SCUMM: INDY3: Invalid Graphics::copyBlit() memory access triggered by mac_drawIndy3TextBox()

[dwatteau]

Current Git HEAD on OSX PPC, starting the Macintosh release of Indy 3 and moving to Irene's office, the following crash happens just before she starts talking:

User picked target 'indy3-ega-mac' (engine ID 'scumm', game ID 'indy3')...
WARNING: Libretro is not supported!

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x066e4000

(gdb) bt
#0  0xffff8a48 in ___memcpy () at /System/Library/Frameworks/System.framework/PrivateHeaders/ppc/cpu_capabilities.h:189
#1  0x004a4d70 in Graphics::copyBlit (dst=0x7068660 "", src=0x66e3e80 "", dstPitch=640, srcPitch=448, w=448, h=85, bytesPerPixel=1) at graphics/blit/blit.cpp:42
#2  0x00571954 in Graphics::Surface::copyRectToSurface (this=0x246a530, buffer=0x66de380, srcPitch=448, destX=96, destY=72, width=448, height=85) at graphics/surface.cpp:178
#3  0x001001c4 in Scumm::ScummEngine::mac_drawIndy3TextBox (this=0x68cb000) at engines/scumm/gfx_mac.cpp:136
#4  0x002840b0 in Scumm::ScummEngine::displayDialog (this=0x68cb000) at engines/scumm/string.cpp:1203
#5  0x000a0728 in Scumm::ScummEngine::actorTalk (this=0x68cb000, msg=0x2ac3428 "STUDENTS!  STUDENTS!  PLEASE BE PATIENT!?\001I'm sure Dr. Jones will be back soon!") at engines/scumm/actor.cpp:3522
#6  0x0027fe70 in Scumm::ScummEngine::printString (this=0x68cb000, m=0, msg=0x2ac3428 "STUDENTS!  STUDENTS!  PLEASE BE PATIENT!?\001I'm sure Dr. Jones will be back soon!") at engines/scumm/string.cpp:107
#7  0x0023ed08 in Scumm::ScummEngine_v5::decodeParseStringTextString (this=0x68cb000, textSlot=0) at engines/scumm/script_v5.cpp:3492
#8  0x0023de60 in Scumm::ScummEngine_v5::decodeParseString (this=0x68cb000) at engines/scumm/script_v5.cpp:3357
#9  0x00237e08 in Scumm::ScummEngine_v5::o5_print (this=0x68cb000) at engines/scumm/script_v5.cpp:1960
#10 0x0023f1c8 in Common::Functor0Mem<void, Scumm::ScummEngine_v5>::operator() (this=0x6072390) at func.h:397
#11 0x002525d8 in Scumm::ScummEngine::executeOpcode (this=0x68cb000, i=20 '\024') at engines/scumm/script.cpp:527
#12 0x002524b8 in Scumm::ScummEngine::executeScript (this=0x68cb000) at engines/scumm/script.cpp:520
#13 0x002543e8 in Scumm::ScummEngine::runAllScripts (this=0x68cb000) at engines/scumm/script.cpp:968
#14 0x0026c730 in Scumm::ScummEngine::scummLoop (this=0x68cb000, delta=6) at engines/scumm/scumm.cpp:2882
#15 0x0026b53c in Scumm::ScummEngine::go (this=0x68cb000) at engines/scumm/scumm.cpp:2593
#16 0x00272068 in Scumm::ScummEngine::run (this=0x68cb000) at scumm.h:585
#17 0x00071f20 in runGame (enginePlugin=0x2440c90, system=@0x24310b8, game=@0xbfffd4e0, meDescriptor=0x0) at base/main.cpp:311
#18 0x000740e4 in scummvm_main (argc=1, argv=0x2406a10) at base/main.cpp:796
#19 0x0006c2e4 in SDL_main (argc=1, argv=0x2406a10) at backends/platform/sdl/macosx/macosx-main.cpp:44
#20 0x0082606c in -[SDLMain applicationDidFinishLaunching:] ()
#21 0x92bf5e1c in _nsnote_callback ()
#22 0x90805ec0 in __CFXNotificationPost ()
#23 0x907fdf20 in _CFXNotificationPostNotification ()
#24 0x92be0224 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
#25 0x937a3be8 in -[NSApplication _postDidFinishNotification] ()
#26 0x937a3ad4 in -[NSApplication _sendFinishLaunchingNotification] ()
#27 0x937a361c in -[NSApplication(NSAppleEventHandling) _handleAEOpen:] ()
#28 0x937a31c4 in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] ()
#29 0x92bf6e28 in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] ()
#30 0x92bf6c88 in _NSAppleEventManagerGenericHandler ()
#31 0x91500960 in aeDispatchAppleEvent ()
#32 0x915007fc in dispatchEventAndSendReply ()
#33 0x91500654 in aeProcessAppleEvent ()
#34 0x932bf2e0 in AEProcessAppleEvent ()
#35 0x937a190c in _DPSNextEvent ()
#36 0x937a13f8 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#37 0x9379d93c in -[NSApplication run] ()
#38 0x008266d4 in main ()
#39 0x0000791c in _start ()
#40 0x00007620 in start ()

(Full GDB log attached below.)

FWIW, I'm using the following config for it (in case it's related to the scaler settings or something...):

[indy3-ega-mac]
filtering=false
scale_factor=2
description=Indiana Jones and the Last Crusade (EGA/Macintosh/English)
scaler=hq
extra=EGAtalkspeed=85
path=/path/to/game
engineid=scumm
enhancements=511
fullscreen=false
gameid=indy3
original_gui=true
language=en
gui_saveload_last_pos=12
platform=macintosh
music_driver=auto
vsync=true
opl_driver=auto
aspect_ratio=false
guioptions=sndNoSpeech sndNoMIDI midiMac noAspect macintosh macintoshbw gameOption2 gameOption4 lang_English

[dwatteau]

Full GDB log

[Torbjörn Andersson <eriktorbjorn@…>]

In 83b6f8e9:

SCUMM: Fix bad height for Indy 3 text box (bug #15484)

This was a recent regression. The last parameter to copyRectToScreen()
is the height, not the position, so it should not be adjusted by
_macScreenDrawOffset.

[eriktorbjorn]

Thanks! This appears to be a recent regression, and it didn't crash on my computer so I never noticed. I think it should be fixed now. Please let me know if it's not.

[dwatteau]

Thanks for such a quick fix!

Yeah it looks like the OSX PPC port is sometimes "lucky" in the way it can catch some corruption issues.

I haven’t been able to trigger any new crash after this change, so far.

I think the issue can be closed. I’ll reopen it if necessary.