05158: agat7: Access Violation with "-debug -ramsize 16384"

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
05158	Crash/Freeze	Critical (emulator)	Always	Feb 12, 2013, 18:30	Nov 24, 2014, 14:53

Tester	Firewave	View Status	Public	Platform	MESS (Self-compiled)
Assigned To	R. Belmont	Resolution	Fixed	OS
Status [?]	Resolved			Driver	apple/apple2.cpp
Version	0.148u1	Fixed in Version	0.156	Build	Debug
		Fixed in Git Commit		Github Pull Request #

Summary	05158: agat7: Access Violation with "-debug -ramsize 16384"
Description	----------------------------------------------------- Exception at EIP=000000013FA19FE2 (+0x3fa19fe2): ACCESS VIOLATION While attempting to read memory at 0000000005569800 ----------------------------------------------------- RAX=0000000000007800 RBX=0000000000000000 RCX=0000000005562000 RDX=00000000042B11A8 RSI=00000000002F6C58 RDI=00000000002F69A0 RBP=0000000000000000 RSP=00000000002F6960 R8=0000000000003800 R9=00000000000000FF R10=FEFEFEFEFEFEFEFF R11=8080808080808080 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 ----------------------------------------------------- Stack crawl: 00000000002F6960: 000000013FA19FE2 (apple2_state::apple2_mainram4000_r+0x0032, s:\svn\mame\src\mess\machine\apple2.c:1229) 00000000002F69A0: 000000013FA218DD (delegate_mfp::method_stub<apple2_state,unsigned char,address_space & __ptr64,unsigned int,unsigned char>+0x006d, s:\svn\mame\src\emu\delegate.h:329) 00000000002F69D0: 000000013FA2205D (delegate_base<unsigned char,address_space & __ptr64,unsigned int,unsigned char,_noparam,_noparam>::operator()+0x004d, s:\svn\mame\src\emu\delegate.h:542) 00000000002F6A00: 000000014134EC50 (handler_entry_read::read8+0x0050, s:\svn\mame\src\emu\memory.c:393) 00000000002F6A50: 0000000141352B1A (address_space_specific<unsigned char,0,0>::read_native+0x00da, s:\svn\mame\src\emu\memory.c:1084) 00000000002F6A90: 000000014134EFB7 (address_space_specific<unsigned char,0,0>::read_byte+0x0037, s:\svn\mame\src\emu\memory.c:1389) 00000000002F6AD0: 0000000140B2B079 (m6502_device::mi_default_normal::read+0x0059, s:\svn\mame\src\emu\cpu\m6502\m6502.c:684) 00000000002F6B00: 0000000140B6CBD6 (m6502_device::read+0x0046, s:\svn\mame\src\emu\cpu\m6502\m6502.h:196) 00000000002F6B30: 0000000140B52341 (m6502_device::sta_idy_full+0x01a1, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:6134) 00000000002F6B70: 0000000140B2D41C (m6502_device::do_exec_full+0x08dc, s:\svn\mame\obj\vwindows64d\emu\cpu\m6502\m6502.inc:10751) 00000000002F6BD0: 0000000140B2BB8F (m6502_device::execute_run+0x016f, s:\svn\mame\src\emu\cpu\m6502\m6502.c:414) 00000000002F6C00: 0000000141447271 (device_execute_interface::run+0x0031, s:\svn\mame\src\emu\diexec.h:216) 00000000002F6D20: 0000000141443D82 (device_scheduler::timeslice+0x0472, s:\svn\mame\src\emu\schedule.c:493) 00000000002F7290: 000000014145EFAC (running_machine::run+0x034c, s:\svn\mame\src\emu\machine.c:396) 00000000002FDA10: 00000001412D2B28 (mame_execute+0x01f8, s:\svn\mame\src\emu\mame.c:190) 00000000002FF930: 000000014141139F (cli_frontend::execute+0x0a2f, s:\svn\mame\src\emu\clifront.c:258) 00000000002FFE20: 0000000141A31B2B (utf8_main+0x017b, s:\svn\mame\src\osd\windows\winmain.c:493) 00000000002FFE60: 0000000141A2D760 (wmain+0x00b0, s:\svn\mame\src\osd\windows\main.c:82) 00000000002FFEB0: 00000001419CCD0C (__tmainCRTStartup+0x00ec, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:241) 00000000002FFEE0: 00000001419CCE4E (wmainCRTStartup+0x000e, f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c:164) 00000000002FFF10: 0000000076CE652D (BaseThreadInitThunk+0x000d) 00000000002FFF60: 000000007728C521 (RtlUserThreadStart+0x0021)
Steps To Reproduce
Additional Information
Github Commit

Flags
Regression Version
Affected Sets / Systems	agat7

Attached Files

No.09360 Tafoid Administrator Feb 13, 2013, 10:14 edited on: Feb 14, 2013, 19:39	Emulation keeps running for me but the Debug window is stuck on a "KIL" opcode. Possible regression in r14832 when slots were rewitten for apple2.c
No.11196 Firewave Senior Tester Oct 31, 2014, 17:26	==22828==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000adea9 at pc 0x0000010c7f73 bp 0x7fffe82414c0 sp 0x7fffe82414b8 READ of size 1 at 0x6290000adea9 thread T0 #0 0x10c7f72 in apple2_state::apple2_mainram4000_r(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/mess/machine/apple2.c:1383:2 #1 0x58f683d in delegate_base<unsigned char, address_space&, unsigned int, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:652:76 #2 0x58f683d in handler_entry_read::read8(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/emu/memory.c:358 #3 0x58f683d in address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) /home/notroot/trunk/src/emu/memory.c:1094 #4 0x58f4b68 in address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412:64 #5 0x3e5fc96 in m6502_device::mi_default_normal::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:703:9 #6 0x3e72eeb in m6502_device::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.h:207:34 #7 0x3e72eeb in m6502_device::bit_aba_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:1138 #8 0x3f1355e in m6502_device::do_exec_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:10648:13 #9 0x3e5dd45 in m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:413:3 #10 0x3e5dd45 in non-virtual thunk to m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:415 #11 0x59614ea in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15 #12 0x59614ea in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476 #13 0x5883278 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:388:5 #14 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11 #15 0x56af8e1 in cli_frontend::execute(int, char*) /home/notroot/trunk/src/emu/clifront.c:244:15 #16 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9 #17 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #18 0xe3373c in _start (/home/notroot/trunk/mess64d+0xe3373c) 0x6290000adea9 is located 15529 bytes inside of 16544-byte region [0x6290000aa200,0x6290000ae2a0) freed by thread T0 here: #0 0xe15e4b in free /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:30:3 #1 0x5c10dca in free_zip_file(zip_file) /home/notroot/trunk/src/lib/util/unzip.c:399:3 #2 0x5c10dca in zip_file_open(char const, zip_file) /home/notroot/trunk/src/lib/util/unzip.c:206 #3 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22 #4 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13 #5 0x576e7ea in emu_file::open(char const, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9 #6 0x576e7ea in emu_file::open(char const, char const, char const, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321 #7 0x5948ca0 in common_process_file(emu_options&, char const, bool, unsigned int, rom_entry const, emu_file) /home/notroot/trunk/src/emu/romload.c:113:12 #8 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/diimage.c:827:15 #9 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125 #10 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334 #11 0x56e1b16 in device_image_interface::load_software_part(char const, software_part&) /home/notroot/trunk/src/emu/diimage.c:1275:16 #12 0x56e08d4 in device_image_interface::load_internal(char const, bool, int, option_resolution, bool) /home/notroot/trunk/src/emu/diimage.c:893:15 #13 0x56e2bb2 in device_image_interface::load(char const) /home/notroot/trunk/src/emu/diimage.c:1004:9 #14 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18 #15 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2 #16 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2 #17 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3 #18 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11 #19 0x56af8e1 in cli_frontend::execute(int, char*) /home/notroot/trunk/src/emu/clifront.c:244:15 #20 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9 #21 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 previously allocated by thread T0 here: #0 0xe160cb in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3 #1 0x5c10cdf in zip_file_open(char const, zip_file*) /home/notroot/trunk/src/lib/util/unzip.c:152:23 #2 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22 #3 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13 #4 0x576e7ea in emu_file::open(char const, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9 #5 0x576e7ea in emu_file::open(char const, char const, char const, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321 #6 0x5948ca0 in common_process_file(emu_options&, char const, bool, unsigned int, rom_entry const, emu_file) /home/notroot/trunk/src/emu/romload.c:113:12 #7 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/diimage.c:827:15 #8 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125 #9 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const, rom_entry const) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334 #10 0x56e1b16 in device_image_interface::load_software_part(char const, software_part&) /home/notroot/trunk/src/emu/diimage.c:1275:16 #11 0x56e08d4 in device_image_interface::load_internal(char const, bool, int, option_resolution, bool) /home/notroot/trunk/src/emu/diimage.c:893:15 #12 0x56e2bb2 in device_image_interface::load(char const) /home/notroot/trunk/src/emu/diimage.c:1004:9 #13 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18 #14 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2 #15 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2 #16 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3 #17 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11 #18 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15 #19 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9 #20 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 Happens without -debug. I am also getting heap-use-after-free with ramsize 32768 with or without a floppy. 16384 without floppy is fine.

No.09360

Tafoid

Administrator

Feb 13, 2013, 10:14

edited on: Feb 14, 2013, 19:39

Emulation keeps running for me but the Debug window is stuck on a "KIL" opcode.
Possible regression in r14832 when slots were rewitten for apple2.c

No.11196

Firewave

Senior Tester

Oct 31, 2014, 17:26

==22828==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000adea9 at pc 0x0000010c7f73 bp 0x7fffe82414c0 sp 0x7fffe82414b8
READ of size 1 at 0x6290000adea9 thread T0
    #0 0x10c7f72 in apple2_state::apple2_mainram4000_r(address_space&, unsigned int, unsigned char) /home/notroot/trunk/src/mess/machine/apple2.c:1383:2
    #1 0x58f683d in delegate_base<unsigned char, address_space&, unsigned int, unsigned char, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam, _noparam>::operator()(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/lib/util/delegate.h:652:76
    #2 0x58f683d in handler_entry_read::read8(address_space&, unsigned int, unsigned char) const /home/notroot/trunk/src/emu/memory.c:358
    #3 0x58f683d in address_space_specific<unsigned char, (endianness_t)0, false>::read_native(unsigned int) /home/notroot/trunk/src/emu/memory.c:1094
    #4 0x58f4b68 in address_space_specific<unsigned char, (endianness_t)0, false>::read_byte(unsigned int) /home/notroot/trunk/src/emu/memory.c:1412:64
    #5 0x3e5fc96 in m6502_device::mi_default_normal::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:703:9
    #6 0x3e72eeb in m6502_device::read(unsigned short) /home/notroot/trunk/src/emu/cpu/m6502/m6502.h:207:34
    #7 0x3e72eeb in m6502_device::bit_aba_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:1138
    #8 0x3f1355e in m6502_device::do_exec_full() /home/notroot/trunk/obj/sdl64d/emu/cpu/m6502/m6502.inc:10648:13
    #9 0x3e5dd45 in m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:413:3
    #10 0x3e5dd45 in non-virtual thunk to m6502_device::execute_run() /home/notroot/trunk/src/emu/cpu/m6502/m6502.c:415
    #11 0x59614ea in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:191:15
    #12 0x59614ea in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:476
    #13 0x5883278 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:388:5
    #14 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #15 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #16 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #17 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #18 0xe3373c in _start (/home/notroot/trunk/mess64d+0xe3373c)

0x6290000adea9 is located 15529 bytes inside of 16544-byte region [0x6290000aa200,0x6290000ae2a0)
freed by thread T0 here:
    #0 0xe15e4b in free /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:30:3
    #1 0x5c10dca in free_zip_file(zip_file*) /home/notroot/trunk/src/lib/util/unzip.c:399:3
    #2 0x5c10dca in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:206
    #3 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #4 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #5 0x576e7ea in emu_file::open(char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9
    #6 0x576e7ea in emu_file::open(char const*, char const*, char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321
    #7 0x5948ca0 in common_process_file(emu_options&, char const*, bool, unsigned int, rom_entry const*, emu_file**) /home/notroot/trunk/src/emu/romload.c:113:12
    #8 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/diimage.c:827:15
    #9 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125
    #10 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334
    #11 0x56e1b16 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1275:16
    #12 0x56e08d4 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:893:15
    #13 0x56e2bb2 in device_image_interface::load(char const*) /home/notroot/trunk/src/emu/diimage.c:1004:9
    #14 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18
    #15 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2
    #16 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2
    #17 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3
    #18 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #19 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #20 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #21 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

previously allocated by thread T0 here:
    #0 0xe160cb in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
    #1 0x5c10cdf in zip_file_open(char const*, zip_file**) /home/notroot/trunk/src/lib/util/unzip.c:152:23
    #2 0x576f488 in emu_file::attempt_zipped() /home/notroot/trunk/src/emu/fileio.c:680:22
    #3 0x576d7a6 in emu_file::open_next() /home/notroot/trunk/src/emu/fileio.c:363:13
    #4 0x576e7ea in emu_file::open(char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:307:9
    #5 0x576e7ea in emu_file::open(char const*, char const*, char const*, unsigned int) /home/notroot/trunk/src/emu/fileio.c:321
    #6 0x5948ca0 in common_process_file(emu_options&, char const*, bool, unsigned int, rom_entry const*, emu_file**) /home/notroot/trunk/src/emu/romload.c:113:12
    #7 0x56dfbf5 in device_image_interface::load_software(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/diimage.c:827:15
    #8 0x2b4f8e8 in legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:100:125
    #9 0x2b4f8e8 in non-virtual thunk to legacy_floppy_image_device::call_softlist_load(software_list_device&, char const*, rom_entry const*) /home/notroot/trunk/src/emu/imagedev/flopdrv.h:334
    #10 0x56e1b16 in device_image_interface::load_software_part(char const*, software_part*&) /home/notroot/trunk/src/emu/diimage.c:1275:16
    #11 0x56e08d4 in device_image_interface::load_internal(char const*, bool, int, option_resolution*, bool) /home/notroot/trunk/src/emu/diimage.c:893:15
    #12 0x56e2bb2 in device_image_interface::load(char const*) /home/notroot/trunk/src/emu/diimage.c:1004:9
    #13 0x5774496 in image_device_init(running_machine&) /home/notroot/trunk/src/emu/image.c:221:18
    #14 0x5775322 in image_init(running_machine&) /home/notroot/trunk/src/emu/image.c:297:2
    #15 0x587fa71 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:260:2
    #16 0x5882fa3 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342:3
    #17 0x587b59a in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216:11
    #18 0x56af8e1 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:244:15
    #19 0x2d64529 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:335:9
    #20 0x7fe46f3f2ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287

Happens without -debug. I am also getting heap-use-after-free with ramsize 32768 with or without a floppy. 16384 without floppy is fine.