Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
08951 Crash/Freeze Critical (emulator) Always Nov 5, 2024, 14:48 6 days ago
Tester Robbbert View Status Public Platform MAME (Self-compiled)
Assigned To holub Resolution Fixed OS Windows 11/10 (64-bit)
Status [?] Resolved Driver
Version 0.271 Fixed in Version 0.281GIT Build 64-bit
Fixed in Git Commit aa0651b Github Pull Request # #14137
Summary 08951: zx81: Several tapes cause MAME to crash
Description While testing my loose software, it was noted that several tapes cause MAME to crash as soon as the emulation is started.
Steps To Reproduce Enter this line, using the supplied file, and substituting your path.

mame zx81 -cass "e:\data\sinclair\zx81\nw\(crash)grimm.p"

It will immediately crash, before the screen can appear.
Additional Information I do not know if these tapes are meant for this system, however even if that's the case, a crash should not occur.

A number of examples have been included.

C:\MAME>mame zx81 -cass "e:\data\sinclair\zx81\nw\(crash)grimm.p"
Warning: layout view 'Keyboard Layout' contains deprecated cpanel element
Warning: layout view 'Keyboard_Only' contains deprecated cpanel element
Warning: layout view 'Keyboard Layout' contains deprecated cpanel element
Warning: layout view 'Keyboard_Only' contains deprecated cpanel element

-----------------------------------------------------
Exception at EIP=00007ff7cd67c758 (zx_state::~zx_state()+0x0188): ACCESS VIOLATION
While attempting to write memory at 000001c6643aa000
-----------------------------------------------------
RAX=0000000000000000 RBX=000001c662f9e040 RCX=000001c6643a9ff8 RDX=000001c6643a9ff8
RSI=000001c662bab1cc RDI=000001c6643a9ff8 RBP=000001c662bab1d3 RSP=000000902d0f8db8
 R8=0000000000000004 R9=0000000000000002 R10=0000000000000000 R11=0000000000000000
R12=00007ff7db63d888 R13=000001c662b468d0 R14=000001c662f9e040 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  000000902d0f8db0: 00007ff7cd67c758 (zx_state::~zx_state()+0x0188)
  000000902d0f8e00: 00007ff7cd67cd36 (zx81_cassette_fill_wave(short*, int, unsigned char*)+0x0166)
  000000902d0f8f80: 00007ff7cdea41b8 (cassette_image::legacy_construct(cassette_image::LegacyWaveFiller const*)+0x0328)
  000000902d0f9010: 00007ff7cdea193c (cassette_image::open_choices(std::unique_ptr<util::random_read_write, std::default_delete<util::random_read_write> >&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cassette_image::Format const* const*, int, std::unique_ptr<cassette_image, std::default_delete<cassette_image> >&)+0x010c)
  000000902d0f9120: 00007ff7cac69f22 (cassette_image_device::internal_load(bool)+0x00c2)
  000000902d0f9190: 00007ff7cac6a5e5 (non-virtual thunk to cassette_image_device::call_load[abi:cxx11]()+0x0035)
  000000902d0f9240: 00007ff7caca363e (device_image_interface::finish_load[abi:cxx11]()+0x026e)
  000000902d0f9360: 00007ff7cdc9b6fb (image_manager::postdevice_init()+0x017b)
  000000902d0f9390: 00007ff7d50950c2 (luaopen_lfs+0x2709222)
  000000902d0f94d0: 00007ff7ca9a3dc8 (device_t::start()+0x0698)
  000000902d0f9620: 00007ff7cab36d9a (running_machine::start_all_devices()+0x014a)
  000000902d0f9740: 00007ff7cab3ae31 (running_machine::start()+0x0a91)
  000000902d0f98c0: 00007ff7cab3e3dc (running_machine::run(bool)+0x00cc)
  000000902d0feee0: 00007ff7cdc6d15c (mame_machine_manager::execute()+0x024c)
  000000902d0ff2d0: 00007ff7d195d49a (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03ea)
  000000902d0ff5e0: 00007ff7d195daca (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x007a)
  000000902d0ff640: 00007ff7cdc67f07 (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0027)
  000000902d0ffa10: 00007ff7d35e6141 (luaopen_lfs+0xc5a2a1)
  000000902d0ffa60: 00007ff7c6de12ee (__tmainCRTStartup+0x016e)
  000000902d0ffa90: 00007ff7c6de1406 (mainCRTStartup+0x0016)
  000000902d0ffac0: 00007ffd2c997374 (BaseThreadInitThunk+0x0014)
  000000902d0ffb40: 00007ffd2cadcc91 (RtlUserThreadStart+0x0021)
Github Commit
Flags
Regression Version
Affected Sets / Systems zx81
Attached Files
zip file icon ZX81 crashers.zip (41,425 bytes) Nov 5, 2024, 14:48 Uploaded by Robbbert
zip file icon (crash)VIDEO-IN.zip (1,935 bytes) 8 days ago Uploaded by Robbbert
Relationships
child of 08952Resolvedholub  spec128: Several tapes cause MAME to crash 
Notes
11
User avatar
No.22518
holub
Tester
Dec 3, 2024, 17:24
see: https://mametesters.org/view.php?id=8952#bugnotes
User avatar
No.23648
holub
Tester
8 days ago
fixed in https://github.com/mamedev/mame/pull/14134
User avatar
No.23650
JimCarlTay
Tester
8 days ago
Pull request #14134 merged as commit 571feba.
User avatar
No.23655
Robbbert
Moderator
8 days ago
Tested this, 2 still crash, the remainder loaded but do not run. Maybe they weren't really ZX81 programs.

The crashing programs are called H.P and VIDEO-IN.P

In a further test, H.P didn't crash but produced a message: Block requests 22239 bytes, but only 8161 available, and I got a white screen.

VIDEO-IN.P crashed though, here's the dump

C:\MAME>mame zx81 -cass e:\data\sinclair\zx81\nw\(crash)video-in.p
Warning: layout view 'Keyboard Layout' contains deprecated cpanel element
Warning: layout view 'Keyboard_Only' contains deprecated cpanel element
Warning: layout view 'Keyboard Layout' contains deprecated cpanel element
Warning: layout view 'Keyboard_Only' contains deprecated cpanel element

-----------------------------------------------------
Exception at EIP=00007ff7189a4fd8 (zx81_cassette_calculate_size_in_samples(unsigned char const*, int)+0x0038): ACCESS VIOLATION
While attempting to read memory at 00000156121ee000
-----------------------------------------------------
RAX=0000000000002413 RBX=0000000000000000 RCX=00000156121ee000 RDX=0000000000000000
RSI=00000156121eb0c0 RDI=00007ff7189a4fa0 RBP=0000000000000bc0 RSP=00000010efcf8da0
 R8=0000000000000000 R9=00000156121eeb70 R10=0000000000000000 R11=0000000000000bc0
R12=0000000000000bc0 R13=00000010efcf8e58 R14=000001561214b1f0 R15=00007ff724f08f40
-----------------------------------------------------
Stack crawl:
  00000010efcf8da0: 00007ff7189a4fd8 (zx81_cassette_calculate_size_in_samples(unsigned char const*, int)+0x0038)
  00000010efcf8ea0: 00007ff7191b5726 (cassette_image::legacy_construct(cassette_image::LegacyWaveFiller const*)+0x00f6)
  00000010efcf8f30: 00007ff7191b38ac (cassette_image::open_choices(std::unique_ptr<util::random_read_write, std::default_delete<util::random_read_write> >&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cassette_image::Format const* const*, int, std::unique_ptr<cassette_image, std::default_delete<cassette_image> >&)+0x010c)
  00000010efcf9040: 00007ff715ceb342 (cassette_image_device::internal_load(bool)+0x00c2)
  00000010efcf90b0: 00007ff715ceb9e5 (non-virtual thunk to cassette_image_device::call_load[abi:cxx11]()+0x0035)
  00000010efcf9160: 00007ff715edf37e (device_image_interface::finish_load[abi:cxx11]()+0x026e)
  00000010efcf9280: 00007ff718fa850b (image_manager::postdevice_init()+0x017b)
  00000010efcf92b0: 00007ff720924062 (luaopen_lfs+0x2a66b42)
  00000010efcf93f0: 00007ff715a27ee0 (device_t::start()+0x0660)
  00000010efcf9540: 00007ff715bbbb3a (running_machine::start_all_devices()+0x014a)
  00000010efcf9660: 00007ff715bbfb49 (running_machine::start()+0x0a89)
  00000010efcf97e0: 00007ff715bc316c (running_machine::run(bool)+0x00cc)
  00000010efcfee00: 00007ff718f7983c (mame_machine_manager::execute()+0x024c)
  00000010efcff1f0: 00007ff71ce2675a (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03ea)
  00000010efcff500: 00007ff71ce26d8a (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x007a)
  00000010efcff560: 00007ff718f745d7 (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0027)
  00000010efcff930: 00007ff71ec08621 (luaopen_lfs+0xd4b101)
  00000010efcff980: 00007ff711d912ee (__tmainCRTStartup+0x016e)
  00000010efcff9b0: 00007ff711d91406 (mainCRTStartup+0x0016)
  00000010efcff9e0: 00007ffd06277374 (BaseThreadInitThunk+0x0014)
  00000010efcffa60: 00007ffd063bcc91 (RtlUserThreadStart+0x0021)

File attached. It's probably just a rubbish program, but still, it shouldn't crash.
User avatar
No.23656
holub
Tester
8 days ago
@Robbbert: Are you sure about "VIDEO-IN.P"? You don't have warning in your log which is suspicious.
Here I have:
~/workspace/mame (master) » ./mamed zx81 -cass \(crash\)VIDEO-IN.P
[LUA] emu.register_start is deprecated - please use emu.add_machine_reset_notifier
Block requests 15024 bytes, but only 3008 available
User avatar
No.23657
holub
Tester
8 days ago
I think I know what happens to yours.
Let's do strict data check: https://github.com/mamedev/mame/pull/14137
User avatar
No.23658
Robbbert
Moderator
8 days ago
The windows build has an unfortunate habit of not displaying error messages, especially things that cause fatal errors. This leads to machines that simply drop out for no apparent reason. I'm hoping that the devs can fix this one day.
User avatar
No.23659
holub
Tester
8 days ago
I'm refering to one which you have in the other examples "Block requests 15024 bytes, but only 3008 available".
But seams like Windows guards access violation better than Linux - that's why I missed this in my first attempt.
Now it must be clearly reported as "wrong image" without ability to load it regardless.
User avatar
No.23660
JimCarlTay
Tester
7 days ago
Pull request #14137 merged as commit aa0651b.
User avatar
No.23662
Robbbert
Moderator
7 days ago
Thanks for having another look.

I will check it when I get back home in a day or so, and if good I will resolve this report.
User avatar
No.23669
Robbbert
Moderator
6 days ago
Tested, both H.P and VIDEO-IN.P were reported as invalid images, and so are rejected before they can cause a problem.

So, all good.