Opened 13 years ago

Closed 13 years ago

#5867 closed defect (fixed)

AGI: SQ0 - Scummvm Crash

Reported by: SF/swolffer Owned by: bluegr
Priority: normal Component: Engine: AGI
Version: Keywords:
Cc: Game: AGI Fanmade

Description

Download SQ0 (http://www.wiw.org/~jess/download/rep_104.zip) restore attached savegame type "use radio" scummvm crashes

Tried release 1.3.1, 1.4.0git2595-g43f45ce and 1.4.0git2598-gf20b8ec on Windows.

Ticket imported from: #3420859. Ticket imported from: bugs/5867.

Attachments (1)

sq0.011 (5.1 KB ) - added by SF/swolffer 13 years ago.
Savegame SQ0

Download all attachments as: .zip

Change History (5)

by SF/swolffer, 13 years ago

Attachment: sq0.011 added

Savegame SQ0

comment:1 by digitall, 13 years ago

Summary: SQ0: scummvm crashesAGI: SQ0 - Scummvm Crash

comment:2 by digitall, 13 years ago

Replicated with attached savegame and latest Git master on Linux x86_32. Reran with Valgrind. The cause associated with this is: ==5227== Invalid write of size 4 ==5227== at 0x4027E00: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-li nux.so) ==5227== by 0x8228DEE: Agi::AgiEngine::wordWrapString(char const*, int*) (tex t.cpp:267) ==5227== by 0x82288FA: Agi::AgiEngine::blitTextbox(char const*, int, int, int ) (text.cpp:142) ==5227== by 0x82294F1: Agi::AgiEngine::print(char const*, int, int, int) (tex t.cpp:444) ==5227== by 0x821C972: Agi::cmdPrintAt(Agi::AgiGame*, unsigned char*) (op_cmd .cpp:1614) ==5227== by 0x821D361: Agi::AgiEngine::runLogic(int) (op_cmd.cpp:1828) ==5227== by 0x82185AB: Agi::cmdCall(Agi::AgiGame*, unsigned char*) (op_cmd.cp p:752) ==5227== by 0x8218615: Agi::cmdCallF(Agi::AgiGame*, unsigned char*) (op_cmd.cpp:760) ==5227== by 0x821D361: Agi::AgiEngine::runLogic(int) (op_cmd.cpp:1828) ==5227== by 0x8210100: Agi::AgiEngine::interpretCycle() (cycle.cpp:118) ==5227== by 0x8210B1C: Agi::AgiEngine::playGame() (cycle.cpp:348) ==5227== by 0x8210F5E: Agi::AgiEngine::runGame() (cycle.cpp:444)

comment:3 by bluegr, 13 years ago

Owner: set to bluegr
Resolution: fixed
Status: newclosed

comment:4 by bluegr, 13 years ago

Fixed in r97eb35. The length requested in this case is 250, which overflows a char variable

Note: See TracTickets for help on using tickets.