08210: actfancr, triothep: Segmentation fault

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
08210	Crash/Freeze	Critical (emulation)	Always	Feb 17, 2022, 00:25	Mar 18, 2022, 19:13

Tester	M.A.S.H.	View Status	Public	Platform	SDLMAME
Assigned To	AmatCoder	Resolution	Fixed	OS	Linux (64-bit)
Status [?]	Resolved			Driver	dataeast/actfancr.cpp
Version	0.240	Fixed in Version	0.242	Build	64-bit
		Fixed in Git Commit	d8a7d88	Github Pull Request #

Summary	08210: actfancr, triothep: Segmentation fault
Description	I got a "Segmentation fault (core dumped)" error message in SDL MAME 0.240 when i start mame in the terminal with mame actfancr or mame triothep In my selfcompiled MAME version under Windows XP i got this error: ----------------------------------------------------- Exception at EIP=7c920f29 (not found): ACCESS VIOLATION While attempting to read memory at 00000000 ----------------------------------------------------- EAX=12126fb0 EBX=003e0000 ECX=00000000 EDX=00000000 ESI=12126fa8 EDI=12126ba0 EBP=0022ccbc ESP=0022ccb0 ----------------------------------------------------- Stack crawl: 0022ccbc: 7c920f29 (wcsncpy+0x049a) 0022cd90: 7c920d5c (wcsncpy+0x02cd) 0022cdd8: 77bfc2de (free+0x00c3) 00000000: 041f6fe9 (not found) - Also the game sometimes will crash. And under Windows 10 with mame0240b_64bit i did not get any messages!
Steps To Reproduce
Additional Information
Github Commit

Flags
Regression Version	0.239
Affected Sets / Systems	actfancr, triothep

Attached Files

No.19789 Augusto Tester Feb 17, 2022, 04:22	SDLMAME 0.239 64 Ubuntu 20.04.3 actfancr randomly : - crash when trying start gameplay. - not video graphics triothep gameplay works, but when closing the game crash MAME GUI and randomly not is possible start again triothep needing delete triothep.cfg.
No.19812 Tafoid Administrator Feb 20, 2022, 10:11	I can't seem to replicate in a normal release build of 0.240. Perhaps SDL related? Are all crashes happening when launching from internal UI and not the command-line?
No.19817 M.A.S.H. Senior Tester Feb 20, 2022, 17:26	@Tafoid Both games starts in the SDLMAME UI, you play, but when you exit the UI stops working/dissapear...
No.19818 Tafoid Administrator Feb 20, 2022, 18:22	Are you using SUBTARGET=arcade build or full MAME build when testing? Again, you said it malfunctions when in the UI, but does it happen when launched from command-line/terminal?
No.19819 M.A.S.H. Senior Tester Feb 20, 2022, 21:39	> Are you using SUBTARGET=arcade build or full MAME build when testing? I use the full SLDMAME version from https://sdlmame.wallyweek.org/download/ >Again, you said it malfunctions when in the UI, but does it happen when launched from command-line/terminal? When i start in the linux terminal mame triothep or mame actfancr, the games not starts and show the error messagee: "Segmentation fault (core dumped)" Did i start only mame from the terminal and select intern the games actfancr or triothep i get this error message: Average speed: 100.00% (3 seconds) double free or corruption (!prev) Aborted (core dumped) -
No.19859 Tafoid Administrator Feb 28, 2022, 02:53	How is 0.241 with this issue @M.A.S.H. ? I'll acknowledge it for now. Hopefully someone who deals directly with SDL can determine the issue.
No.19916 M.A.S.H. Senior Tester Mar 15, 2022, 23:05	@Tafoid SLDMAME 0.241 shows the same errors with actfancr and triothep!
No.19924 AmatCoder Tester Mar 18, 2022, 05:25 edited on: Mar 18, 2022, 05:34	With my selfcompiled MAME under Arch Linux: gdb -args ./mame actfancr Thread 1 "mame" received signal SIGSEGV, Segmentation fault. 0x0000555555f3a950 in h6280_device::program_write8(unsigned int, unsigned char) () (gdb) bt #0 0x0000555555f3a950 in h6280_device::program_write8(unsigned int, unsigned char) () #1 0x0000555555f3b632 in h6280_device::execute_run() () #2 0x00005555571a9631 in device_scheduler::timeslice() () #3 0x000055555713ebd0 in running_machine::run(bool) () #4 0x00005555559994f1 in mame_machine_manager::execute() () #5 0x0000555555a4fe9c in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) () #6 0x0000555555a50131 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () #7 0x0000555555996da6 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () #8 0x0000555555852560 in main () This commit seems to be the origin of: https://github.com/mamedev/mame/commit/30ac5da4807935f9c52cb21147e0d6cda8f71455 More specifically this: https://github.com/mamedev/mame/blob/master/src/mame/drivers/actfancr.cpp#L50 I am not familiar with memory pointer finders but it seems that a memory_share_creator* has to match the specified size of existing memory found. If not it will write out of bounds -> Undefined behavior -> SIGSEGV In my build I fixed this with: diff --git a/src/mame/drivers/actfancr.cpp b/src/mame/drivers/actfancr.cpp index d6929171191..8bec93fd074 100644 --- a/src/mame/drivers/actfancr.cpp +++ b/src/mame/drivers/actfancr.cpp @@ -47,7 +47,7 @@ public: m_tilegen(this, "tilegen%u", 1U), m_spritegen(this, "spritegen"), m_spriteram(this, "spriteram"), - m_spriteram16(this, "spriteram16", 0x800 / 2, ENDIANNESS_BIG) { } + m_spriteram16(*this, "spriteram16", 0x800, ENDIANNESS_BIG) { }
No.19925 Osso Moderator Mar 18, 2022, 17:39	Thanks!
No.19926 M.A.S.H. Senior Tester Mar 18, 2022, 19:13	@AmatCoder Many thanks for fixing the bug. I did not think that is was a spriteram error! There is another bug with a 32/64bit MAME driver/memory handling problem at https://mametesters.org/view.php?id=8233 Various drivers hang at black screen with 32bit build. Maybe you can take a closer look at this error.