Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07377 Crash/Freeze Critical (emulator) Always Jul 15, 2019, 07:07 Jul 20, 2019, 12:07
Tester AmatCoder View Status Public Platform MAME (Self-compiled)
Assigned To AmatCoder Resolution Fixed OS Linux (64-bit)
Status [?] Resolved Driver
Version 0.211 Fixed in Version 0.212 Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 07377: Crash/Segfault when removing some slot options
Description MAME leads a segfault when removing one slot option (leaving it empty) which device type are the same and there are more then one.

Example: cpc6128 machine has two floppy slot devices ('upd765:0' & 'upd765:1' with default options '3ssdd' & '35ssdd')
Steps To Reproduce Run: 'mame cpc6128'
Menu -> Slot Devices -> upd765:1 -> Change from '35ssdd' to '----' -> Reset -> Segmentation fault
Additional Information With debug build an assert is raised:
mame64d: ../../../../../src/emu/emuopts.cpp:1044: image_option& emu_options::image_option(const string&): Assertion `iter != m_image_options.end() && "Attempt to access non-existent image option"' failed.
Aborted (core dumped)
Github Commit
Flags
Regression Version 0.188
Affected Sets / Systems
Attached Files
 
Relationships
related to 06654ResolvedAmatCoder  c64: In some cases, changing slots and choosing RESET crashes MAME 
related to 06655ResolvedAmatCoder  cgenie, coco3: Unloading and big changes in interface slots can cause CRASH 
Notes
4
User avatar
No.16658
AmatCoder
Tester
Jul 15, 2019, 07:34
Problem seems to be that device image names are updated when removing one option.
Then the other device that remains goes from 'floppydisk1' to 'floppydisk' (without number) but image_option still trying to access to 'floppydisk1'.
User avatar
No.16665
Robbbert
Senior Tester
Jul 16, 2019, 09:41
edited on: Jul 16, 2019, 09:42
Dump from mame.exe (32-bit):

-----------------------------------------------------
Exception at EIP=052c79d3 (emu_options::image_option(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0
x0063): ACCESS VIOLATION
While attempting to read memory at 0000001c
-----------------------------------------------------
EAX=00000000 EBX=0028fb3c ECX=0000333e EDX=00000004
ESI=0000000b EDI=199f4404 EBP=0028c318 ESP=0028c2e0
-----------------------------------------------------
Stack crawl:
  0028c318: 052c79d3 (emu_options::image_option(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x0063
)
  0028c638: 052e05ae (image_manager::options_extract()+0x08ee)
  0028c658: 052e0cb1 (image_manager::unload_all()+0x0011)
  0028c6e8: 0530c56c (running_machine::run(bool)+0x02ec)
  0028f6e8: 0375a69d (mame_machine_manager::execute()+0x01cd)
  0028f858: 037c4174 (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>
, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x0454)
  0028fa88: 037c4589 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::
allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0039)
  0028fab8: 0375860d (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_trait
s<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002d)
  0028feb8: 095f508a (main+0x012a)
  0028ff88: 004013e2 (__tmainCRTStartup+0x0272)
  0028ff94: 7575336a (BaseThreadInitThunk+0x0012)
  0028ffd4: 76ed98f2 (RtlInitializeExceptionChain+0x0063)
  0028ffec: 76ed98c5 (RtlInitializeExceptionChain+0x0036)

Crash doesn't happen in my mess build (been patched long ago), so it's related to other similar crashes. Relationships added.
User avatar
No.16668
AmatCoder
Tester
Jul 16, 2019, 16:18
I have created a pull request for this issue (and others): https://github.com/mamedev/mame/pull/5352

It just fix the segfault avoiding to access to no-existent image option.
Obviously, this does not fix the underlying problem (option names being changed) as discussed here: https://github.com/mamedev/mame/pull/2555
User avatar
No.16677
Robbbert
Senior Tester
Jul 20, 2019, 12:07
https://github.com/mamedev/mame/commit/a14ec2ca5c5613e032159ee1c854a99e19a8e7d7