SCI: GK1: Failed assert at start of day 6

[esziarko]

ScummVM Version: 1.10.0git3200-g23b6dbb (Apr 30 2017)
OS: Windows 10 x64
Game version: Gabriel Knight 1 CD/Windows/English

When I first reached day 6, when trying to pick the letter that comes through the slot there was a failed assert which said something about invalid Y values, and the game crashed. However, I was unable to ever reproduce this crash. Even so, I've included a savegame at the point where it happened.

[csnover]

Thanks for your report! I was able to reproduce the issue by switching to use the “look” action (much easier to reproduce the bug since it will not pick up the letter) and clicking around near the bottom of the letter object until it triggered the assertion.

This is kIsOnMe trying to read row 34 of the letter cel, which has only 33 rows. At the moment, I am not sure if this also happens in SSCI (and just reads garbage memory, since they did not validate anything), or if there is a bug in our implementation.

[m-kiewitz]

kIsOnMe gets called by:

envelope::perform(OnMeAndLowY, uEvt)
OnMeAndLowY::doit(envelope, uEvt)
envelope::onMe(uEvt)
kOnMe(91, 96, envelope, 1000h)

event x = 91
event y = 96

envelope.x = 78
envelope.y = 89
envelope.z = 25

[m-kiewitz]

envelope::perform - script 64999
OnMeAndLowY::doit - script 64996
envelope::onMe - script 64998

[m-kiewitz]

Envelope object full dump for wjp:

(0000) [1000] -objID- = 0000:1234 (4660)
(0001) [1001] -size- = 0000:003e (62)
(0002) [1002] -propDict- = 0004:00c6
(0003) [1003] -methDict- = 0000:00e2 (226)
(0004) [1004] -classScript- = 0000:00d2 (210)
(0005) [1005] -script- = 0000:ffff (65535)
(0006) [1006] -super- = 0004:0fa3 (Prop)
(0007) [1007] -info- = 0000:0010 (16)
(0008) [020] name = 00b5:4d49
(0009) [043] heading = 0000:0000 (0)
(000a) [125] noun = 0000:0022 (34)
(000b) [126] case = 0000:0000 (0)
(000c) [127] modNum = 0000:00d3 (211)
(000d) [012] nsLeft = 0000:004e (78)
(000e) [013] nsTop = 0000:003f (63)
(000f) [014] nsRight = 0000:0053 (83)
(0010) [015] nsBottom = 0000:0040 (64)
(0011) [128] sightAngle = 0000:6789 (26505)
(0012) [123] actions = 0000:0000 (0)
(0013) [129] onMeCheck = 0000:0000 (0)
(0014) [029] state = 0000:0000 (0)
(0015) [12a] approachX = 0000:0000 (0)
(0016) [12b] approachY = 0000:0000 (0)
(0017) [12c] approachDist = 0000:0000 (0)
(0018) [12d] _approachVerbs = 0000:0000 (0)
(0019) [000] plane = 0014:0002 (Plane)
(001a) [001] x = 0000:004e (78)
(001b) [002] y = 0000:0059 (89)
(001c) [003] z = 0000:0019 (25)
(001d) [004] scaleX = 0000:0080 (128)
(001e) [005] scaleY = 0000:0080 (128)
(001f) [006] maxScale = 0000:0080 (128)
(0020) [13f] scaleType = 0000:0000 (0)
(0021) [007] priority = 0000:005a (90)
(0022) [008] fixPriority = 0000:0001 (1)
(0023) [009] inLeft = 0000:0000 (0)
(0024) [00a] inTop = 0000:0000 (0)
(0025) [00b] inRight = 0000:0000 (0)
(0026) [00c] inBottom = 0000:0000 (0)
(0027) [00d] useInsetRect = 0000:0000 (0)
(0028) [00e] view = 0000:0890 (2192)
(0029) [00f] loop = 0000:0001 (1)
(002a) [010] cel = 0000:000c (12)
(002b) [011] bitmap = 0000:0000 (0)
(002c) [040] yStep = 0000:0002 (2)
(002d) [01a] signal = 0000:5021 (20513)
(002e) [016] lsLeft = 0000:0000 (0)
(002f) [017] lsTop = 0000:0000 (0)
(0030) [018] lsRight = 0000:0000 (0)
(0031) [019] lsBottom = 0000:0000 (0)
(0032) [01c] brLeft = 0000:004e (78)
(0033) [01d] brTop = 0000:0058 (88)
(0034) [01e] brRight = 0000:0053 (83)
(0035) [01f] brBottom = 0000:005a (90)
(0036) [071] scaleSignal = 0000:0000 (0)
(0037) [08b] magnifier = 0000:0000 (0)
(0038) [104] cycleSpeed = 0000:0006 (6)
(0039) [0b3] script = 0000:0000 (0)
(003a) [105] cycler = 0000:0000 (0)
(003b) [0ac] timer = 0000:0000 (0)
(003c) [148] detailLevel = 0000:0000 (0)
(003d) [149] scaler = 0000:0000 (0)

[csnover]

Thanks for your report! A patch for this issue has been added in commit 832cd25ef1a5cd2dc9cb8062f043fb402dab6ed7 and will be available in daily builds 1.10.0git-3476 and later.