Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07576 Crash/Freeze Critical (emulator) Random Feb 27, 2020, 18:29 22 days ago
Tester Kale View Status Public Platform MAME (Official Binary)
Assigned To hap Resolution Fixed OS Windows 10 (64-bit)
Status [?] Resolved Driver
Version 0.218 Fixed in Version 0.250 Build 64-bit
Fixed in Git Commit 2e5a0c1 Github Pull Request #
Summary 07576: desertdn, zaryavos, dockman, suprmous. possibly all games in the driver: Accessing debug tilemap viewer crashes MAME
Description Trying to access the tilemap viewer in F4 menu causes a crash in MAME.
Steps To Reproduce Boot the game, press F4, press enter twice.
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems desertdn, zaryavos, dockman, suprmous. possibly all games in the driver
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
16
User avatar
No.17429
Tafoid
Administrator
Feb 27, 2020, 19:24
Unable to duplicate locally with mamedev.org 0.218 (64bit) as well as a self-compiled DEBUG=1 binary as well. Tested all machines explicitly stated above.
Same results in current Git sources.
User avatar
No.17430
Robbbert
Senior Tester
Feb 27, 2020, 22:34
No crash here with current git.
User avatar
No.17431
Osso
Moderator
Feb 28, 2020, 06:54
edited on: Feb 28, 2020, 06:58
The first time I tried with 0.218 it didn't happen, but then I had it happen randomly.
User avatar
No.17433
Kale
Developer
Feb 28, 2020, 14:08
Tried on another machine with bleeding edge compile, it truly seems random and happening with -video bgfx -bgfx_backend d3d11.
Changing any of these options then flip them back seems to be relevant, guess I'm gonna SYMBOL-ize it and see what's the culprit.
User avatar
No.17434
Kale
Developer
Feb 28, 2020, 14:29
edited on: Feb 28, 2020, 14:30
-----------------------------------------------------
Exception at EIP=000000000089c5ec (tilemap_t::get_info_debug(unsigned int, unsig
ned int, unsigned char&, unsigned int&, unsigned int&)+0x006c): INTEGER DIVIDE B
Y ZERO
-----------------------------------------------------
RAX=00000000fb3b1c20 RBX=00000000125077c0 RCX=0000000000000000 RDX=0000000000000
000
RSI=0000000000238b30 RDI=0000000004cf1670 RBP=0000000000238e60 RSP=0000000000238
940
 R8=0000000012507908  R9=0000000000000000 R10=0000000000000001 R11=0000000000000
002
R12=0000000000238c70 R13=0000000004c4e220 R14=0000000000238ce0 R15=0000000004b80
560
-----------------------------------------------------
Stack crawl:
  0000000000238980: 000000000089c5ec (tilemap_t::get_info_debug(unsigned int, un
signed int, unsigned char&, unsigned int&, unsigned int&)+0x006c)
  00000000002390c0: 0000000000551d4b (tilemap_handler(mame_ui_manager&, render_c
ontainer&, ui_gfx_state&) [clone .constprop.136]+0x12cb)
  0000000000239100: 0000000000553a6e (ui_gfx_ui_handler(render_container&, mame_
ui_manager&, bool)+0x009e)
  00000000002391f0: 00000000005376a8 (mame_ui_manager::update_and_render(render_
container&)+0x0168)
  0000000000239270: 00000000008bf585 (video_manager::frame_update(bool)+0x0035)
  00000000002393e0: 0000000000839814 (running_machine::run(bool)+0x02c4)
  000000000023f090: 00000000004f8550 (mame_machine_manager::execute()+0x01e0)
  000000000023f350: 0000000000570367 (cli_frontend::start_execution(mame_machine
_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::cha
r_traits<char>, std::allocator<char> > > > const&)+0x01b7)
  000000000023f640: 0000000000570696 (cli_frontend::execute(std::vector<std::__c
xx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::al
locator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<
char> > > >&)+0x0056)
  000000000023f6a0: 00000000004f6307 (emulator_info::start_frontend(emu_options&
, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<
char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, s
td::char_traits<char>, std::allocator<char> > > >&)+0x0027)
  000000000023fe50: 0000000001e9ba57 (main+0x0187)
  000000000023ff20: 00000000004013a5 (__tmainCRTStartup+0x0225)
  000000000023ff50: 000000000040150b (mainCRTStartup+0x001b)
  000000000023ff80: 00007ffc7c7813d2 (BaseThreadInitThunk+0x0022)
  000000000023ffd0: 00007ffc7d3e54f4 (RtlUserThreadStart+0x0034)
Something that doesn't get initialized properly my guess, it also helped to reboot the host machine (?).
User avatar
No.17435
Kale
Developer
Feb 28, 2020, 14:52
Looked at the code: there's a m_graphics_bank variable that is:
1. used only by intrepid;
2. updated in screen_update_desertdan cheaply and on-the-fly (wtf);
Additionally the solid_get_tile_info fn accesses stuff most likely unsafe: you can achieve the same thing by just pre-caching in a specific gfx region instead.
User avatar
No.20108
Robbbert
Senior Tester
Apr 28, 2022, 12:58
Seems to be working now.
User avatar
No.20120
Tafoid
Administrator
Apr 28, 2022, 21:53
I tested machine dockman and I get crashing when I run with full screen default d3d render as described above. With -window it doesn't crash all the time, but it did crash in one attempt for me.

With Debug, I dependably obtain an assert:
Assertion failed: index < MAX_GFX_ELEMENTS, file R:/mame242/src/emu/digfx.h, line 175
User avatar
No.20125
Robbbert
Senior Tester
Apr 29, 2022, 06:18
Completely unable to replicate this. Sorry about that.
User avatar
No.20798
Firewave
Senior Tester
26 days ago
Using 0.249 on Linux shows the following when opening the tilemap viewer:
/mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:83: runtime error: reference binding to null pointer of type 'unsigned char'
    #0 0x7f74fa7e2617 in unsigned char& bitmap_t::pixt<unsigned char>(int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:76
    #1 0x7f7521cdf23f in bitmap_specific<unsigned char>::pix(int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:231:52
    #2 0x7f751fae44b1 in void tilemap_t::draw_instance<bitmap_rgb32>(screen_device&, bitmap_rgb32&, tilemap_t::blit_parameters const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1185:43
    #3 0x7f751fad8c1b in tilemap_t::draw_debug(screen_device&, bitmap_rgb32&, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1543:4
    #4 0x7f75183cdae2 in update_tilemap_bitmap /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1436:12
    #5 0x7f75183cdae2 in (anonymous namespace)::gfx_viewer::handle_tilemap(mame_ui_manager&, render_container&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1355:2
    #6 0x7f75183c09ce in handle /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:82:13
    #7 0x7f75183c09ce in ui_gfx_ui_handler(render_container&, mame_ui_manager&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1505:69
    #8 0x7f7518037215 in mame_ui_manager::handler_ingame(render_container&)::$_4::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:1314:14
    #9 0x7f751803865f in util::detail::delegate_base<delegate_late_bind, unsigned int, render_container&>::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #10 0x7f75180257a3 in mame_ui_manager::update_and_render(render_container&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:671:20
    #11 0x7f75179e6cf3 in emulator_info::draw_user_interface(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:465:41
    #12 0x7f751fb5a865 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:218:2
    #13 0x7f751f8d1f4d in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:332:14
    #14 0x7f75179e1adf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #15 0x7f7518d98e56 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #16 0x7f7518d9c99f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #17 0x7f75179e68bf in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #18 0x7f751fbc7f7b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #19 0x7f74d2909209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f74d29092bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #21 0x7f74f9558a10 in _start (/mnt/s/GitHub/mame/mame+0x24d61a10) (BuildId: 0028e37e207f467d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:83 in

A bit later on it performs an out-of-bounds access:
/mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/digfx.h:175:78: runtime error: index 255 out of bounds for type 'const std::unique_ptr<gfx_element>[32]'
    #0 0x7f74f9ad635a in device_gfx_interface::gfx(unsigned char) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/digfx.h:175:78
    #1 0x7f751fad9408 in tilemap_t::get_info_debug(unsigned int, unsigned int, unsigned char&, unsigned int&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1564:48
    #2 0x7f75183cd323 in (anonymous namespace)::gfx_viewer::handle_tilemap(mame_ui_manager&, render_container&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1325:11
    #3 0x7f75183c09ce in handle /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:82:13
    #4 0x7f75183c09ce in ui_gfx_ui_handler(render_container&, mame_ui_manager&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1505:69
    #5 0x7f7518037215 in mame_ui_manager::handler_ingame(render_container&)::$_4::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:1314:14
    #6 0x7f751803865f in util::detail::delegate_base<delegate_late_bind, unsigned int, render_container&>::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #7 0x7f75180257a3 in mame_ui_manager::update_and_render(render_container&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:671:20
    #8 0x7f75179e6cf3 in emulator_info::draw_user_interface(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:465:41
    #9 0x7f751fb5a865 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:218:2
    #10 0x7f751f8d1f4d in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:332:14
    #11 0x7f75179e1adf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #12 0x7f7518d98e56 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #13 0x7f7518d9c99f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #14 0x7f75179e68bf in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #15 0x7f751fbc7f7b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #16 0x7f74d2909209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #17 0x7f74d29092bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #18 0x7f74f9558a10 in _start (/mnt/s/GitHub/mame/mame+0x24d61a10) (BuildId: 0028e37e207f467d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/digfx.h:175:78 in

==7487==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190000c1dd0 at pc 0x7f74f9ad65b6 bp 0x7fffcee0dc10 sp 0x7fffcee0dc08
READ of size 8 at 0x6190000c1dd0 thread T0
    #0 0x7f74f9ad65b5 in _M_ptr /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:191:51
    #1 0x7f74f9ad65b5 in std::unique_ptr<gfx_element, std::default_delete<gfx_element> >::get() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:462:21
    #2 0x7f74f9ad6326 in device_gfx_interface::gfx(unsigned char) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/digfx.h:175:91
    #3 0x7f751fad9408 in tilemap_t::get_info_debug(unsigned int, unsigned int, unsigned char&, unsigned int&, unsigned int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1564:48
    #4 0x7f75183cd323 in (anonymous namespace)::gfx_viewer::handle_tilemap(mame_ui_manager&, render_container&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1325:11
    #5 0x7f75183c09ce in handle /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:82:13
    #6 0x7f75183c09ce in ui_gfx_ui_handler(render_container&, mame_ui_manager&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1505:69
    #7 0x7f7518037215 in mame_ui_manager::handler_ingame(render_container&)::$_4::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:1314:14
    #8 0x7f751803865f in util::detail::delegate_base<delegate_late_bind, unsigned int, render_container&>::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #9 0x7f75180257a3 in mame_ui_manager::update_and_render(render_container&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:671:20
    #10 0x7f75179e6cf3 in emulator_info::draw_user_interface(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:465:41
    #11 0x7f751fb5a865 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:218:2
    #12 0x7f751f8d1f4d in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:332:14
    #13 0x7f75179e1adf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #14 0x7f7518d98e56 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #15 0x7f7518d9c99f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #16 0x7f75179e68bf in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #17 0x7f751fbc7f7b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #18 0x7f74d2909209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #19 0x7f74d29092bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #20 0x7f74f9558a10 in _start (/mnt/s/GitHub/mame/mame+0x24d61a10) (BuildId: 0028e37e207f467d)

0x6190000c1dd0 is located 640 bytes to the right of 976-byte region [0x6190000c1780,0x6190000c1b50)
allocated by thread T0 here:
    #0 0x7f74f96166ad in operator new(unsigned long) (/mnt/s/GitHub/mame/mame+0x24e1f6ad) (BuildId: 0028e37e207f467d)
    #1 0x7f74f961c473 in std::__detail::_MakeUniq<speaker_device>::__single_object std::make_unique<speaker_device, machine_config&, char const*&, device_t*&>(machine_config&, char const*&, device_t*&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1065:30
    #2 0x7f74f961bf1b in create<> /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.h:302:10
    #3 0x7f74f961bf1b in auto machine_config::device_add<emu::detail::device_type_impl<speaker_device> const&>(char const*, emu::detail::device_type_impl<speaker_device> const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/mconfig.h:193:20
    #4 0x7f7509666dd0 in operator()<> /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.ipp:36:46
    #5 0x7f7509666dd0 in thepit_state::thepit(machine_config&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/thepit/thepit.cpp:785:2
    #6 0x7f7509667def in thepit_state::fitter(machine_config&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/thepit/thepit.cpp:798:2
    #7 0x7f7509668920 in thepit_state::intrepid(machine_config&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/thepit/thepit.cpp:817:2
    #8 0x7f750966b756 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/thepit/thepit.cpp:1446:1
    #9 0x7f750966b756 in $_18::__invoke(machine_config&, device_t&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/thepit/thepit.cpp:1446:1
    #10 0x7f75191eb681 in driver_device::device_add_mconfig(machine_config&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/driver.cpp:180:2
    #11 0x7f751903dc84 in device_t::add_machine_configuration(machine_config&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:226:2
    #12 0x7f751f8eaab7 in machine_config::add_device(std::unique_ptr<device_t, std::default_delete<device_t> >&&, device_t*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/mconfig.cpp:324:18
    #13 0x7f75181bbf58 in auto machine_config::device_add<emu::detail::device_type_impl_base const&, int>(char const*, emu::detail::device_type_impl_base const&, int&&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/mconfig.h:196:3
    #14 0x7f751f8e781a in machine_config::machine_config(game_driver const&, emu_options&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/mconfig.cpp:51:2
    #15 0x7f75179e19e4 in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:282:18
    #16 0x7f7518d98e56 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #17 0x7f7518d9c99f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #18 0x7f75179e68bf in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #19 0x7f751fbc7f7b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #20 0x7f74d2909209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:191:51 in _M_ptr
Shadow bytes around the buggy address:
  0x0c3280010360: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
  0x0c3280010370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3280010380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3280010390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800103a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c32800103b0: fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa
  0x0c32800103c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800103d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800103e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800103f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3280010400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
User avatar
No.20803
hap
Developer
25 days ago
probably fixed here: https://github.com/mamedev/mame/commit/2e5a0c183f4bd006bb81aec7d21ade270ec84776
User avatar
No.20805
Firewave
Senior Tester
25 days ago
The ASAN error is fixed but the first UBSAN one still exists (not sure if that is actually something bad):
/mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:83: runtime error: reference binding to null pointer of type 'unsigned char'

While scrolling through the tilemaps the following occurred (also no idea yet):
/mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:141: runtime error: applying non-zero offset 18446744073709551608 to null pointer
    #0 0x7f18d87908ff in unsigned char& bitmap_t::pixt<unsigned char>(int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:183:141
    #1 0x7f18ffc8ae8f in bitmap_specific<unsigned char>::pix(int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/bitmap.h:231:52
    #2 0x7f18fda927d1 in void tilemap_t::draw_instance<bitmap_rgb32>(screen_device&, bitmap_rgb32&, tilemap_t::blit_parameters const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1185:43
    #3 0x7f18fda86e9b in tilemap_t::draw_debug(screen_device&, bitmap_rgb32&, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1543:4
    #4 0x7f18f637bdb2 in update_tilemap_bitmap /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1436:12
    #5 0x7f18f637bdb2 in (anonymous namespace)::gfx_viewer::handle_tilemap(mame_ui_manager&, render_container&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1355:2
    #6 0x7f18f636ec9e in handle /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:82:13
    #7 0x7f18f636ec9e in ui_gfx_ui_handler(render_container&, mame_ui_manager&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1505:69
    #8 0x7f18f5fe54e5 in mame_ui_manager::handler_ingame(render_container&)::$_4::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:1314:14
    #9 0x7f18f5fe692f in util::detail::delegate_base<delegate_late_bind, unsigned int, render_container&>::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #10 0x7f18f5fd3a73 in mame_ui_manager::update_and_render(render_container&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:671:20
    #11 0x7f18f5994fc3 in emulator_info::draw_user_interface(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:465:41
    #12 0x7f18fdb08b85 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:218:2
    #13 0x7f18fd88021d in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:332:14
    #14 0x7f18f598fdaf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #15 0x7f18f6d47126 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #16 0x7f18f6d4ac6f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #17 0x7f18f5994b8f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #18 0x7f18fdb7629b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #19 0x7f18b08b9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f18b08b92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #21 0x7f18d7506d10 in _start (/mnt/s/GitHub/mame/mame+0x24d5fd10) (BuildId: 8b22098d644f2f10)

../../../../../src/emu/tilemap.cpp:1263:35: runtime error: applying non-zero offset to non-null pointer 0xfffffffffffffff8 produced null pointer
    #0 0x7f18fda94bb2 in void tilemap_t::draw_instance<bitmap_rgb32>(screen_device&, bitmap_rgb32&, tilemap_t::blit_parameters const&, int, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1263:35
    #1 0x7f18fda86e9b in tilemap_t::draw_debug(screen_device&, bitmap_rgb32&, unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/tilemap.cpp:1543:4
    #2 0x7f18f637bdb2 in update_tilemap_bitmap /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1436:12
    #3 0x7f18f637bdb2 in (anonymous namespace)::gfx_viewer::handle_tilemap(mame_ui_manager&, render_container&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1355:2
    #4 0x7f18f636ec9e in handle /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:82:13
    #5 0x7f18f636ec9e in ui_gfx_ui_handler(render_container&, mame_ui_manager&, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/viewgfx.cpp:1505:69
    #6 0x7f18f5fe54e5 in mame_ui_manager::handler_ingame(render_container&)::$_4::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:1314:14
    #7 0x7f18f5fe692f in util::detail::delegate_base<delegate_late_bind, unsigned int, render_container&>::operator()(render_container&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #8 0x7f18f5fd3a73 in mame_ui_manager::update_and_render(render_container&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/ui/ui.cpp:671:20
    #9 0x7f18f5994fc3 in emulator_info::draw_user_interface(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:465:41
    #10 0x7f18fdb08b85 in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:218:2
    #11 0x7f18fd88021d in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:332:14
    #12 0x7f18f598fdaf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #13 0x7f18f6d47126 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #14 0x7f18f6d4ac6f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #15 0x7f18f5994b8f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #16 0x7f18fdb7629b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #17 0x7f18b08b9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #18 0x7f18b08b92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #19 0x7f18d7506d10 in _start (/mnt/s/GitHub/mame/mame+0x24d5fd10) (BuildId: 8b22098d644f2f10)
User avatar
No.20806
hap
Developer
25 days ago
Looks like tilemap_t::draw_instance does pointer math on nullptr.
Not related to thepit, I tried to view a tilemap in another driver and it does the same thing.
User avatar
No.20807
hap
Developer
25 days ago
Ok, that issue is fixed here: https://github.com/mamedev/mame/commit/b0e802db816a9d0aaaec4a2a9caed9c96a041b31
The other times it does calculations on nullptr there, it's guaranteed to add 0 (nullptr + 0 is not a problem in C++ afaik)
User avatar
No.20811
hap
Developer
23 days ago
Added another safety check here: https://github.com/mamedev/mame/commit/6b15885c69e0efddf20707cb420c564a2022d559
User avatar
No.20815
Firewave
Senior Tester
22 days ago
Crash should be fixed by the first commit. The others are just cleaning up some additional UBSAN findings.