Viewing Issue Advanced Details
Jump to Notes ]
konami/konamigx.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07318 Crash/Freeze Critical (emulator) Always May 4, 2019, 14:01 Mar 27, 2022, 16:37
Tester Robbbert View Status Public Platform MAME (Self-compiled)
Assigned To galibert Resolution Fixed OS Windows Vista/7/8 (64-bit)
Status [?] Resolved Driver
konami/konamigx.cpp
Version 0.209 Fixed in Version 0.227 Build 32-bit
Fixed in Git Commit 1e4d229 Github Pull Request #
Summary 07318: racinfrc, racinfrcu: crashes in attract mode after a while
Description crashes in attract mode after a while
Steps To Reproduce Start machine.
Let it enter the attract mode, after a while the screen starts flashing, 2 cars come past, then it crashes.
Additional Information Marked as non working, but crashes always get logged.

Tracked as far back as 0.170.

0.165 and earlier failed the rom test and kept rebooting instead, but no crash.

Something changed between 0.165 and 0.170
Github Commit
Flags
Regression Version
Affected Sets / Systems racinfrc, racinfrcu
Attached Files
  
Relationships
There are no relationship linked to this issue.
Notes
4
User avatar
No.16423
Robbbert
Senior Tester
May 4, 2019, 14:06
C:\MAME>mame racinfrc

-----------------------------------------------------
Exception at EIP=0635777c (void k053247_device::k053247_draw_single_sprite_gxcore<bitmap_rgb32>(bitmap_rgb32&, rectangle const&, unsigned char
*, unsigned char*, int, unsigned short*, int, int, int, int, int, int, int, int, unsigned char*, unsigned char*, int)+0x008c): ACCESS VIOLATIO
N
While attempting to read memory at 33fc7aa6
-----------------------------------------------------
EAX=0c01ffff EBX=00000001 ECX=1803fffe EDX=00000000
ESI=1bf87aa8 EDI=110e67c8 EBP=0028bb18 ESP=0028ba40
-----------------------------------------------------
Stack crawl:
  0028bb18: 0635777c (void k053247_device::k053247_draw_single_sprite_gxcore<bitmap_rgb32>(bitmap_rgb32&, rectangle const&, unsigned char*, un
signed char*, int, unsigned short*, int, int, int, int, int, int, int, int, unsigned char*, unsigned char*, int)+0x008c)
  0028c438: 00dd6b92 (konamigx_state::konamigx_mixer(screen_device&, bitmap_rgb32&, rectangle const&, tilemap_t*, int, tilemap_t*, int, int, b
itmap_ind16*, int) [clone .constprop.66]+0x0e82)
  0028c4a8: 00dd73cb (konamigx_state::screen_update_konamigx(screen_device&, bitmap_rgb32&, rectangle const&)+0x014b)
  0028c4d8: 051bafca (screen_device::update_partial(int)+0x016a)
  0028c538: 051de520 (video_manager::finish_screen_updates()+0x0060)
  0028c598: 051e0af4 (video_manager::frame_update(bool)+0x0104)
  0028c5d8: 051b78c5 (screen_device::vblank_end()+0x00e5)
  0028c628: 051bbad5 (screen_device::device_timer(emu_timer&, unsigned int, int, void*)+0x0375)
  0028c6a8: 051b3800 (device_scheduler::timeslice()+0x0610)
  0028c738: 0516e36a (running_machine::run(bool)+0x01ea)
  0028f6e8: 03656ead (mame_machine_manager::execute()+0x01cd)
  0028f858: 036c1804 (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>
, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x0454)
  0028fa88: 036c1c19 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::
allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0039)
  0028fab8: 03654e1d (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_trait
s<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002d)
  0028feb8: 09416cea (main+0x012a)
  0028ff88: 004013e2 (__tmainCRTStartup+0x0272)
  0028ff94: 7596336a (BaseThreadInitThunk+0x0012)
  0028ffd4: 774f98f2 (RtlInitializeExceptionChain+0x0063)
  0028ffec: 774f98c5 (RtlInitializeExceptionChain+0x0036)
User avatar
No.17361
Firewave
Senior Tester
Jan 14, 2020, 22:21
 Testing with 0.217 it immediately errors out:
=================================================================
==5472==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x46d60800 at pc 0x00a82fad bp 0x164faa14 sp 0x164faa08
WRITE of size 768 at 0x46d60800 thread T0
==5472==WARNING: Failed to use and restart external symbolizer!
    #0 0xa82fc7 in __asan_wrap_memset D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:773
    #1 0x17fb43b in konamigx_state::wipezbuf s:\dev\mame0217\src\mame\video\konamigx.cpp:244
    #2 0x17f68e8 in konamigx_state::konamigx_mixer s:\dev\mame0217\src\mame\video\konamigx.cpp:364
    #3 0x17f92f0 in konamigx_state::screen_update_konamigx s:\dev\mame0217\src\mame\video\konamigx.cpp:1450
    #4 0x1520128 in delegate_mfp::method_stub<viper_state,unsigned char,address_space &,unsigned int,unsigned char> s:\dev\mame0217\src\lib\util\delegate.h:253
    #5 0x5ad9e5f in screen_device::update_partial s:\dev\mame0217\src\emu\screen.cpp:1246
    #6 0x5f6765b in video_manager::finish_screen_updates s:\dev\mame0217\src\emu\video.cpp:853
    #7 0x5f67d7d in video_manager::frame_update s:\dev\mame0217\src\emu\video.cpp:217
    #8 0x5ada80c in screen_device::vblank_end s:\dev\mame0217\src\emu\screen.cpp:1692
    #9 0x5ad2983 in screen_device::device_timer s:\dev\mame0217\src\emu\screen.cpp:964
    #10 0x5dc86dd in emu_timer::device_timer_expired s:\dev\mame0217\src\emu\schedule.cpp:317
    #11 0x5dc8d7c in device_scheduler::execute_timers s:\dev\mame0217\src\emu\schedule.cpp:907
    #12 0x5dcbdfe in device_scheduler::timeslice s:\dev\mame0217\src\emu\schedule.cpp:544
    #13 0x5dda220 in running_machine::run s:\dev\mame0217\src\emu\machine.cpp:372
    #14 0x6c7b15c in mame_machine_manager::execute+0x52c (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9b15c)
    #15 0x6c9d54a in cli_frontend::start_execution+0x56a (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6ebd54a)
    #16 0x6c952d4 in cli_frontend::execute+0x174 (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6eb52d4)
    #17 0x6c7c0b9 in emulator_info::start_frontend+0x59 (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9c0b9)
    #18 0x9f46a2e in main s:\dev\mame0217\src\osd\windows\winmain.cpp:323
    #19 0x9cea0bd in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #20 0x77016358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #21 0x77377b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #22 0x77377b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

0x46d60800 is located 0 bytes to the right of 258048-byte region [0x46d21800,0x46d60800)
allocated by thread T0 here:
    #0 0xa9326d in operator new[] D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_new_delete.cc:102
    #1 0x17f7c08 in konamigx_state::konamigx_mixer_init s:\dev\mame0217\src\mame\video\konamigx.cpp:288
    #2 0x17f562d in konamigx_state::common_init s:\dev\mame0217\src\mame\video\konamigx.cpp:1093
    #3 0x17fafad in konamigx_state::video_start_racinfrc s:\dev\mame0217\src\mame\video\konamigx.cpp:1329
    #4 0x152cc2f in delegate_mfp::method_stub<wecleman_state,void> s:\dev\mame0217\src\lib\util\delegate.h:253
    #5 0x5a2df83 in driver_device::device_start s:\dev\mame0217\src\emu\driver.cpp:242
    #6 0x5a2a81d in device_t::start s:\dev\mame0217\src\emu\device.cpp:551
    #7 0x5ddbe23 in running_machine::start_all_devices s:\dev\mame0217\src\emu\machine.cpp:1054
    #8 0x5ddb821 in running_machine::start s:\dev\mame0217\src\emu\machine.cpp:262
    #9 0x5dda092 in running_machine::run s:\dev\mame0217\src\emu\machine.cpp:324
    #10 0x6c7b15c in mame_machine_manager::execute+0x52c (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9b15c)
    #11 0x6c9d54a in cli_frontend::start_execution+0x56a (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6ebd54a)
    #12 0x6c952d4 in cli_frontend::execute+0x174 (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6eb52d4)
    #13 0x6c7c0b9 in emulator_info::start_frontend+0x59 (S:\dev\mame0217\build\projects\windows\mame\vs2019\..\..\..\..\..\mame.exe+0x6e9c0b9)
    #14 0x9f46a2e in main s:\dev\mame0217\src\osd\windows\winmain.cpp:323
    #15 0x9cea0bd in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #16 0x77016358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #17 0x77377b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #18 0x77377b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

SUMMARY: AddressSanitizer: heap-buffer-overflow D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:773 in __asan_wrap_memset
Shadow bytes around the buggy address:
  0x38dac0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x38dac0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x38dac0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x38dac0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x38dac0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x38dac100:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x38dac110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x38dac120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x38dac130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x38dac140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x38dac150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==5472==ABORTING

It's also marked MACHINE_NOT_WORKING.
User avatar
No.18309
Hydreigon
Tester
Jan 1, 2021, 01:45
edited on: Jan 1, 2021, 01:45
 Well this issue is almost fixed thanks as of this commit (at least from my attempts of running racinfrc throttled for around ~5 mins): https://git.redump.net/mame/commit/?id=1e4d229d987a105d2bdb3efdea6355d3a5cf9f10 . What's left is a crash in the mask rom test after testing four sprite roms as bad.
User avatar
No.19948
Robbbert
Senior Tester
Mar 26, 2022, 18:54
 Doesn't happen any more