09246: coco3p: Crash at start

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
09246	Crash/Freeze	Critical (emulation)	Always	6 days ago	3 days ago

Tester	Robbbert	View Status	Public	Platform	MAME (Self-compiled)
Assigned To	hap	Resolution	Fixed	OS	Windows 11/10 (64-bit)
Status [?]	Resolved			Driver	trs/coco3.cpp
Version	0.279	Fixed in Version	0.281GIT	Build	64-bit
		Fixed in Git Commit	52e2492	Github Pull Request #

Summary	09246: coco3p: Crash at start
Description	Crashes at start. Appears to be a regression caused by the audio rewrite.
Steps To Reproduce	>mame coco3p
Additional Information	C:\MAME>mame coco3p ----------------------------------------------------- Exception at EIP=00007ff6d5a23eef (sound_manager::startup_cleanups()+0x0a2f): ACCESS VIOLATION While attempting to read memory at ffffffffffffffff ----------------------------------------------------- RAX=0000ff0000000000 RBX=00000261dd79f990 RCX=00007ff6e3c51ba1 RDX=656b616570733434 RSI=0000ff0000000000 RDI=0000000000000002 RBP=00000261e314d410 RSP=000000efb3b291d0 R8=000000000000023f R9=fffffffffffd2780 R10=0000000000000200 R11=8101010101010100 R12=00007ff6e3c23e00 R13=00000261e3168750 R14=000000efb3b29290 R15=0000000000000000 ----------------------------------------------------- Stack crawl: 000000efb3b29330: 00007ff6d5a23eef (sound_manager::startup_cleanups()+0x0a2f) 000000efb3b29370: 00007ff6d5a2cdb5 (sound_manager::mapping_update()+0x0075) 000000efb3b293b0: 00007ff6d5a2d14d (sound_manager::update(int)+0x000d) 000000efb3b29430: 00007ff6d53e99eb (device_scheduler::timeslice()+0x013b) 000000efb3b295b0: 00007ff6d53e6c15 (running_machine::run(bool)+0x01c5) 000000efb3b2ebd0: 00007ff6d87a337c (mame_machine_manager::execute()+0x024c) 000000efb3b2efc0: 00007ff6dc548cca (cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03ea) 000000efb3b2f2d0: 00007ff6dc5492fa (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x007a) 000000efb3b2f330: 00007ff6d879e117 (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0027) 000000efb3b2f700: 00007ff6de325cb1 (luaopen_lfs+0xd4a521) 000000efb3b2f750: 00007ff6d15b12ee (__tmainCRTStartup+0x016e) 000000efb3b2f780: 00007ff6d15b1406 (mainCRTStartup+0x0016) 000000efb3b2f7b0: 00007ff803ea7374 (BaseThreadInitThunk+0x0014) 000000efb3b2f830: 00007ff80527cc91 (RtlUserThreadStart+0x0021)
Github Commit

Flags
Regression Version
Affected Sets / Systems	coco3p

Attached Files

No.23615 hap Developer 5 days ago	It's a random crash, considering how random it is where it crashes, probably an array overflow bug. Here's two on MAME 0.277 (pre sound rewrite) at boot: ----------------------------------------------------- Exception at EIP=00007ff70ba8df45 (render_target::get_primitives()+0x00b5): ACCESS VIOLATION While attempting to read memory at ffffffffffffffff ----------------------------------------------------- RAX=0000000000000002 RBX=00000000000000d0 RCX=000002240334f6b0 RDX=ff00022403361350 RSI=000000ffcd5a96b0 RDI=00007ffe6c603580 RBP=0000000000000000 RSP=000000ffcd5a9560 R8=000002240334d970 R9=0000000000000006 R10=0000000000000000 R11=0000042112c4a4aa R12=000002247e610da0 R13=0000000000000000 R14=000002247e610c80 R15=000000ffcd5a9bd0 ----------------------------------------------------- Stack crawl: 000000ffcd5a9680: 00007ff70ba8df45 (render_target::get_primitives()+0x00b5) 000000ffcd5a96f0: 00007ff7126a5a68 (renderer_d3d9::get_primitives()+0x0128) 000000ffcd5a9740: 00007ff70e72ba52 (win_window_info::update()+0x0142) 000000ffcd5a9780: 00007ff70e739bea (windows_osd_interface::update(bool)+0x003a) 000000ffcd5a9810: 00007ff70e7fcddb (video_manager::frame_update(bool)+0x00ab) 000000ffcd5a9880: 00007ff70b24fdf3 (screen_device::vblank_begin(int)+0x0233) 000000ffcd5a98f0: 00007ff70b276f6b (device_scheduler::timeslice()+0x014b) 000000ffcd5a9a40: 00007ff70b27410f (running_machine::run(bool)+0x01bf) 000000ffcd5af050: 00007ff70e710bfb (mame_machine_manager::execute()+0x020b) 000000ffcd5af430: 00007ff7125fe5b9 (cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03c9) 000000ffcd5af6e0: 00007ff7125feb6d (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x004d) 000000ffcd5af740: 00007ff70e70b2a9 (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0029) 000000ffcd5afb10: 00007ff714317eac (luaopen_lfs+0xf9cefc) 000000ffcd5afbe0: 00007ff7070013b1 (__tmainCRTStartup+0x0231) 000000ffcd5afc10: 00007ff7070014e6 (mainCRTStartup+0x0016) 000000ffcd5afc40: 00007ffe6c2a7374 (BaseThreadInitThunk+0x0014) 000000ffcd5afcc0: 00007ffe6ddfcc91 (RtlUserThreadStart+0x0021) and another time, I got one at exit too: ----------------------------------------------------- Exception at EIP=00007ff71054dafb (render_font::~render_font()+0x005b): ACCESS VIOLATION While attempting to read memory at ffffffffffffffff ----------------------------------------------------- RAX=0000ff0000000000 RBX=0000000000000000 RCX=000001a6eb520000 RDX=000001a6eb520000 RSI=000001a6eda6ff70 RDI=000001a6eda70210 RBP=00007ff719bd9490 RSP=00000029b00f96d0 R8=00000000ffffffff R9=0000000000000001 R10=000001a6eb520000 R11=00000029b00f9630 R12=000001a6eda78798 R13=000001a6eda81078 R14=00000029b00f9980 R15=00000029b00f9a70 ----------------------------------------------------- Stack crawl: 00000029b00f9720: 00007ff71054dafb (render_font::~render_font()+0x005b) 00000029b00f9750: 00007ff71054dc9e (render_font::~render_font()+0x000e) 00000029b00f9790: 00007ff7125c2811 (mame_ui_manager::exit()+0x0041) 00000029b00f98e0: 00007ff70b2741ca (running_machine::run(bool)+0x027a) 00000029b00feef0: 00007ff70e710bfb (mame_machine_manager::execute()+0x020b) 00000029b00ff2d0: 00007ff7125fe5b9 (cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)+0x03c9) 00000029b00ff580: 00007ff7125feb6d (cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x004d) 00000029b00ff5e0: 00007ff70e70b2a9 (emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&)+0x0029) 00000029b00ff9b0: 00007ff714317eac (luaopen_lfs+0xf9cefc) 00000029b00ffa80: 00007ff7070013b1 (__tmainCRTStartup+0x0231) 00000029b00ffab0: 00007ff7070014e6 (mainCRTStartup+0x0016) 00000029b00ffae0: 00007ffe6c2a7374 (BaseThreadInitThunk+0x0014) 00000029b00ffb60: 00007ffe6ddfcc91 (RtlUserThreadStart+0x0021)
No.23616 Robbbert Moderator 5 days ago	Thanks for confirming the crash.
No.23617 hap Developer 5 days ago	And gdb (on MAME current local build) says this: Thread 1 received signal SIGSEGV, Segmentation fault. 0x00007ff7d9cdd29b in input_device_joystick::adjust_absolute_value(int) const () (gdb) bt #0 0x00007ff7d9cdd29b in input_device_joystick::adjust_absolute_value(int) const () #1 0x00007ff7d8243c46 in input_manager::code_value(input_code) () #2 0x00007ff7d82446a0 in input_manager::seq_pressed(osd::input_seq const&) () #3 0x00007ff7d61f60f7 in ioport_field::frame_update(unsigned int&) () #4 0x00007ff7d61f6c21 in ioport_manager::frame_update() () #5 0x00007ff7d643fbaa in running_machine::call_notifiers(machine_notification) () #6 0x00007ff7d9d44798 in video_manager::frame_update(bool) () #7 0x00007ff7d631c782 in screen_device::vblank_begin(int) () #8 0x00007ff7d6449d0b in device_scheduler::timeslice() () #9 0x00007ff7d64470ad in running_machine::run(bool) () #10 0x00007ff7d9c99310 in mame_machine_manager::execute() () #11 0x00007ff7ddd7ee46 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) () #12 0x00007ff7ddd7f3f8 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () #13 0x00007ff7d9c94276 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) () #14 0x00007ff7dfc89957 in main ()
No.23618 cuavas Administrator 3 days ago	Looks a lot like memory corruption. Want to run it under asan, valgrind, purify or something?
No.23619 hap Developer 3 days ago	It's an array out of bounds access on gime.cpp m_scanlines. I don't have asan enabled.