SIGSEGV in Scumm::ScummEngine::syncSoundSettings()

[lephilousophe]

Version 2.7.1

Here is a crash report from Google Play console:

backtrace:
  #00  pc 0x0000000001a0cbec  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (Scumm::ScummEngine::syncSoundSettings()+1108)
  #01  pc 0x00000000035b920c  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (Engine::openMainMenuDialog()+516)
  #02  pc 0x0000000003628198  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (DefaultEventManager::pollEvent(Common::Event&)+1076)
  #03  pc 0x00000000035c7458  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (GUI::GuiManager::runLoop()+432)
  #04  pc 0x00000000035c4774  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (GUI::Dialog::runModal()+24)
  #05  pc 0x0000000001a0ba90  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (Scumm::ScummEngine_v7::setupScumm(Common::String const&)+1408)
  #06  pc 0x0000000001a09608  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (Scumm::ScummEngine::init()+3452)
  #07  pc 0x0000000001a10418  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (Scumm::ScummEngine::run()+52)
  #08  pc 0x00000000019e90f4  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (scummvm_main+7012)
  #09  pc 0x00000000019db3a8  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/lib/arm64/libscummvm.so (JNI::main(_JNIEnv*, _jobject*, _jobjectArray*)+340)
  #10  pc 0x00000000000162f0  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/oat/arm64/base.odex (art_jni_trampoline+128)
  #11  pc 0x000000000020a2b0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016)
  #12  pc 0x00000000002a8588  /data/app/~~rSRbS8khzueivDPrqNTp_A==/org.scummvm.scummvm-T-m5ff1FdmM7qTqraWxkuw==/oat/arm64/base.vdex (org.scummvm.scummvm.ScummVM.run+76)
  #13  pc 0x00000000003ee490  /data/misc/apexdata/com.android.art/dalvik-cache/arm64/boot.oat (java.lang.Thread.run+80)
  #14  pc 0x0000000000457d6c  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+556)
  #15  pc 0x0000000000483be4  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+156)
  #16  pc 0x00000000004838b0  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+400)
  #17  pc 0x00000000005cc300  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1680)
  #18  pc 0x00000000000f5548  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208)
  #19  pc 0x000000000008ef3c  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68)

From disassembly, it looks like the crash happens in engines/scumm/scumm.cpp around line 2164:

VAR(VAR_VOICE_MODE) = _voiceMode;

Maybe some part of the engine is not properly initialized?

[somaen]

What would I need to do to reproduce this segfault?

[sev-]

Fixed in 319dcd9a89bff5a75e8eedf993cdde4da56a3bd0, but a more generic fix is required.