Opened 7 years ago
Closed 7 years ago
#9844 closed defect (fixed)
SCI: PQ4: kIsOnMe out of bounds read
| Reported by: | bgK | Owned by: | csnover |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCI |
| Version: | Keywords: | sci32 | |
| Cc: | Game: | Police Quest 4 |
Description
Game: Police Quest 4 DOS / French
ScummVM: eedbb7df4e256e752c861b1828cd4b1ac55d59bc
At the beginning of the game, at Katherine's place, clicking on Katerine with the Speech icon sometimes triggers an assertion failure. I'm not sure what exactly triggers the assertion failure. Most of the time speaking with Katherine works fine. Maybe the mouse pointer position?
To reproduce, load the attached save game (which is for the French version..) or go to Katherine's place, make her upset, leave, and enter her house again. Use the speech icon on Katherine. Multiple attempts may be needed.
Backtrace:
scummvm: ../engines/sci/graphics/celobj32.cpp:325: const byte* Sci::READER_Compressed::getRow(int16): Assertion `y >= 0 && y < _sourceHeight' failed.
Thread 1 "scummvm" received signal SIGABRT, Aborted.
0x00007ffff495b670 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007ffff495b670 in raise () from /usr/lib/libc.so.6
#1 0x00007ffff495cd00 in abort () from /usr/lib/libc.so.6
#2 0x00007ffff495445a in __assert_fail_base () from /usr/lib/libc.so.6
#3 0x00007ffff49544d2 in __assert_fail () from /usr/lib/libc.so.6
#4 0x00000000005a2389 in Sci::READER_Compressed::getRow (this=0x7ffffffb60f0, y=27) at ../engines/sci/graphics/celobj32.cpp:325
#5 0x000000000059f25a in Sci::CelObj::readPixel (this=0x33f6f50, x=20, y=27, mirrorX=false) at ../engines/sci/graphics/celobj32.cpp:599
#6 0x00000000005b3273 in Sci::GfxFrameout::isOnMe (this=0x340c840, screenItem=..., plane=..., position=..., checkPixel=true)
at ../engines/sci/graphics/frameout.cpp:1232
#7 0x00000000005b304b in Sci::GfxFrameout::kernelIsOnMe (this=0x340c840, object=..., position=..., checkPixel=true)
at ../engines/sci/graphics/frameout.cpp:1203
#8 0x000000000059a851 in Sci::kIsOnMe (s=0x33c82c0, argc=4, argv=0x33fd888) at ../engines/sci/engine/kgraphics32.cpp:259
#9 0x000000000053fe95 in Sci::callKernelFunc (s=0x33c82c0, kernelCallNr=18, argc=4) at ../engines/sci/engine/vm.cpp:377
#10 0x0000000000541fe4 in Sci::run_vm (s=0x33c82c0) at ../engines/sci/engine/vm.cpp:897
#11 0x0000000000532ea2 in Sci::invokeSelector (s=0x33c82c0, object=..., selectorId=106, k_argc=4, k_argp=0x33fd840, argc=2, argv=0x33fd848)
at ../engines/sci/engine/selector.cpp:291
#12 0x00000000004fe6a3 in Sci::kListEachElementDo (s=0x33c82c0, argc=4, argv=0x33fd840) at ../engines/sci/engine/klists.cpp:620
#13 0x000000000053fe95 in Sci::callKernelFunc (s=0x33c82c0, kernelCallNr=90, argc=4) at ../engines/sci/engine/vm.cpp:377
#14 0x0000000000541fe4 in Sci::run_vm (s=0x33c82c0) at ../engines/sci/engine/vm.cpp:897
#15 0x00000000004e2fa8 in Sci::SciEngine::runGame (this=0x308b500) at ../engines/sci/sci.cpp:682
#16 0x00000000004e1c3d in Sci::SciEngine::run (this=0x308b500) at ../engines/sci/sci.cpp:453
#17 0x000000000040de2e in runGame (plugin=0xd695f0, system=..., edebuglevels="") at ../base/main.cpp:263
#18 0x000000000040f026 in scummvm_main (argc=1, argv=0x7fffffffe878) at ../base/main.cpp:529
#19 0x000000000040c151 in main (argc=1, argv=0x7fffffffe878) at ../backends/platform/sdl/posix/posix-main.cpp:45}}}
Attachments (3)
Change History (6)
by , 7 years ago
| Attachment: | Capture d'écran de 2017-06-17 08-03-32.png added |
|---|
comment:2 by , 7 years ago
| Summary: | SCI: PQ4: Sci::READER_Compressed::getRow(): Assertion `y >= 0 && y < _sourceHeight' failed → SCI: PQ4: kIsOnMe out of bounds read |
|---|
comment:3 by , 7 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Thanks for your report! A patch for this issue has been added in commit 832cd25ef1a5cd2dc9cb8062f043fb402dab6ed7 and will be available in daily builds 1.10.0git-3476 and later.
Crashed ScummVM