07978: UI: File Manager crashes MAME in spectacular ways

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
07978	Interface	Critical (emulator)	Always	May 15, 2021, 09:49	May 16, 2021, 05:37

Tester	kmg	View Status	Public	Platform	MAME (Self-compiled)
Assigned To	AJR	Resolution	Fixed	OS	MacOS X
Status [?]	Resolved			Driver
Version	0.231	Fixed in Version	0.232	Build	64-bit
		Fixed in Git Commit	eb5fc0c	Github Pull Request #

Summary	07978: UI: File Manager crashes MAME in spectacular ways
Description	For any system, accessing File Manager, then a currently populated media slot, then accessing file manager from that submenu crashes MAME with various errors (segmentation faults, malloc errors, etc etc). I'm not setup to debug MAME but from playing around a few minutes it seems that this is due to each cfg's <image_directories> contents. When <device instance="foo" directory="" /> has empty string for a directory the problem strikes. The main issue I'm guessing is a missing reasonable default, say the working directory? It also seems from the errors that if the cfg file doesn't exist yet, directory may be null not just a null string. A secondary issue here is the behavior differs between running a software list item from the command line versus picking one in the UI. The latter properly populates directory with a non-empty string, the former seems to always default to "". Of course this may be moot if "" is handled gracefully :)
Steps To Reproduce	Picking on nes arbitrarily: 1) erase nes.cfg 2) mame nes smb1 3) Menu -> File Manager -> cartridge (cart) smb1 (cart) -> [file manager] 4) Boom! Alternate step 2 that gives different error at end: 2) mame nes smb1 -> quit MAME (nes.cfg now has directory="") -> mame nes smb1
Additional Information
Github Commit

Flags
Regression Version	0.228
Affected Sets / Systems	UI

Attached Files

No.18848 Tafoid Administrator May 15, 2021, 11:58	Issue traced to January 20, 2021 "Much more core std::string_view modernization" https://github.com/mamedev/mame/commit/91921618c2e06bd0ed073b8efccd31a127c9012d
No.18849 Tafoid Administrator May 15, 2021, 12:08 edited on: May 15, 2021, 12:08	----------------------------------------------------- Exception at EIP=0000000077a8ef4a (+0x77a8ef4a): ACCESS VIOLATION While attempting to read memory at ffffffffffffffff ----------------------------------------------------- RAX=0000000000000000 RBX=004c1add2f5f08e9 RCX=004c1add2f5f08e9 RDX=0000000009580e51 RSI=004c1add38b7173a RDI=0000000000000000 RBP=0000000009580e51 RSP=0000000000128bb0 R8=0000000000128c40 R9=004c1add2f5f08e9 R10=00000000093d6520 R11=0000000000128be8 R12=0000000000000000 R13=0000000000128c40 R14=0000000000000000 R15=0000000000000000 ----------------------------------------------------- Stack crawl: 0000000000128be0: 0000000077a8ef4a (RtlGUIDFromString+0x027a) 0000000000128cc0: 000007fefd8694c6 (IsTokenRestricted+0x0146) 0000000000128d00: 0000000077834bab (MultiByteToWideChar+0x001b) 0000000000128d70: 00000001472e1e2b (osd::text::to_wstring(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x005b) 0000000000128db0: 0000000147293277 (wstring_from_utf8(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x0017) 0000000000128ed0: 000000014abe33cd (void std::__insertion_sort<__gnu_cxx::__normal_iterator<ui::menu_file_selector::file_selector_entry, std::vector<ui::menu_file_selector::file_selector_entry, std::allocator<ui::menu_file_selector::file_selector_entry> > >, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selector_entry const&, ui::menu_file_selector::file_selector_entry const&)#1}> >(__gnu_cxx::__normal_iterator<ui::menu_file_selector::file_selector_entry, std::vector<ui::menu_file_selector::file_selector_entry, std::allocator<ui::menu_file_selector::file_selector_entry> > >, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selector_entry const&, ui::menu_file_selector::file_selector_entry const&)#1}>, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selecto+0x007d) 0000000000128ff0: 000000014abe711e (ui::menu_file_selector::populate(float&, float&)+0x042e) 00000000001291a0: 000000014a63231a (ui::menu::do_handle()+0x040a) 0000000000129220: 000000014a63324d (ui::menu::ui_handler(render_container&, mame_ui_manager&)+0x003d) 0000000000129250: 000000014a058527 (std::_Function_handler<unsigned int (render_container&), std::_Bind<unsigned int ((std::_Placeholder<1>, std::reference_wrapper<mame_ui_manager>))(render_container&, mame_ui_manager&)> >::_M_invoke(std::_Any_data const&, render_container&)+0x0017) 0000000000129340: 000000014a051603 (mame_ui_manager::update_and_render(render_container&)+0x0173) 0000000000129370: 000000014726ee60 (emulator_info::draw_user_interface(running_machine&)+0x0020) 0000000000129410: 00000001472d3ae9 (video_manager::frame_update(bool)+0x0199) 0000000000129480: 0000000143c803a3 (screen_device::vblank_begin()+0x0233) 0000000000129500: 0000000143c836ad (screen_device::device_timer(emu_timer&, unsigned int, int, void)+0x013d) 0000000000129540: 0000000143c782ed (emu_timer::device_timer_expired(emu_timer&, void, int)+0x002d) 00000000001295c0: 0000000143c792d3 (device_scheduler::timeslice()+0x0163) 0000000000129720: 0000000143e9c828 (running_machine::run(bool)+0x0198) 000000000012f370: 00000001472718d0 (mame_machine_manager::execute()+0x01f0) 000000000012f750: 000000014a094877 (cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x0397) 000000000012fa10: 000000014a094e33 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0053) 000000000012fa70: 000000014726ee0c (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002c) 000000000012fe50: 000000014b05807f (main+0x017f) 000000000012ff20: 00000001400013c1 (__tmainCRTStartup+0x0231) 000000000012ff50: 00000001400014f6 (mainCRTStartup+0x0016) 000000000012ff80: 000000007783556d (BaseThreadInitThunk+0x000d) 000000000012ffd0: 0000000077a9385d (RtlUserThreadStart+0x001d)

No.18848

Tafoid

Administrator

May 15, 2021, 11:58

Issue traced to January 20, 2021
"Much more core std::string_view modernization"
https://github.com/mamedev/mame/commit/91921618c2e06bd0ed073b8efccd31a127c9012d

No.18849

Tafoid

Administrator

May 15, 2021, 12:08

edited on: May 15, 2021, 12:08

-----------------------------------------------------
Exception at EIP=0000000077a8ef4a (+0x77a8ef4a): ACCESS VIOLATION
While attempting to read memory at ffffffffffffffff
-----------------------------------------------------
RAX=0000000000000000 RBX=004c1add2f5f08e9 RCX=004c1add2f5f08e9 RDX=0000000009580e51
RSI=004c1add38b7173a RDI=0000000000000000 RBP=0000000009580e51 RSP=0000000000128bb0
R8=0000000000128c40 R9=004c1add2f5f08e9 R10=00000000093d6520 R11=0000000000128be8
R12=0000000000000000 R13=0000000000128c40 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  0000000000128be0: 0000000077a8ef4a (RtlGUIDFromString+0x027a)
  0000000000128cc0: 000007fefd8694c6 (IsTokenRestricted+0x0146)
  0000000000128d00: 0000000077834bab (MultiByteToWideChar+0x001b)
  0000000000128d70: 00000001472e1e2b (osd::text::to_wstring(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x005b)
  0000000000128db0: 0000000147293277 (wstring_from_utf8(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x0017)
  0000000000128ed0: 000000014abe33cd (void std::__insertion_sort<__gnu_cxx::__normal_iterator<ui::menu_file_selector::file_selector_entry*, std::vector<ui::menu_file_selector::file_selector_entry, std::allocator<ui::menu_file_selector::file_selector_entry> > >, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selector_entry const&, ui::menu_file_selector::file_selector_entry const&)#1}> >(__gnu_cxx::__normal_iterator<ui::menu_file_selector::file_selector_entry*, std::vector<ui::menu_file_selector::file_selector_entry, std::allocator<ui::menu_file_selector::file_selector_entry> > >, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selector_entry const&, ui::menu_file_selector::file_selector_entry const&)#1}>, __gnu_cxx::__ops::_Iter_comp_iter<ui::menu_file_selector::populate(float&, float&)::{lambda(ui::menu_file_selector::file_selecto+0x007d)
  0000000000128ff0: 000000014abe711e (ui::menu_file_selector::populate(float&, float&)+0x042e)
  00000000001291a0: 000000014a63231a (ui::menu::do_handle()+0x040a)
  0000000000129220: 000000014a63324d (ui::menu::ui_handler(render_container&, mame_ui_manager&)+0x003d)
  0000000000129250: 000000014a058527 (std::_Function_handler<unsigned int (render_container&), std::_Bind<unsigned int (*(std::_Placeholder<1>, std::reference_wrapper<mame_ui_manager>))(render_container&, mame_ui_manager&)> >::_M_invoke(std::_Any_data const&, render_container&)+0x0017)
  0000000000129340: 000000014a051603 (mame_ui_manager::update_and_render(render_container&)+0x0173)
  0000000000129370: 000000014726ee60 (emulator_info::draw_user_interface(running_machine&)+0x0020)
  0000000000129410: 00000001472d3ae9 (video_manager::frame_update(bool)+0x0199)
  0000000000129480: 0000000143c803a3 (screen_device::vblank_begin()+0x0233)
  0000000000129500: 0000000143c836ad (screen_device::device_timer(emu_timer&, unsigned int, int, void*)+0x013d)
  0000000000129540: 0000000143c782ed (emu_timer::device_timer_expired(emu_timer&, void*, int)+0x002d)
  00000000001295c0: 0000000143c792d3 (device_scheduler::timeslice()+0x0163)
  0000000000129720: 0000000143e9c828 (running_machine::run(bool)+0x0198)
  000000000012f370: 00000001472718d0 (mame_machine_manager::execute()+0x01f0)
  000000000012f750: 000000014a094877 (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x0397)
  000000000012fa10: 000000014a094e33 (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0053)
  000000000012fa70: 000000014726ee0c (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x002c)
  000000000012fe50: 000000014b05807f (main+0x017f)
  000000000012ff20: 00000001400013c1 (__tmainCRTStartup+0x0231)
  000000000012ff50: 00000001400014f6 (mainCRTStartup+0x0016)
  000000000012ff80: 000000007783556d (BaseThreadInitThunk+0x000d)
  000000000012ffd0: 0000000077a9385d (RtlUserThreadStart+0x001d)