Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07972 Crash/Freeze Critical (emulator) Always May 9, 2021, 00:56 25 days ago
Tester ICEknight View Status Public Platform MAME (Official Binary)
Assigned To Resolution Open OS Windows 10 (64-bit)
Status [?] Confirmed Driver
Version 0.231 Fixed in Version Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 07972: pce and clones [fzone2]: Cutscene lock and emulator crash in Final Zone 2
Description The intro will eventually stop, but leaving the option to skip it with the Run button. However, once you press Run again, the following intro sequence will start screeching and eventually crash MAME.
Steps To Reproduce Let the intro play for a few seconds.
Press Run (Start) once to see the Title Screen, once again to start a game and crash.
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems pce and clones [fzone2]
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
2
User avatar
No.18833
Tafoid
Administrator
May 11, 2021, 20:09
While I didn't get the emulator to crash, it has forever acted odd playing audio that isn't matching screen or completely mangling the audio output.
User avatar
No.20802
Firewave
Senior Tester
25 days ago
edited on: 22 days ago
Using the official 0.249 Windows binary I can confirm the crash during the cutscene (the trace is not complete as I prematurely killed the process since I thought it hard froze - it just took extremely long to lookup the frames):
-----------------------------------------------------
Exception at EIP=00007ff748482593 (cdda_device::get_audio_data(write_stream_view&, write_stream_view&)+0x00b3): ACCESS VIOLATION
While attempting to read memory at 0000025b7856f000
-----------------------------------------------------
RAX=0000000000007896 RBX=0000025b7557b160 RCX=0000000000000372 RDX=00000000001807a0
RSI=0000000000000107 RDI=0000025b782694d0 RBP=0000025b782694e8 RSP=000000701aaf9570
 R8=000000000000ac44  R9=00000000ffffcd58 R10=0000000000007896 R11=0000000000000000
R12=000000701aaf96b0 R13=0000025b7826e0c0 R14=0000000000000372 R15=000000701aaf96b0
-----------------------------------------------------
Stack crawl:
  000000701aaf9600: 00007ff748482593 (cdda_device::get_audio_data(write_stream_view&, write_stream_view&)+0x00b3)
  000000701aaf9640: 00007ff7484828af (non-virtual thunk to cdda_device::sound_stream_update(sound_stream&, std::vector<read_stream_view, std::allocator<read_stream_view> > const&, std::vector<write_stream_view, std::allocator<write_stream_view> >&)+0x001f)
  000000701aaf9730: 00007ff7483c8e93 (sound_stream::update_view(attotime, attotime, unsigned int)+0x0483)
  000000701aaf97d0: 00007ff7483c8943 (sound_stream_input::update(attotime, attotime)+0x00c3)
  000000701aaf98c0: 00007ff7483c8dc8 (sound_stream::update_view(attotime, attotime, unsigned int)+0x03b8)
  000000701aaf9960: 00007ff7483c8943 (sound_stream_input::update(attotime, attotime)+0x00c3)
  000000701aaf9a50: 00007ff7483c8dc8 (sound_stream::update_view(attotime, attotime, unsigned int)+0x03b8)
  000000701aaf9b40: 00007ff747b77fb7 (speaker_device::mix(float*, float*, attotime, attotime, int, bool)+0x0097)
  000000701aaf9c50: 00007ff7483c91e6 (sound_manager::update(int)+0x0186)
  000000701aaf9cc0: 00007ff747d4fd5b (device_scheduler::timeslice()+0x014b)
  000000701aaf9e20: 00007ff747d4cc78 (running_machine::run(bool)+0x0198)

0.249 on Linux reports the following:
==8144==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250001015c0 at pc 0x7fb55b804366 bp 0x7fffd089dcd0 sp 0x7fffd089dcc8
READ of size 2 at 0x6250001015c0 thread T0
    #0 0x7fb55b804365 in cdda_device::get_audio_data(write_stream_view&, write_stream_view&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/sound/cdda.cpp:193:57
    #1 0x7fb55b802801 in cdda_device::sound_stream_update(sound_stream&, std::vector<read_stream_view, std::allocator<read_stream_view> > const&, std::vector<write_stream_view, std::allocator<write_stream_view> >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/sound/cdda.cpp:20:2
    #2 0x7fb55b8043ff in non-virtual thunk to cdda_device::sound_stream_update(sound_stream&, std::vector<read_stream_view, std::allocator<read_stream_view> > const&, std::vector<write_stream_view, std::allocator<write_stream_view> >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/sound/cdda.cpp
    #3 0x7fb56538c42d in util::detail::delegate_base<delegate_late_bind, void, sound_stream&, std::vector<read_stream_view, std::allocator<read_stream_view> > const&, std::vector<write_stream_view, std::allocator<write_stream_view> >&>::operator()(sound_stream&, std::vector<read_stream_view, std::allocator<read_stream_view> > const&, std::vector<write_stream_view, std::allocator<write_stream_view> >&) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #4 0x7fb56537e3ce in sound_stream::update_view(attotime, attotime, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:749:4
    #5 0x7fb56537d09f in sound_stream_input::update(attotime, attotime) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:522:25
    #6 0x7fb56537df61 in sound_stream::update_view(attotime, attotime, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:735:49
    #7 0x7fb56537d09f in sound_stream_input::update(attotime, attotime) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:522:25
    #8 0x7fb56537df61 in sound_stream::update_view(attotime, attotime, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:735:49
    #9 0x7fb5653937d8 in speaker_device::mix(float*, float*, attotime, attotime, int, bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/speaker.cpp:70:42
    #10 0x7fb565387a0b in sound_manager::update(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/sound.cpp:1511:11
    #11 0x7fb565303854 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #12 0x7fb565303854 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #13 0x7fb5652fe798 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #14 0x7fb56519b207 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #15 0x7fb55d2aae4f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #16 0x7fb55e6621c6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #17 0x7fb55e665d0f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #18 0x7fb55d2afc2f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #19 0x7fb56549129b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #20 0x7fb5181d9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #21 0x7fb5181d92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #22 0x7fb53ee21d80 in _start (/mnt/s/GitHub/mame/mame+0x24d5fd80) (BuildId: 94a5374e261be8f8)

0x6250001015c0 is located 0 bytes to the right of 9408-byte region [0x6250000ff100,0x6250001015c0)
allocated by thread T0 here:
    #0 0x7fb53eedfb2d in operator new[](unsigned long) (/mnt/s/GitHub/mame/mame+0x24e1db2d) (BuildId: 94a5374e261be8f8)
    #1 0x7fb55b8044be in make_unique<unsigned char[]> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1080:30
    #2 0x7fb55b8044be in cdda_device::device_start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/sound/cdda.cpp:32:18
    #3 0x7fb55e90c970 in device_t::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:562:2
    #4 0x7fb56519a03f in running_machine::start_all_devices() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:1013:13
    #5 0x7fb565198014 in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:211:2
    #6 0x7fb56519ae3c in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #7 0x7fb55d2aae4f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #8 0x7fb55e6621c6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #9 0x7fb55e665d0f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #10 0x7fb55d2afc2f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #11 0x7fb56549129b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #12 0x7fb5181d9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/sound/cdda.cpp:193:57 in cdda_device::get_audio_data(write_stream_view&, write_stream_view&)
Shadow bytes around the buggy address:
  0x0c4a80018260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a80018270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a80018280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a80018290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a800182a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a800182b0: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
  0x0c4a800182c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a800182d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a800182e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a800182f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80018300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb