Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07538 Misc. Critical (emulator) Always Jan 7, 2020, 17:07 Jun 23, 2021, 21:37
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Windows 10 (64-bit)
Status [?] Resolved Driver
Version 0.217 Fixed in Version Build 32-bit
Fixed in Git Commit Github Pull Request #
Summary 07538: all sets using Y8950: AddressSanitizer: new-delete-type-mismatch
Description
=================================================================
==26244==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x21500100 in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   6016 bytes;
  size of the deallocated type: 5888 bytes.
    #0 0x1383189 in operator delete D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_new_delete.cc:172
    #1 0x940ac72 in y8950_shutdown+0xa2 (s:\dev\mame0217\mame.exe+0x8d3ac72)
    #2 0x8ca2a1f in y8950_device::device_stop+0x3f (s:\dev\mame0217\mame.exe+0x85d2a1f)
    #3 0x62ff51e in device_t::stop+0xde (s:\dev\mame0217\mame.exe+0x5c2f51e)
    #4 0x66adc0c in running_machine::stop_all_devices+0x23c (s:\dev\mame0217\mame.exe+0x5fddc0c)
    #5 0x14008cf in delegate_mfp::method_stub<std::function<void __cdecl(void)>,void>+0x3f (s:\dev\mame0217\mame.exe+0xd308cf)
    #6 0x66a7971 in running_machine::call_notifiers+0xe1 (s:\dev\mame0217\mame.exe+0x5fd7971)
    #7 0x66abefe in running_machine::run+0x56e (s:\dev\mame0217\mame.exe+0x5fdbefe)
    #8 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #9 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #10 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #11 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #12 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #13 0xa598c9a in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #14 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #15 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #16 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

0x21500100 is located 0 bytes inside of 6016-byte region [0x21500100,0x21501880)
allocated by thread T0 here:
    #0 0x1382e7d in operator new D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_new_delete.cc:99
    #1 0x9405da9 in delegate_base<void>::late_bind_helper<`anonymous namespace'::FM_OPL>+0xa09 (s:\dev\mame0217\mame.exe+0x8d35da9)
    #2 0x940a6d9 in y8950_init+0x19 (s:\dev\mame0217\mame.exe+0x8d3a6d9)
    #3 0x8ca28bd in y8950_device::device_start+0x6d (s:\dev\mame0217\mame.exe+0x85d28bd)
    #4 0x62ff127 in device_t::start+0x97 (s:\dev\mame0217\mame.exe+0x5c2f127)
    #5 0x66ad879 in running_machine::start_all_devices+0x489 (s:\dev\mame0217\mame.exe+0x5fdd879)
    #6 0x66ad287 in running_machine::start+0x807 (s:\dev\mame0217\mame.exe+0x5fdd287)
    #7 0x66abb05 in running_machine::run+0x175 (s:\dev\mame0217\mame.exe+0x5fdbb05)
    #8 0x75392fc in mame_machine_manager::execute+0x52c (s:\dev\mame0217\mame.exe+0x6e692fc)
    #9 0x755b36a in cli_frontend::start_execution+0x56a (s:\dev\mame0217\mame.exe+0x6e8b36a)
    #10 0x7553104 in cli_frontend::execute+0x174 (s:\dev\mame0217\mame.exe+0x6e83104)
    #11 0x753a259 in emulator_info::start_frontend+0x59 (s:\dev\mame0217\mame.exe+0x6e6a259)
    #12 0xa7f25be in main+0x43e (s:\dev\mame0217\mame.exe+0xa1225be)
    #13 0xa598c9a in __scrt_common_main_seh d:\agent\_work\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #14 0x75d36358 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #15 0x779f7b73 in RtlGetAppContainerNamedObjectPath+0xe3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b73)
    #16 0x779f7b43 in RtlGetAppContainerNamedObjectPath+0xb3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7b43)

SUMMARY: AddressSanitizer: new-delete-type-mismatch D:\agent\_work\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_new_delete.cc:172 in operator delete
==26244==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==26244==ABORTING
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems all sets using Y8950
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
2
User avatar
No.17324
Firewave
Senior Tester
Jan 7, 2020, 17:08
The problem lies in FM_OPL::Create() which allocates a bigger amount of memory than is actually used for the object which is deleted in y8950_shutdown().
User avatar
No.19026
aaron
Developer
Jun 23, 2021, 21:37
Code has since been completely rewritten. I don't think this is a valid issue anymore.