driver const&) (validity.c:299) ==65493== by 0x1B4BAEB: validity_checker::check_shared_source(game_driver const&) (validity.c:201) ==65493== by 0x1AA2211: mame_execute(emu_options&, osd_interface&) (mame.c:175) ==65493== by 0x19C94F4: cli_frontend::execute(int, char**) (clifront.c:255) ==65493== by 0x13154D8: main (sdlmain.c:371) |
||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Github Commit | |||||
| Flags | |||||
| Regression Version | |||||
| Affected Sets / Systems | gen32, gen32_41, gen32_oc, lond020, lond030, lyon16, lyon32, van16, van32 | ||||
|
Attached Files
|
|||||
 No.09278
Firewave Senior Tester
Jan 26, 2013, 11:38
edited on: Jan 28, 2013, 02:25
|
The code in question:#define IsPiece(x) ((m_board[x] >=1) && (m_board[x] <=12)) for ( i_AH = 0; i_AH < 8; i_AH = i_AH + 1) if (IsPiece(64-(i_18*8 + 8-i_AH))) data &= ~(1 << i_AH); // clear bit i_18 is 99 and the index it uses is -736 |
|---|---|
|
No.09532
Firewave Senior Tester
May 22, 2013, 18:47
|
ASAN is also reporting this - confirming. |
|
No.09540
etabeta Developer
May 24, 2013, 06:17
|
From what I can understand (based on the code), these drivers feed the board reading handlers with a mask of 0xff, which is treated as invalid by our emulation code (at least one bit should always be 0 to denote which line of the chess board is being read) I've fixed the reported issue by printing an error when the invalid mask is used instead of entering the code which expects i_18 in the 0-7 range. Technically this fixes the reported bug, but I'd be glad if any other dev with more experience with these chess machines could debug a bit the systems to understand why the board is read differently... |