[Scummvm-tracker] [ScummVM :: Bugs] #13908: SCUMM: INDY3 (MAC): ASAN crash in Player_V2Base::next_freqs() in Castle Brunwald
ScummVM :: Bugs
trac at scummvm.org
Mon Oct 24 14:02:37 UTC 2022
#13908: SCUMM: INDY3 (MAC): ASAN crash in Player_V2Base::next_freqs() in Castle
Brunwald
-------------------------+-------------------------------------------------
Reporter: dwatteau | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: SCUMM
Version: | Keywords: asan,crash,castle
Game: Indiana | brunwald,macintosh
Jones 3 |
-------------------------+-------------------------------------------------
Building yesterday's Git HEAD with `--enable-optimizations --enable-debug
--enable-asan` on macOS with clang++ 14.0.0.
This is the Macintosh 16-color version of Indy3.
With ASAN enabled, the game always crashes when arriving at Castle
Brunwald:
{{{
==12520==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00011029f722 at pc 0x00010f799d18 bp 0x700004034650 sp 0x700004034648
READ of size 1 at 0x00011029f722 thread T6
#0 0x10f799d17 in
Scumm::Player_V2Base::next_freqs(Scumm::Player_V2Base::ChannelInfo*)
player_v2base.cpp:607
#1 0x10f799f39 in Scumm::Player_V2Base::nextTick()
player_v2base.cpp:649
#2 0x10f7747ea in Scumm::Player_V2::readBuffer(short*, int)
player_v2.cpp:174
#3 0x1100c8585 in Audio::CopyRateConverter<true,
false>::flow(Audio::AudioStream&, short*, unsigned int, unsigned short,
unsigned short) rate.cpp:314
#4 0x1100be10d in Audio::Channel::mix(short*, unsigned int)
mixer.cpp:648
#5 0x1100bdd7c in Audio::MixerImpl::mixCallback(unsigned char*,
unsigned int) mixer.cpp:301
#6 0x111157c43 in outputCallback+0x1ac
(libSDL2-2.0.0.dylib:x86_64+0xe2c43)
#7 0x7ff80e7b1fe7 in
ClientAudioQueue::CallOutputCallback(AudioQueueBuffer*)+0x11d
(AudioToolbox:x86_64+0x45fe7)
#8 0x7ff80e79aa03 in
ClientAudioQueue::FetchAndDeliverPendingCallbacks(unsigned int)+0x33b
(AudioToolbox:x86_64+0x2ea03)
#9 0x7ff80e79a64d in _XCallbackNotificationsAvailable+0xa3
(AudioToolbox:x86_64+0x2e64d)
#10 0x7ff80d6fea8d in mshMIGPerform+0xeb
(libAudioToolboxUtility.dylib:x86_64+0xea8d)
#11 0x7ff800e3a923 in
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__+0x28
(CoreFoundation:x86_64h+0x80923)
#12 0x7ff800e3a803 in __CFRunLoopDoSource1+0x26a
(CoreFoundation:x86_64h+0x80803)
#13 0x7ff800e38e6a in __CFRunLoopRun+0x96e
(CoreFoundation:x86_64h+0x7ee6a)
#14 0x7ff800e37e3b in CFRunLoopRunSpecific+0x231
(CoreFoundation:x86_64h+0x7de3b)
#15 0x11115773c in audioqueue_thread+0x43e
(libSDL2-2.0.0.dylib:x86_64+0xe273c)
#16 0x1110db986 in SDL_RunThread+0x2b
(libSDL2-2.0.0.dylib:x86_64+0x66986)
#17 0x11114a7f2 in RunThread+0x8 (libSDL2-2.0.0.dylib:x86_64+0xd57f2)
#18 0x7ff800d734e0 in _pthread_start+0x7c
(libsystem_pthread.dylib:x86_64+0x64e0)
#19 0x7ff800d6ef6a in thread_start+0xe
(libsystem_pthread.dylib:x86_64+0x1f6a)
}}}
Full ASAN log attached.
How to reproduce:
1. Build with ASAN.
2. Load the attached savegame, and wait for Indy and Elsa to arrive in
front of Castle Brunwald.
--
Ticket URL: <https://bugs.scummvm.org/ticket/13908>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list