#5172 closed defect (fixed)
SCI: QFG3: Crash in conversation
| Reported by: | SF/kuroshiro | Owned by: | wjp |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCI |
| Version: | Keywords: | script | |
| Cc: | Game: | Quest for Glory 3 |
Description
Quest for Glory 3 (Dos/English) ScummVM 1.2.0 51782 Windows 7 x64
When talking to Uhura in the village after using the dispel potion on the leopard-woman, if you choose the question about "Woo", the game will crash. No other dialogue will. It's not terribly critical, but it was kind of surprising. Crashes with the message: "[VM]kMemory: signature mismatch via method ::export 6 (script 999, room 440, localCall 0xffffffff)!"
Ticket imported from: #3040722. Ticket imported from: bugs/5172.
Attachments (1)
Change History (25)
comment:1 by , 14 years ago
| Game: | Police Quest 3 → Quest for Glory 3 |
|---|
comment:2 by , 14 years ago
comment:4 by , 14 years ago
That save game is when you're about to be judged... perhaps it's a different one?
comment:5 by , 14 years ago
Geh, sorry. I guess they're numbered a bit differently than I thought. Made a new save, this one should be the right one at last.
comment:6 by , 14 years ago
Could you please check what sierra sci is doing in that case? Maybe its a gamebug. I would try to patch it in that case. Otherwise we need to figure out whats going wrong.
comment:7 by , 14 years ago
| Owner: | set to |
|---|---|
| Status: | new → pending |
comment:8 by , 14 years ago
| Status: | pending → new |
|---|
comment:9 by , 14 years ago
Can't seem to reproduce this in dosbox. You might also be interested to know that the character saves generated by ScummVM don't work in the original interpreter.
comment:10 by , 14 years ago
The saves are of course not compatible. The only save-files, that can be used from sierra sci are the export-character files from quest for glory series.
comment:11 by , 14 years ago
I was talking about the character exports :)
I guess they are only compatible SCI -> ScummVM, not the other way around.
comment:12 by , 14 years ago
ScummVM export files are compressed (like all ScummVM created files are). If you uncompress them, they work just fine in sierra sci.
comment:13 by , 14 years ago
I tried fixing this call, but then the game crashes later on anyway in other places. This looks like some sort of buggy script, so we should better patch it or ignore all of its incorrect calls
comment:14 by , 14 years ago
| Owner: | removed |
|---|
comment:15 by , 14 years ago
| Keywords: | script added |
|---|---|
| Owner: | set to |
| Resolution: | → fixed |
| Status: | new → closed |
comment:16 by , 14 years ago
Fixed in r4766774, it was a script bug which made it loop indefinitely, thereby reading garbage data and crashing
comment:17 by , 13 years ago
| Owner: | removed |
|---|---|
| Resolution: | fixed |
| Status: | closed → new |
comment:18 by , 13 years ago
Reopening this, as this script patch caused a nasty bug in another conversation in the game (bug #3377429).
Here's the problematic patch, for reference:
// Script 23 in QFG3 has a typo/bug which makes it loop endlessly and // read garbage. Fixes bug #3040722. const byte qfg3DialogCrash[] = { 5, 0x34, 0xe7, 0x03, // ldi 3e7 (999) 0x22, // lt? 0x33, // jmp [back] ---> BUG! Infinite loop 0 };
const uint16 qfg3PatchDialogCrash[] = { 0x34, 0xe7, 0x03, // ldi 3e7 (999) 0x22, // lt? 0x31, // bnt [back] PATCH_END };
comment:19 by , 13 years ago
| Summary: | QFG3: Crash in conversation → SCI: QFG3: Crash in conversation |
|---|
comment:20 by , 12 years ago
This is very likely a script bug.
When I tried in the original, saying "Woo" worked without a crash, but afterwards I couldn't speak to Uhura again.
I looked at the relevant script, and it seems the Teller script object works with lists of options/subconversations in uhuraTeller::arrays (The current one is uhuraTeller::curArray). Each array is a list of integers corresponding to conversation options. When such an integer is negative, it is interpreted as an option with a submenu (and its absolute value is the message number for the option). The array uhuraTeller::keys contain the conversation options that trigger each array in uhuraTeller::arrays.
(So keys[1] is the conversation option leading to opening the subconversation in arrays[1].)
The problem here is that the option for "Woo" is -75, but there is no -75 in uhuraTeller::keys, so it runs out of bounds while trying to locate it. [ SSCI most likely found it somewhere later in memory and then set uhuraTeller::curArray to some bogus value, breaking conversation. ]
A fix would be changing this -75 to +75 in the locals of script 440.
comment:21 by , 12 years ago
One complication is that -75 is also the trigger for some puzzle points, and this is handled inside uhuraTeller::doChilld, which is the function handling submenus. So simply replacing -75 by +75 will break getting points for asking about Woo...
comment:22 by , 12 years ago
New strategy: force a return in uhuraTeller::doChild after handling the hero::solvePuzzle call, and prevent the submenu from actually being opened.
This is now hopefully fixed in d1e2d61b781aab5a0cc832a05a0981765fc4b0fe.
comment:23 by , 12 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:24 by , 2 years ago
Closure!
The missing piece was that the puzzle points that the Woo dialog handler attempted to award were already awarded when asking Uhura about marriage. (Bug on top of bug!) Marriage is the dialog option that brings up the submenu with Woo, so Woo's hero:solvePuzzle call never did anything. Patching the local variable from -75 to 75 would have been fine, although any prior saves from within the room would have still crashed.
I've updated the patch to simplify this, since there was a also second version for the NRS scripts included with GOG. Now there's one version and it just returns instead of calling solvePuzzle. (If it weren't for save game compatibility I would have patched the local.)
https://github.com/scummvm/scummvm/commit/ea86295e3edd02bd57376f4494b6ed5baa5e788a
Um, the save game says "qfg1:, is that for qfg3?