#5903 closed defect (fixed)
DRASCULA-IT: Crash/graphic glitch at castle towers
| Reported by: | SF/andrea2054 | Owned by: | bluegr |
|---|---|---|---|
| Priority: | normal | Component: | Engine: Drascula |
| Version: | Keywords: | ||
| Cc: | Game: | Drascula |
Description
At the screen with the castle towers, if you look at the towers ScummVM crashes or a graphic glitch occurs (Hacker's head running on the screen saying "Nothing interesting") Tested with Drascula (DOS/Italian), ScummVM 1.4.0 running on Windows XP and PocketPC port Savegame attached. To reply the bug load the last savegame "TORRI" then look (GUARDA) at any tower. The glitch appears if you play a little then look at the towers later.
Ticket imported from: #3440895. Ticket imported from: bugs/5903.
Attachments (1)
Change History (9)
by , 13 years ago
| Attachment: | Drascula savegame.zip added |
|---|
comment:1 by , 13 years ago
Replicated on Linux x86_32 with ScummVM 1.5.0git776-g18fd599-dirty (Nov 22 2011 00:21:52) using v1.1 International datafiles.
Looking at the tower causes a segfault.. Checking with valgrind.
comment:2 by , 13 years ago
Yes, memory access errors are causing this. Valgrind trace follows prior to the crash: ==18376== Source and destination overlap in memcpy(0x6f5e361, 0x6fa06a1, 637454177) ==18376== at 0x4027A8F: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840EA9E: Drascula::DrasculaEngine::copyBackground(int, int, int, int, int, int, unsigned char*, unsigned char*) (graphics.cpp:168) ==18376== by 0x8420B5A: Drascula::DrasculaEngine::talk(char const*, char const*) (talk.cpp:429) ==18376== by 0x8420680: Drascula::DrasculaEngine::talk(int) (talk.cpp:371) ==18376== by 0x8414358: Drascula::DrasculaEngine::room_0(int) (rooms.cpp:195) ==18376== by 0x841B154: Drascula::DrasculaEngine::room(int, int) (rooms.cpp:1648) ==18376== by 0x841B052: Drascula::DrasculaEngine::checkAction(int) (rooms.cpp:1633) ==18376== by 0x840C850: Drascula::DrasculaEngine::verify2() (drascula.cpp:708) ==18376== by 0x840BE8B: Drascula::DrasculaEngine::runCurrentChapter() (drascula.cpp:580) ==18376== by 0x840B087: Drascula::DrasculaEngine::run() (drascula.cpp:298) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== ==18376== Invalid write of size 4 ==18376== at 0x4027AF8: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840EA9E: Drascula::DrasculaEngine::copyBackground(int, int, int, int, int, int, unsigned char*, unsigned char*) (graphics.cpp:168) ==18376== by 0x8420B5A: Drascula::DrasculaEngine::talk(char const*, char const*) (talk.cpp:429) ==18376== by 0x8420680: Drascula::DrasculaEngine::talk(int) (talk.cpp:371) ==18376== by 0x8414358: Drascula::DrasculaEngine::room_0(int) (rooms.cpp:195) ==18376== by 0x841B154: Drascula::DrasculaEngine::room(int, int) (rooms.cpp:1648) ==18376== by 0x841B052: Drascula::DrasculaEngine::checkAction(int) (rooms.cpp:1633) ==18376== by 0x840C850: Drascula::DrasculaEngine::verify2() (drascula.cpp:708) ==18376== by 0x840BE8B: Drascula::DrasculaEngine::runCurrentChapter() (drascula.cpp:580) ==18376== by 0x840B087: Drascula::DrasculaEngine::run() (drascula.cpp:298) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== Address 0x6f61d88 is 0 bytes after a block of size 64,256 alloc'd ==18376== at 0x4026458: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840E0ED: Drascula::DrasculaEngine::allocMemory() (graphics.cpp:35) ==18376== by 0x840AC52: Drascula::DrasculaEngine::run() (drascula.cpp:246) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== by 0x804F7E2: main (posix-main.cpp:45) ==18376== ==18376== Invalid read of size 4 ==18376== at 0x4027AF0: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840EA9E: Drascula::DrasculaEngine::copyBackground(int, int, int, int, int, int, unsigned char*, unsigned char*) (graphics.cpp:168) ==18376== by 0x8420B5A: Drascula::DrasculaEngine::talk(char const*, char const*) (talk.cpp:429) ==18376== by 0x8420680: Drascula::DrasculaEngine::talk(int) (talk.cpp:371) ==18376== by 0x8414358: Drascula::DrasculaEngine::room_0(int) (rooms.cpp:195) ==18376== by 0x841B154: Drascula::DrasculaEngine::room(int, int) (rooms.cpp:1648) ==18376== by 0x841B052: Drascula::DrasculaEngine::checkAction(int) (rooms.cpp:1633) ==18376== by 0x840C850: Drascula::DrasculaEngine::verify2() (drascula.cpp:708) ==18376== by 0x840BE8B: Drascula::DrasculaEngine::runCurrentChapter() (drascula.cpp:580) ==18376== by 0x840B087: Drascula::DrasculaEngine::run() (drascula.cpp:298) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== Address 0x6fb0078 is 0 bytes after a block of size 64,000 alloc'd ==18376== at 0x4026458: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840E255: Drascula::DrasculaEngine::allocMemory() (graphics.cpp:45) ==18376== by 0x840AC52: Drascula::DrasculaEngine::run() (drascula.cpp:246) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== by 0x804F7E2: main (posix-main.cpp:45) ==18376== ==18376== Invalid read of size 4 ==18376== at 0x4027B00: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840EA9E: Drascula::DrasculaEngine::copyBackground(int, int, int, int, int, int, unsigned char*, unsigned char*) (graphics.cpp:168) ==18376== by 0x8420B5A: Drascula::DrasculaEngine::talk(char const*, char const*) (talk.cpp:429) ==18376== by 0x8420680: Drascula::DrasculaEngine::talk(int) (talk.cpp:371) ==18376== by 0x8414358: Drascula::DrasculaEngine::room_0(int) (rooms.cpp:195) ==18376== by 0x841B154: Drascula::DrasculaEngine::room(int, int) (rooms.cpp:1648) ==18376== by 0x841B052: Drascula::DrasculaEngine::checkAction(int) (rooms.cpp:1633) ==18376== by 0x840C850: Drascula::DrasculaEngine::verify2() (drascula.cpp:708) ==18376== by 0x840BE8B: Drascula::DrasculaEngine::runCurrentChapter() (drascula.cpp:580) ==18376== by 0x840B087: Drascula::DrasculaEngine::run() (drascula.cpp:298) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== Address 0x6fb007c is 4 bytes after a block of size 64,000 alloc'd ==18376== at 0x4026458: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18376== by 0x840E255: Drascula::DrasculaEngine::allocMemory() (graphics.cpp:45) ==18376== by 0x840AC52: Drascula::DrasculaEngine::run() (drascula.cpp:246) ==18376== by 0x8050968: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:210) ==18376== by 0x8051582: scummvm_main (main.cpp:423) ==18376== by 0x804F7E2: main (posix-main.cpp:45) ==18376==
comment:3 by , 13 years ago
Tried the possible fix of replacing memcpy with memmove to deal with overlapping memory regions. This did reduce the issues, but was not the root cause. Tracing the issue here is that (curY + curHeight) which is used to index into the factor_red array is too large and thus gets an invalid out of bounds value.
comment:4 by , 13 years ago
Fixed crash in commit a0dbe45a454f8b64efb784131b13b942ee060675, but a GFX glitch remains.
comment:5 by , 12 years ago
This bug is nice to get fixed before the release. Raising priority for keeping the track.
comment:6 by , 12 years ago
| Owner: | set to |
|---|---|
| Priority: | normal → high |
comment:7 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Priority: | high → normal |
| Resolution: | → fixed |
| Status: | new → closed |
comment:8 by , 10 years ago
This has been resolved by pull request 589: https://github.com/scummvm/scummvm/pull/589
Closing
Savegame for Drascula italian