#5335 closed defect (fixed)
SCI Fanmade - Ocean Battle: Crash while playing
Reported by: | SF/escarlate | Owned by: | bluegr |
---|---|---|---|
Priority: | normal | Component: | Engine: SCI |
Version: | Keywords: | script | |
Cc: | Game: | SCI Fanmade |
Description
Game Version: DOS/English ScummVM Version: 1.2.0svn52559 Operating System: Win32 (XP SP2)
The console log:
Uninitialized read for temp 1 from method RoomScript::doit (script 1, room 488,localCall 1f17)!
Ticket imported from: #3059871. Ticket imported from: bugs/5335.
Change History (5)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
Tried playing Ocean Battle to replicate this on Linux x86_32 with: ScummVM 1.3.0git3512-gacb9879-dirty (Mar 1 2011 19:15:17) Features compiled in: Vorbis FLAC MP3 ALSA SEQ TiMidity RGB zLib FluidSynth Theora
This segfaults after you place your last ship ready to start playing.
A valgrind run prevents this happening and shows the cause as: ==19368== Invalid write of size 2 ==19368== at 0x81BDFF9: Sci::setChar(Sci::SegmentRef const&, unsigned int, char) (seg_manager.cpp:617) ==19368== by 0x81BE12C: Sci::SegManager::strncpy(Sci::reg_t, char const*, unsigned int) (seg_manager.cpp:647) ==19368== by 0x81BE388: Sci::SegManager::strcpy(Sci::reg_t, char const*) (seg_manager.cpp:706) ==19368== by 0x81ADFEA: Sci::kFormat(Sci::EngineState*, int, Sci::reg_t*) (kstring.cpp:413) ==19368== by 0x81C6024: Sci::callKernelFunc(Sci::EngineState*, int, int) (vm.cpp:718) ==19368== by 0x81C7A9D: Sci::run_vm(Sci::EngineState*) (vm.cpp:1192) ==19368== by 0x8191433: Sci::SciEngine::runGame() (sci.cpp:663) ==19368== by 0x819034E: Sci::SciEngine::run() (sci.cpp:353) ==19368== by 0x804F384: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:213) ==19368== by 0x804FF14: scummvm_main (main.cpp:423) ==19368== by 0x804E436: main (posix-main.cpp:48) ==19368== Address 0x65ba5d8 is 0 bytes after a block of size 176 alloc'd ==19368== at 0x4025DCE: operator new[](unsigned int) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19368== by 0x81B76F6: Common::Array<Sci::reg_t>::reserve(unsigned int) (array.h:246) ==19368== by 0x81B6D51: Common::Array<Sci::reg_t>::resize(unsigned int) (array.h:257) ==19368== by 0x81BD4E5: Sci::SegManager::allocLocalsSegment(Sci::Script*) (seg_manager.cpp:371) ==19368== by 0x81B963C: Sci::Script::initialiseLocals(Sci::SegManager*) (script.cpp:481) ==19368== by 0x81BEDA9: Sci::SegManager::instantiateScript(int) (seg_manager.cpp:1014) ==19368== by 0x81BD303: Sci::SegManager::getScriptSegment(int, Sci::ScriptLoadType) (seg_manager.cpp:342) ==19368== by 0x81AB9DC: Sci::kScriptID(Sci::EngineState*, int, Sci::reg_t*) (kscripts.cpp:216) ==19368== by 0x81C6024: Sci::callKernelFunc(Sci::EngineState*, int, int) (vm.cpp:718) ==19368== by 0x81C7A9D: Sci::run_vm(Sci::EngineState*) (vm.cpp:1192) ==19368== by 0x8191433: Sci::SciEngine::runGame() (sci.cpp:663) ==19368== by 0x819034E: Sci::SciEngine::run() (sci.cpp:353) ==19368== ==19368== Invalid read of size 2 ==19368== at 0x81BE049: Sci::setChar(Sci::SegmentRef const&, unsigned int, char) (seg_manager.cpp:626) ==19368== by 0x81BE12C: Sci::SegManager::strncpy(Sci::reg_t, char const*, unsigned int) (seg_manager.cpp:647) ==19368== by 0x81BE388: Sci::SegManager::strcpy(Sci::reg_t, char const*) (seg_manager.cpp:706) ==19368== by 0x81ADFEA: Sci::kFormat(Sci::EngineState*, int, Sci::reg_t*) (kstring.cpp:413) ==19368== by 0x81C6024: Sci::callKernelFunc(Sci::EngineState*, int, int) (vm.cpp:718) ==19368== by 0x81C7A9D: Sci::run_vm(Sci::EngineState*) (vm.cpp:1192) ==19368== by 0x8191433: Sci::SciEngine::runGame() (sci.cpp:663) ==19368== by 0x819034E: Sci::SciEngine::run() (sci.cpp:353) ==19368== by 0x804F384: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:213) ==19368== by 0x804FF14: scummvm_main (main.cpp:423) ==19368== by 0x804E436: main (posix-main.cpp:48) ==19368== Address 0x65ba5da is 2 bytes after a block of size 176 alloc'd ==19368== at 0x4025DCE: operator new[](unsigned int) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19368== by 0x81B76F6: Common::Array<Sci::reg_t>::reserve(unsigned int) (array.h:246) ==19368== by 0x81B6D51: Common::Array<Sci::reg_t>::resize(unsigned int) (array.h:257) ==19368== by 0x81BD4E5: Sci::SegManager::allocLocalsSegment(Sci::Script*) (seg_manager.cpp:371) ==19368== by 0x81B963C: Sci::Script::initialiseLocals(Sci::SegManager*) (script.cpp:481) ==19368== by 0x81BEDA9: Sci::SegManager::instantiateScript(int) (seg_manager.cpp:1014) ==19368== by 0x81BD303: Sci::SegManager::getScriptSegment(int, Sci::ScriptLoadType) (seg_manager.cpp:342) ==19368== by 0x81AB9DC: Sci::kScriptID(Sci::EngineState*, int, Sci::reg_t*) (kscripts.cpp:216) ==19368== by 0x81C6024: Sci::callKernelFunc(Sci::EngineState*, int, int) (vm.cpp:718) ==19368== by 0x81C7A9D: Sci::run_vm(Sci::EngineState*) (vm.cpp:1192) ==19368== by 0x8191433: Sci::SciEngine::runGame() (sci.cpp:663) ==19368== by 0x819034E: Sci::SciEngine::run() (sci.cpp:353) ==19368==
By running with ./scummvm -d 5 --debugflags=Strings, the string errors seem to be associated with string calls of the form: Formatting "Shots left: %d "
Hopefully this will help someone locate the cause and fix.
comment:3 by , 14 years ago
It's trying to write the kFormat string to a local which is near the end of the script and smaller than the actual string
comment:5 by , 14 years ago
Owner: | set to |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Partially fixed in rev #52581
The fix is partial, as the game will crash when losing and attempting to restart (for a different reason - there's an issue when uninstantiating a script), thus I'm leaving this one open for now