Viewing Issue Advanced Details
Jump to Notes ]
apple/apple2.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05157 Crash/Freeze Critical (emulator) Always Feb 12, 2013, 18:29 Nov 24, 2014, 14:55
Tester Firewave View Status Public Platform MESS (Self-compiled)
Assigned To R. Belmont Resolution Fixed OS
Status [?] Resolved Driver
apple/apple2.cpp
Version 0.148u1 Fixed in Version 0.156 Build Debug
Fixed in Git Commit Github Pull Request #
Summary MESS-specific 05157: ace100: Access Violation with "-debug -flop1 4080trkd -ramsize 12288"
Description Actually happens with all ramsizes < 16384

-----------------------------------------------------
Exception at EIP=000000013F449FA2 (+0x3f449fa2): ACCESS VIOLATION
While attempting to read memory at 0000000004E75F00
-----------------------------------------------------
RAX=0000000000003F00 RBX=0000000000000000 RCX=0000000004E72000 RDX=0000000004126698
RSI=00000000001C6AF8 RDI=00000000001C6840 RBP=0000000000000000 RSP=00000000001C6800
 R8=0000000000001F00  R9=00000000000000FF R10=FEFEFEFEFEFEFEFF R11=8080808080808080
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
-----------------------------------------------------
Stack crawl:
  00000000001C6800: 000000013F449FA2 (apple2_state::apple2_mainram2000_r+0x0032, s:\svn\mame\src\mess\machine\apple2.c:1223)
  00000000001C6840: 000000013F4518DD (delegate_mfp::method_stub<apple2_state,unsigned char,address_space & __ptr64,unsigned int,unsigned char>+0x006d, s:\svn\mame\src\emu\delegate.h:329)
  00000000001C6870: 000000013F45205D (delegate_base<unsigned char,address_space & __ptr64,unsigned int,unsigned char,_noparam,_noparam>::operator()+0x004d, s:\svn\mame\src\emu\delegate.h:542)
  00000000001C68A0: 0000000140D7EC50 (handler_entry_read::read8+0x0050, s:\svn\mame\src\emu\memory.c:393)
  00000000001C68F0: 0000000140D82B1A (address_space_specific<unsigned char,0,0>::read_native+0x00da, s:\svn\mame\src\emu\memory.c:1084)
  00000000001C6930: 0000000140D7EFB7 (address_space_specific<unsigned char,0,0>::read_byte+0x0037, s:\svn\mame\src\emu\memory.c:1389)
  00000000001C6970: 000000014055B079 (m6502_device::mi_default_normal::read+0x0059, s:\svn\mame\src\emu\cpu\m6502\m6502.c:684)
  00000000001C69A0: 000000014059CBD6 (m6502_device::read+0x0046, s:\svn\mame\src\emu\cpu\m6502\m6502.h:196)
  00000000001C69D0: 0000000140582341 (m6502_device::sta_idy_full+0x01a1, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:6134)
  00000000001C6A10: 000000014055D41C (m6502_device::do_exec_full+0x08dc, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:10751)
  00000000001C6A70: 000000014055BB8F (m6502_device::execute_run+0x016f, s:\svn\mame\src\emu\cpu\m6502\m6502.c:414)
  00000000001C6AA0: 0000000140E77271 (device_execute_interface::run+0x0031, s:\svn\mame\src\emu\diexec.h:216)
  00000000001C6BC0: 0000000140E73D82 (device_scheduler::timeslice+0x0472, s:\svn\mame\src\emu\schedule.c:493)
  00000000001C7130: 0000000140E8EFAC (running_machine::run+0x034c, s:\svn\mame\src\emu\machine.c:396)
  00000000001CD8B0: 0000000140D02B28 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190)
  00000000001CF7D0: 0000000140E4139F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:258)
  00000000001CFCC0: 0000000141461B2B (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:493)
  00000000001CFD00: 000000014145D760 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82)
  00000000001CFD50: 00000001413FCD0C (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241)
  00000000001CFD80: 00000001413FCE4E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164)
  00000000001CFDB0: 0000000076CE652D (BaseThreadInitThunk+0x000d)
  00000000001CFE00: 000000007728C521 (RtlUserThreadStart+0x0021)
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems ace100
Attached Files
  
Relationships
related to 05158ResolvedR. Belmont  agat7: Access Violation with "-debug -ramsize 16384" 
Notes
2
User avatar
No.09359
Tafoid
Administrator
Feb 13, 2013, 10:10
 For me the emulation simply kills itself without any message and back to command prompt. Nasty one..
User avatar
No.11194
Firewave
Senior Tester
Oct 31, 2014, 17:22
edited on: Oct 31, 2014, 17:26
 
==22677==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x627000035000 at pc 0x0000010c7f13 bp 0x7fff67b4d2a0 sp 0x7fff67b4d298
READ of size 1 at 0x627000035000 thread T0
    #0 0x10c7f12 in apple2_state::apple2_mainram2000_r(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/mess/machine/apple2.c:1377:2
    #1 0x58f683d in delegate_base<unsigned char, address_space&, unsigned int, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:652:76
    #2 0x58f683d in handler_entry_read::read8(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/emu/memory.c:358
    #3 0x58f683d in address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) /home/notroot/trunk/src/emu/memory.c:1094
    #4 0x58f4b68 in address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412:64
    #5 0x3e5fc96 in m6502_device::mi_default_normal::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:703:9
    #6 0x3ec409d in m6502_device::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.h:207:34
    #7 0x3ec409d in m6502_device::sta_idy_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:6133
    #8 0x3f16609 in m6502_device::do_exec_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:10749:13
    #9 0x3e5dd45 in m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:413:3
    #10 0x3e5dd45 in non-virtual thunk to m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:415
    #11 0x59614ea in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15
    #12 0x59614ea in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
    #13 0x5883278 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:388:5
    #14 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #15 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #16 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #17 0x7fbab9318ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #18 0xe3373c in _start (/home/notroot/trunk/mess64d+0xe3373c)

AddressSanitizer can not describe address in more detail (wild memory access suspected).

Happened without -debug. I am also getting heap-buffer-overflows with ramsizes 4096 and 8192, but only with a mounted floppy.