03114: area51, area51mx: Crash at high-score screen

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
03114	Crash/Freeze	Critical (emulator)	Always	Apr 21, 2009, 22:45	Nov 15, 2022, 09:27

Tester	MrBadAxe	View Status	Public	Platform	MAME (Official Binary)
Assigned To		Resolution	Open	OS
Status [?]	Confirmed			Driver	atari/jaguar.cpp
Version	0.129	Fixed in Version		Build
		Fixed in Git Commit		Github Pull Request #

Summary	03114: area51, area51mx: Crash at high-score screen
Description	Occurs at Enter Initials screen. If you attempt to move the lightgun cursor to the top level of letters (A-K) MAME crashes.
Steps To Reproduce	* Die with a high score. On a fresh NVRAM, lowest high score is Note: 11000 points; this amount can be achieved within the first two levels. * Once at Enter Initials screen, attempt to move cursor to top level of letters.
Additional Information	cojag.c merged into jaguar.c in 0.142u2 Occurs regardless of whether controlled by keyboard or mouse. Originally discovered in Kronn Hunter secret gameplay mode, later duplicated in normal gameplay mode.
Github Commit

Flags
Regression Version
Affected Sets / Systems	area51, area51mx

Attached Files

No.06069 Firewave Senior Tester May 10, 2010, 12:36	Unfortunately I didn't ran a build with a fixed stack walk, but it's very easy to reproduce. ----------------------------------------------------- Exception at EIP=00459025 (?blitter_09800009_000020_000020@@YAXPAVrunning_machin e@@III@Z+0x17c5): ACCESS VIOLATION While attempting to read memory at 0CA918E2 ----------------------------------------------------- EAX=013FFBCD EBX=7EFDE000 ECX=00000000 EDX=0A292148 ESI=0012E360 EDI=0012E314 EBP=0012E314 ESP=0012DF6C
No.06070 Firewave Senior Tester May 10, 2010, 12:57	Crash is happening if you move the mouse cursor into the upper right area of the screen you enter your high score at. Here's the backtrace from VS2010: > vmamevs10d.exe!blitter_09800009_000020_000020(running_machine * machine=0x00238d78, unsigned int command=159384073, unsigned int a1flags=16928, unsigned int a2flags=24096) Line 343 + 0x205 bytes C++ vmamevs10d.exe!blitter_run(running_machine * machine=0x00238d78) Line 514 + 0x1d bytes C++ vmamevs10d.exe!jaguar_blitter_w(const _address_space * space=0x08a38728, unsigned int offset=14, unsigned int data=159384073, unsigned int mem_mask=4294967295) Line 614 + 0xc bytes C++ vmamevs10d.exe!write_dword_generic(const _address_space * space=0x08a38728, unsigned int byteaddress=82846264, unsigned int data=159384073, unsigned int mem_mask=4294967295) Line 716 + 0x1f bytes C++ vmamevs10d.exe!memory_write_dword_32be(const _address_space * space=0x08a38728, unsigned int address=2767200824, unsigned int data=159384073) Line 4669 + 0x13 bytes C++ vmamevs10d.exe!cpu_execute_r3000(running_device * device=0x0023a6a0, int cycles=1122) Line 858 + 0x3d bytes C++ vmamevs10d.exe!cpuexec_timeslice(running_machine * machine=0x00238d78) Line 328 + 0x17 bytes C++ vmamevs10d.exe!mame_execute(_core_options * options=0x07dc34a0) Line 320 + 0x9 bytes C++ vmamevs10d.exe!cli_execute(int argc=7, char * * argv=0x07dc3448, const _options_entry * osd_options=0x035240b0) Line 177 + 0x9 bytes C++ vmamevs10d.exe!utf8_main(int argc=7, char * * argv=0x07dc3448) Line 318 + 0x12 bytes C++ vmamevs10d.exe!wmain(int argc=7, wchar_t * * argv=0x07dc36b0) Line 82 + 0xd bytes C++ vmamevs10d.exe!__tmainCRTStartup() Line 278 + 0x19 bytes C vmamevs10d.exe!wmainCRTStartup() Line 189 C The line it crashes at looks like this dstdata = READ_PIXEL(adest, adestflags); And the variables involved look like this: adest_base_mem 0x0a332148 void * adest_pitch 0 int adest_width 320 int adest_x 11796480 int adest_y -262144 int COMMAND 8 int adestflags 32 unsigned int
No.06071 Haze Senior Tester May 10, 2010, 13:07	yeah, the Jaguar blitter code is nasty Kale has been looking at it a bit, and .. ouch, the way it's been programmed means it can trash over memory as much as it likes, including romspace! Any bugs there don't surprise me.
No.13349 Fujix Administrator Nov 10, 2016, 17:51	Repro in 0.179.
No.14604 Firewave Senior Tester Jan 2, 2018, 19:50	I wasn't able to reproduce this in 0.193 - tried Windows and Linux.
No.16747 NekoEd Senior Tester Aug 13, 2019, 00:00	This is still around in 0.212
No.20821 Firewave Senior Tester Nov 15, 2022, 09:27	I wasn't able to reproduce this with 0.249 on Linux. Also no UBSAN/ASAN errors.