[Scummvm-tracker] [ScummVM] #10365: SAGA: ITE: Crash when talking to Sist

digitall trac at scummvm.org
Thu Dec 28 06:20:29 CET 2017 

#10365: SAGA: ITE: Crash when talking to Sist
--------------------------------+--------------------------
  Reporter:  dafioram           |      Owner:  (none)
      Type:  defect             |     Status:  new
  Priority:  blocker            |  Component:  Engine: SAGA
Resolution:                     |   Keywords:
      Game:  Inherit the Earth  |
--------------------------------+--------------------------

Comment (by digitall):

 Have tried to replicate with latest Git ie. ScummVM
 2.1.0git161-g80dd7b2c0d on Linux x86_64.

 Have loaded savegame and followed instructions to reach Sist and talk to
 him, but have not been able to trigger that array.h exception.

 Running under GDB did not yield any useful information, but running under
 Valgrind showed three bad memory accesses in the SAGA engine code where
 unallocated/freed memory is accessed. This would likely account for the
 issue so these should be fixed to see if this corrected the problem.

 These three accesses have very similar backtraces as follows:
 ==1876== Invalid read of size 4
 ==1876==    at 0x18CEF02: Saga::HitZone::getFlags() const (objectmap.h:57)
 ==1876==    by 0x18FB836: Saga::Actor::stepZoneAction(Saga::ActorData*,
 Saga::HitZone const*, bool, bool) (actor.cpp:552)
 ==1876==    by 0x1904BE5: Saga::Actor::handleActions(int, bool)
 (actor_walk.cpp:695)
 ==1876==    by 0x1904D46: Saga::Actor::direct(int) (actor_walk.cpp:727)
 ==1876==    by 0x18DB323: Saga::SagaEngine::run() (saga.cpp:380)
 ==1876==    by 0x576FDE: runGame(Plugin const*, OSystem&, Common::String
 const&) (main.cpp:264)
 ==1876==    by 0x578221: scummvm_main (main.cpp:530)
 ==1876==    by 0x5750EB: main (posix-main.cpp:45)
 ==1876==  Address 0xb1b2ff0 is 80 bytes inside a block of size 120 free'd
 ==1876==    at 0x4C2C13B: free (vg_replace_malloc.c:530)
 ==1876==    by 0x18D2648:
 Common::Array<Saga::HitZone>::freeStorage(Saga::HitZone*, unsigned int)
 (array.h:320)
 ==1876==    by 0x18D25AD: Common::Array<Saga::HitZone>::clear()
 (array.h:218)
 ==1876==    by 0x18D2287: Saga::ObjectMap::clear() (objectmap.cpp:188)
 ==1876==    by 0x18E1F49: Saga::Scene::endScene() (scene.cpp:1169)
 ==1876==    by 0x18DFBEF: Saga::Scene::changeScene(short, int,
 Saga::SceneTransitionType, int) (scene.cpp:503)
 ==1876==    by 0x18EC02C:
 Saga::Script::sfScriptGotoScene(Saga::ScriptThread*, int, bool&)
 (sfuncs.cpp:470)
 ==1876==    by 0x18E5817: Saga::Script::opCcallV(Saga::ScriptThread*,
 Common::SeekableReadStream*, bool&, bool&) (script.cpp:637)
 ==1876==    by 0x18F4CF8: Saga::Script::runThread(Saga::ScriptThread&)
 (sthread.cpp:208)
 ==1876==    by 0x18F4951: Saga::Script::executeThreads(unsigned int)
 (sthread.cpp:156)
 ==1876==    by 0x18DB363: Saga::SagaEngine::run() (saga.cpp:384)
 ==1876==    by 0x576FDE: runGame(Plugin const*, OSystem&, Common::String
 const&) (main.cpp:264)
 ==1876==  Block was alloc'd at
 ==1876==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
 ==1876==    by 0x18D2944:
 Common::Array<Saga::HitZone>::allocCapacity(unsigned int) (array.h:309)
 ==1876==    by 0x18D270E: Common::Array<Saga::HitZone>::reserve(unsigned
 int) (array.h:273)
 ==1876==    by 0x18D24C3: Common::Array<Saga::HitZone>::resize(unsigned
 int) (array.h:283)
 ==1876==    by 0x18D21CF: Saga::ObjectMap::load(Saga::ByteArray const&)
 (objectmap.cpp:179)
 ==1876==    by 0x18E165F:
 Saga::Scene::processSceneResources(Common::Array<Saga::SceneResourceData>&)
 (scene.cpp:1013)
 ==1876==    by 0x18E04DD: Saga::Scene::loadScene(Saga::LoadSceneParams&)
 (scene.cpp:682)
 ==1876==    by 0x18DFC08: Saga::Scene::changeScene(short, int,
 Saga::SceneTransitionType, int) (scene.cpp:506)
 ==1876==    by 0x18DE6EA: Saga::SagaEngine::load(char const*)
 (saveload.cpp:369)
 ==1876==    by 0x18DB05F: Saga::SagaEngine::run() (saga.cpp:343)
 ==1876==    by 0x576FDE: runGame(Plugin const*, OSystem&, Common::String
 const&) (main.cpp:264)
 ==1876==    by 0x578221: scummvm_main (main.cpp:530)

 The second and third differ as follows:
 3c3
 < ==1876==    by 0x18FB836: Saga::Actor::stepZoneAction(Saga::ActorData*,
 Saga::HitZone const*, bool, bool) (actor.cpp:552)
 ---
 > ==1876==    by 0x18FB85A: Saga::Actor::stepZoneAction(Saga::ActorData*,
 Saga::HitZone const*, bool, bool) (actor.cpp:552)

 3c3
 < ==1876==    by 0x18FB836: Saga::Actor::stepZoneAction(Saga::ActorData*,
 Saga::HitZone const*, bool, bool) (actor.cpp:552)
 ---
 > ==1876==    by 0x18FB909: Saga::Actor::stepZoneAction(Saga::ActorData*,
 Saga::HitZone const*, bool, bool) (actor.cpp:563)
 35a36
 > ==1876==

 This looks to be a likely issue in the Actor stepZoneAction / Hitzone code
 which should be corrected.

--
Ticket URL: <https://bugs.scummvm.org/ticket/10365#comment:2>
ScummVM <https://bugs.scummvm.org>
ScummVM

More information about the Scummvm-tracker mailing list