[Scummvm-tracker] [ScummVM] #9757: Access uninitialised memory when starting KQ6

Sat May 6 01:24:21 CEST 2017

#9757: Access uninitialised memory when starting KQ6
-------------------+-------------------------
Reporter:  criezy  |      Owner:  (none)
    Type:  defect  |     Status:  new
Priority:  normal  |  Component:  Engine: SCI
Keywords:          |       Game:
-------------------+-------------------------
 I ran ScummVM with valgrind today and it reports access to uninitialised
 memory when starting King Quest VI. Here is the valgrind report:
 {{{
 ==79542== Conditional jump or move depends on uninitialised value(s)
 ==79542==    at 0x10153A401: Sci::MusicEntry**
 Common::sortPartition<Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*,
 Sci::MusicEntry const*)>(Sci::MusicEntry**, Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*&)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:185)
 ==79542==    by 0x101539BAC: void Common::sort<Sci::MusicEntry**, bool
 (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:222)
 ==79542==    by 0x101536A1B: Sci::SciMusic::sortPlayList() (music.cpp:316)
 ==79542==    by 0x10153743E: Sci::SciMusic::soundPlay(Sci::MusicEntry*)
 (music.cpp:461)
 ==79542==    by 0x10153B8D4:
 Sci::SoundCommandParser::processPlaySound(Sci::reg_t, bool)
 (soundcmd.cpp:222)
 ==79542==    by 0x10153B264:
 Sci::SoundCommandParser::kDoSoundPlay(Sci::EngineState*, int, Sci::reg_t*)
 (soundcmd.cpp:162)
 ==79542==    by 0x1014A57D3: Sci::kDoSoundPlay(Sci::EngineState*, int,
 Sci::reg_t*) (ksound.cpp:52)
 ==79542==    by 0x1014E83C3: Sci::callKernelFunc(Sci::EngineState*, int,
 int) (vm.cpp:462)
 ==79542==    by 0x1014E5E09: Sci::run_vm(Sci::EngineState*) (vm.cpp:920)
 ==79542==    by 0x10146EE21: Sci::SciEngine::runGame() (sci.cpp:654)
 ==79542==    by 0x10146DBBC: Sci::SciEngine::run() (sci.cpp:425)
 ==79542==    by 0x10000AFFB: runGame(PluginSubclass<MetaEngine> const*,
 OSystem&, Common::String const&) (main.cpp:263)
 ==79542==
 ==79542== Conditional jump or move depends on uninitialised value(s)
 ==79542==    at 0x10153A401: Sci::MusicEntry**
 Common::sortPartition<Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*,
 Sci::MusicEntry const*)>(Sci::MusicEntry**, Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*&)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:185)
 ==79542==    by 0x101539BAC: void Common::sort<Sci::MusicEntry**, bool
 (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:222)
 ==79542==    by 0x101539BDF: void Common::sort<Sci::MusicEntry**, bool
 (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:224)
 ==79542==    by 0x101536A1B: Sci::SciMusic::sortPlayList() (music.cpp:316)
 ==79542==    by 0x10153743E: Sci::SciMusic::soundPlay(Sci::MusicEntry*)
 (music.cpp:461)
 ==79542==    by 0x10153B8D4:
 Sci::SoundCommandParser::processPlaySound(Sci::reg_t, bool)
 (soundcmd.cpp:222)
 ==79542==    by 0x10153B264:
 Sci::SoundCommandParser::kDoSoundPlay(Sci::EngineState*, int, Sci::reg_t*)
 (soundcmd.cpp:162)
 ==79542==    by 0x1014A57D3: Sci::kDoSoundPlay(Sci::EngineState*, int,
 Sci::reg_t*) (ksound.cpp:52)
 ==79542==    by 0x1014E83C3: Sci::callKernelFunc(Sci::EngineState*, int,
 int) (vm.cpp:462)
 ==79542==    by 0x1014E5E09: Sci::run_vm(Sci::EngineState*) (vm.cpp:920)
 ==79542==    by 0x10146EE21: Sci::SciEngine::runGame() (sci.cpp:654)
 ==79542==    by 0x10146DBBC: Sci::SciEngine::run() (sci.cpp:425)
 ==79542==
 ==79542== Conditional jump or move depends on uninitialised value(s)
 ==79542==    at 0x10153A401: Sci::MusicEntry**
 Common::sortPartition<Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*,
 Sci::MusicEntry const*)>(Sci::MusicEntry**, Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*&)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:185)
 ==79542==    by 0x101539BAC: void Common::sort<Sci::MusicEntry**, bool
 (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:222)
 ==79542==    by 0x101539BC1: void Common::sort<Sci::MusicEntry**, bool
 (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry**,
 Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry
 const*)) (algorithm.h:223)
 ==79542==    by 0x101536A1B: Sci::SciMusic::sortPlayList() (music.cpp:316)
 ==79542==    by 0x10153743E: Sci::SciMusic::soundPlay(Sci::MusicEntry*)
 (music.cpp:461)
 ==79542==    by 0x10153B8D4:
 Sci::SoundCommandParser::processPlaySound(Sci::reg_t, bool)
 (soundcmd.cpp:222)
 ==79542==    by 0x10153B264:
 Sci::SoundCommandParser::kDoSoundPlay(Sci::EngineState*, int, Sci::reg_t*)
 (soundcmd.cpp:162)
 ==79542==    by 0x1014A57D3: Sci::kDoSoundPlay(Sci::EngineState*, int,
 Sci::reg_t*) (ksound.cpp:52)
 ==79542==    by 0x1014E83C3: Sci::callKernelFunc(Sci::EngineState*, int,
 int) (vm.cpp:462)
 ==79542==    by 0x1014E5E09: Sci::run_vm(Sci::EngineState*) (vm.cpp:920)
 ==79542==    by 0x10146EE21: Sci::SciEngine::runGame() (sci.cpp:654)
 ==79542==    by 0x10146DBBC: Sci::SciEngine::run() (sci.cpp:425)
 ==79542==
 }}}

 Note: the reason I ran ScummVM with valgrind is because I got a crash once
 today when starting King Quest VI in ScummVM, but was not able to
 reproduce it afterward. The crash was due  to hitting the assert on line
 417 in resource_adio.cpp:
 {{{
          assert(offset + syncSize <= srcSize);
 }}}

 I don't know if the two are related, but since this is a possibility I am
 mentioning it here.

 This is on macOS X 10.9.5 compiled by myself with the latest changes
 (commit f30f34cb).

--
Ticket URL: <https://bugs.scummvm.org/ticket/9757>
ScummVM <https://bugs.scummvm.org>
ScummVM