Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07526 Crash/Freeze Critical (emulator) Always Dec 21, 2019, 08:32 5 days ago
Tester drencorxeen View Status Public Platform MAME (Official Binary)
Assigned To kkaempf Resolution Fixed OS Windows 10 (64-bit)
Status [?] Resolved Driver coco3.cpp
Version 0.216 Fixed in Version 0.222 Build 64-bit
Summary MESS-specific 07526: MAME exits without error or with error when trying to format a HxC .HFE image
Description When creating a new HxC .hfe image and then formatting it MAME will exit without any error at times or other times will exit with a error message that double stepping not supported.
Steps To Reproduce .\mame64.exe coco3h -flop1 63emu.dsk -harddisk1 63sdc.vhd

type:
DOS
at basic prompt and hit ENTER

After NitrOS-9 L2 loads press SCROLL LOCK and go into file menu and go to floppydisk 2 and create a new image and select a name like: test.hfe
then choose SD HxC emulator .hfe format
Exit MAME menu and return to the emulated system

at NitrOS-9 L2 prompt type:
format20 /d1 R "Tester"
and then hit ENTER

After the format finishes MAME exits without error or exits with a error message with double stepping not supported.
Additional Information Floppy drive types that have been known to be used on the real Tandy Color Computer 3 is as follows:
5.25" Double sided Double Density
5.25" Double Sided Quad Density
3.5" Double Sided Double Density
3.5" High Density with 26-3022 or 26-3029 floppy controllers with HD mod to enable 8" mode.
(mod information can be found here for the 26-3029: http://www.doki-doki.net/~lamune/computers/coco/hd-floppy/ )
Flags
Regression Version
Affected Sets / Systems
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
12
User avatar
No.17288
drencorxeen
Tester
Dec 21, 2019, 08:35
The disk images used in this problem report can be found here:

http://pacootaktay.com/6309EOUBETA4.7z
User avatar
No.17300
Tafoid
Administrator
Dec 26, 2019, 22:55
Only seems to crash out when you create and try to use it without selecting RESET (restarts system much like SHIFT+F3 would) with your image created
That said, if I followed your instructions, all I see is "----------------------------------------". A debug or full symbols build may yield better info.
User avatar
No.17331
drencorxeen
Tester
Jan 8, 2020, 20:11
Tafoid,
I tried what you suggested and yeah MAME doesn't crash, but still shouldn't be required to reset the emulator to create new disk images.

Also I was going to try to convert the HFE file to a format that I can use with the CoCo and the HxC tools say the "Load error! Read file error!"
From what I was told by the peeps at HxC they say that means the HFE file is not a proper HFE file.

So the code for the HFE format may need to be looked at for valid header information.
User avatar
No.17332
drencorxeen
Tester
Jan 8, 2020, 20:36
The HxC software I am using is:
https://hxc2001.com/download/floppy_drive_emulator/HxCFloppyEmulator_soft.zip
User avatar
No.17397
drencorxeen
Tester
Feb 10, 2020, 13:44
I finally got around to building the debug version of MAME. This was done with the current development branch. Here is the output:
-----------------------------------------------------
Exception at EIP=000000000705c2c2 (not found): ACCESS VIOLATION
While attempting to write memory at 0000000022f50020
-----------------------------------------------------
RAX=0000000000019800 RBX=00000000000007d0 RCX=00000000000020d0 RDX=0000000000019801
RSI=00000000000000aa RDI=00000000021f7500 RBP=0000000022712f78 RSP=00000000129586f0
 R8=00000000021f7500 R9=00000000226e49d0 R10=0000000022f36820 R11=0000000000000000
R12=0000000000000000 R13=000000000000b969 R14=000000002260bf10 R15=0000000000019800
-----------------------------------------------------
Stack crawl:
  0000000012958770: 000000000705c2c2 (not found)
  0000000012958ee0: 000000000705c794 (not found)
  0000000012958fa0: 00000000061ef1f3 (not found)
  0000000012959000: 00000000061f43dd (not found)
  0000000012959080: 00000000052cb6b6 (not found)
  00000000129590d0: 00000000052cb9f9 (not found)
  0000000012959110: 000000000952aeab (not found)
  0000000012959150: 0000000008cb34f8 (not found)
  00000000129591e0: 00000000083b4476 (not found)
  0000000012959220: 0000000005cdf958 (not found)
  0000000012959310: 0000000006fc5698 (not found)
  0000000012959400: 0000000006f7d4c8 (not found)
  000000001295f0b0: 0000000004ebda66 (not found)
  000000001295f380: 0000000004f42cbb (not found)
  000000001295f620: 0000000004f43156 (not found)
  000000001295f680: 0000000004ebb8b9 (not found)
  000000001295fe20: 000000000c190e79 (not found)
  000000001295fef0: 00000000004013b4 (not found)
  000000001295ff20: 000000000040150b (not found)
  000000001295ff50: 00007ff970fd7bd4 (BaseThreadInitThunk+0x0014)
  000000001295ffd0: 00007ff9723aced1 (RtlUserThreadStart+0x0021)
User avatar
No.17542
drencorxeen
Tester
Apr 13, 2020, 22:38
Did a update to current code base and did a fresh build with debugging on and here is the output from running MAME and trying to create a HFE disk image

PS D:\emu\mame> .\mame64d.exe coco3h

-----------------------------------------------------
Exception at EIP=00000000071c2702 (not found): ACCESS VIOLATION
While attempting to write memory at 000000002317f060
-----------------------------------------------------
RAX=0000000000018a00 RBX=00000000000007d0 RCX=000000000000063e RDX=0000000000018a01
RSI=00000000000000aa RDI=000000000069f500 RBP=0000000022943548 RSP=0000000012cb8730
 R8=000000000069f500 R9=0000000022914fa0 R10=0000000023166660 R11=0000000000000000
R12=0000000000000000 R13=000000000000b969 R14=000000002051c7c0 R15=0000000000018a00
-----------------------------------------------------
Stack crawl:
  0000000012cb87b0: 00000000071c2702 (not found)
  0000000012cb8f20: 00000000071c2bd4 (not found)
  0000000012cb8fd0: 0000000006301e7c (not found)
  0000000012cb9030: 000000000630706d (not found)
  0000000012cb90b0: 00000000053baaf6 (not found)
  0000000012cb90f0: 00000000053bae29 (not found)
  0000000012cb9130: 000000000973869b (not found)
  0000000012cb9170: 0000000008ebd3c8 (not found)
  0000000012cb9200: 0000000008596026 (not found)
  0000000012cb9240: 0000000005de2848 (not found)
  0000000012cb9330: 000000000712c378 (not found)
  0000000012cb9420: 00000000070e31c8 (not found)
  0000000012cbf0b0: 0000000004f9d756 (not found)
  0000000012cbf380: 000000000502281a (not found)
  0000000012cbf620: 0000000005022cb6 (not found)
  0000000012cbf680: 0000000004f9b5a9 (not found)
  0000000012cbfe20: 000000000c40a129 (not found)
  0000000012cbfef0: 00000000004013c4 (not found)
  0000000012cbff20: 000000000040151b (not found)
  0000000012cbff50: 00007fffe9f97bd4 (BaseThreadInitThunk+0x0014)
  0000000012cbffd0: 00007fffeb9eced1 (RtlUserThreadStart+0x0021)
PS D:\emu\mame>
User avatar
No.17543
Robbbert
Developer
Apr 14, 2020, 17:11
Those dumps are useless as is. Please add symbols.
User avatar
No.17612
kkaempf
Tester
May 7, 2020, 18:37
Hi, maybe I can help shed some light on this. I'm currently using the HFE backend and it reproducably crashes with a SEGV when exiting mame64 after writing to an HFE image.

Digging deeper I can now pinpoint the problem to line 683 in src/lib/formats/hxchfe_dsk.cpp

Adding a printf at this line shows that the 'offset' array index grows without bounds and even wraps around to negative.
User avatar
No.17613
kkaempf
Tester
May 7, 2020, 19:24
The problem is https://github.com/mamedev/mame/blob/140ba5147df230751a87a62374eba8880f5d3dbe/src/lib/formats/hxchfe_dsk.cpp#L626

   next = cur_pos + period + phase_adjust;

cur_pos is the track position in usec. period (for FM) is 2000, phase_adjust is +/- 3.
next is the loop index, running up to 200000000

in conjunction with https://github.com/mamedev/mame/blob/140ba5147df230751a87a62374eba8880f5d3dbe/src/lib/formats/hxchfe_dsk.cpp#L673 ff

cur_pos = next;
if(cur_pos >= 200000000) {
cur_pos -= 200000000;
cur_entry = 0;
}

This translates to: if the loop index (next) is at the end of the loop, reset it to the beginning.
=> endless loop
User avatar
No.17614
kkaempf
Tester
May 7, 2020, 20:27
Applying this diff to hxchfe_dsk.cpp fixes the problem for me, resulting in a successful write. I'm going to create a respective pull request.

diff --git a/src/lib/formats/hxchfe_dsk.cpp b/src/lib/formats/hxchfe_dsk.cpp
index 3fa42793a0..8e51af8a82 100644
--- a/src/lib/formats/hxchfe_dsk.cpp
+++ b/src/lib/formats/hxchfe_dsk.cpp
@@ -615,7 +615,6 @@ void hfe_format::generate_hfe_bitstream_from_track(int cyl, int head, int& sampl
  // Start of track? Use next entry.
  if (edge==0)
  {
- cur_pos = 0;
  edge = tbuf[++cur_entry] & floppy_image::TIME_MASK;
  }
 
@@ -671,10 +670,6 @@ void hfe_format::generate_hfe_bitstream_from_track(int cyl, int head, int& sampl
  }
 
  cur_pos = next;
- if(cur_pos >= 200000000) {
- cur_pos -= 200000000;
- cur_entry = 0;
- }
 
  bit = (bit << 1) & 0xff;
  if (bit == 0)
User avatar
No.17615
kkaempf
Tester
May 7, 2020, 20:36
https://github.com/mamedev/mame/pull/6661 submitted
User avatar
No.17799
Fujix
Administrator
5 days ago
Fixed in 0.222 by Klaus Kaempf.