Viewing Issue Advanced Details
Jump to Notes ]
bfm/bfm_sc4.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05664 Crash/Freeze Critical (emulator) Always Aug 11, 2014, 14:10 Nov 5, 2022, 09:59
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Fixed OS Linux
Status [?] Resolved Driver
bfm/bfm_sc4.cpp
Version 0.154 Fixed in Version Build Debug
Fixed in Git Commit Github Pull Request #
Summary 05664: several bfm_sc4.c sets: Crash
Description 
==13280==ERROR: AddressSanitizer: SEGV on unknown address 0x7f92c6b255dc (pc 0x000001808229 sp 0x7fff7a833b40 bp 0x7fff7a833d20 T0)
    #0 0x1808228 in find_input_strings(running_machine&) /home/notroot/trunk/src/mame/drivers/bfm_sc45_helper.c:200
    #1 0x180dbed in bfm_sc45_layout_helper(running_machine&) /home/notroot/trunk/src/mame/drivers/bfm_sc45_helper.c:938
    #2 0x174ff9d in sc4_state::init_sc4() /home/notroot/trunk/src/mame/drivers/bfm_sc4.c:139
    #3 0x17e16f7 in void driver_device::driver_init_wrapper<sc4_state, &sc4_state::init_sc4>(running_machine&) /home/notroot/trunk/src/emu/driver.h:131
    #4 0x81e40cd in driver_device::device_start() /home/notroot/trunk/src/emu/driver.c:210
    #5 0x8163629 in device_t::start() /home/notroot/trunk/src/emu/device.c:392
    #6 0x833503b in running_machine::start_all_devices() /home/notroot/trunk/src/emu/machine.c:1053
    #7 0x8332625 in running_machine::start() /home/notroot/trunk/src/emu/machine.c:278
    #8 0x833589d in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:342
    #9 0x832d897 in machine_manager::execute() /home/notroot/trunk/src/emu/mame.c:216
    #10 0x813fd28 in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:243
    #11 0x59ac224 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:332
    #12 0x7f92f744ede4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #13 0x10bb54c in _start (/home/notroot/trunk/mame64d+0x10bb54c)

AddressSanitizer can not provide additional info.

Affected sets:
sc4crzgn6, sc4crzgn7, sc4crzgna, sc4crzgnc, sc4crzgnd, sc4crzgnf, sc4crzgni, sc4crzgnk, sc4crzgnm, sc4crzgnn, sc4crzgnq, sc4crzgnr, sc4crzgns, sc4tri7g, sc4tri7h, sc4tri7o
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems several bfm_sc4.c sets
Attached Files
  
Relationships
related to 05824Resolved  several bfm_sc4.c sets: [debug] Assertion 
Notes
3
User avatar
No.11354
Firewave
Senior Tester
Jan 4, 2015, 19:25
 From error.log:

(port 00 position 00) unk 0000 addr dddddddd

it crashes because the "maincpu" memregion is uninitialized.
User avatar
No.11366
AWJ
Developer
Jan 8, 2015, 17:48
 Actually, it crashes because it's attempting to read strings (input port names) out of the ROMs without doing any bounds checking whatsoever. If a particular game's string tables are in a different format than what the code expects, or if compare_input_code() hits a false positive (i.e. data in the ROM that looks like the start of the strings table but isn't) then it ends up following garbage pointers and reading past the end of the ROM region.
User avatar
No.20750
Firewave
Senior Tester
Nov 5, 2022, 09:59
 I tested several sets with 0.249 and no ASAN error or crash on Linux.

They are also all(?) marked MNW.