[Scummvm-tracker] [ScummVM :: Bugs] #15215: SCUMM: DIG: Error box 29 is out of bounds in ScummVM 2.8.1

ScummVM :: Bugs trac at scummvm.org
Mon Feb 17 11:31:44 UTC 2025 

#15215: SCUMM: DIG:  Error box 29 is out of bounds in ScummVM 2.8.1
-----------------------------------+----------------------------
Reporter:  zoltan808080            |       Owner:  bluegr
    Type:  defect                  |      Status:  new
Priority:  normal                  |   Component:  Engine: SCUMM
 Version:                          |  Resolution:
Keywords:  The Dig box out bounds  |        Game:  The Dig
-----------------------------------+----------------------------
Comment (by dwatteau):

 Hi there,

 Thanks for confirming that it was a 2.9.0 game play.

 FWIW, Andy asked the team for some full replays using AddressSanitizer and
 UndefinedBehaviorSanitizer. Here are the results I'm having, so far -- I
 haven't reached yet the part of the game with the script issue, though.

 === Setup

 Test done on macOS Sequoia 15.3.1, running on a MacBook Air M1 (aarch64).
 Using the current Git HEAD.

 `--enable-ubsan --enable-asan --enable-debug --disable-optimizations`
 build with Apple clang 16.0.0.

 The Dig is the 2004 French CD release (the one with the Aaron Giles
 interpreter).

 The game is configured this way, for reference:

 {{{
 [dig-fr]
 engineid=scumm
 enhancements=511
 guioptions=sndNoMIDI vga gameOption2 gameOption4 gameOption5 lang_French
 dimuse_low_latency_mode=false
 description=The Dig (French)
 path=/path/to/DIG-FR-2004-aaron-giles
 original_gui=true
 gameid=dig
 language=fr
 subtitles=true
 aspect_ratio=false
 }}}

 === First UBSan issue found

 After solving the first puzzle (i.e. asking Miles to get the tools out), a
 cutscene is triggered when the characters move to the asteroid.

 The first UBSan case happens just when the screen is black before loading
 the new room.

 {{{
 * thread #1, queue = 'com.apple.main-thread', stop reason = Invalid shift
 base
 engines/scumm/actor.cpp:662:21: runtime error: left shift of negative
 value -10
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 engines/scumm/actor.cpp:662:21 in

 (lldb) bt
 * thread #1, queue = 'com.apple.main-thread', stop reason = Invalid shift
 base
 [...]
     frame #5: 0x00000001001789e8
 scummvm`Scumm::Actor::actorWalkStep(this=0x00006190003a3980) at
 actor.cpp:662:21
     frame #6: 0x0000000100170e40
 scummvm`Scumm::Actor::calcMovementFactor(this=0x00006190003a3980,
 next=0x00006190003a3d58) at actor.cpp:575:9
     frame #7: 0x000000010018e420
 scummvm`Scumm::Actor::walkActor(this=0x00006190003a3980) at
 actor.cpp:1014:2
     frame #8: 0x000000010019c464
 scummvm`Scumm::Actor_v7::walkActor(this=0x00006190003a3980) at
 actor.cpp:1400:10
     frame #9: 0x000000010016ed88
 [...]

 (lldb) frame select 5
 frame #5: 0x00000001001789e8
 scummvm`Scumm::Actor::actorWalkStep(this=0x00006190003a3980) at
 actor.cpp:662:21
    659                  return 0;
    660          }
    661
 -> 662          int tmpX = (_pos.x << 16) + _walkdata.xfrac +
 (_walkdata.deltaXFactor >> 8) * _scalex;
    663          _walkdata.xfrac = (uint16)tmpX;
    664          _pos.x = (tmpX >> 16);
    665
 (lldb) p _pos
 (Common::Point)  (x = -10, y = 133)
 (lldb) p _walkdata
 (Scumm::Actor::ActorWalkData) {
   dest = (x = 212, y = 173)
   destbox = '\x01'
   destdir = -1
   cur = (x = -10, y = 133)
   curbox = '\x01'
   next = (x = 212, y = 173)
   point3 = (x = 32000, y = 0)
   deltaXFactor = 262144
   deltaYFactor = 47233
   xfrac = 0
   yfrac = 0
   xAdd = 0
   yAdd = 0
   facing = 100
 }
 }}}


 === Second (similar) UBSan issue found nearby

 Similar `actorWalkStep()` UBSan error also happens when moving to some
 other part of Attila, just after that.

 {{{
 engines/scumm/actor.cpp:666:21: runtime error: left shift of negative
 value -14
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 engines/scumm/actor.cpp:666:21

 (ldb) bt
 [...]
     frame #5: 0x00000001001791f0
 scummvm`Scumm::Actor::actorWalkStep(this=0x00006190003a3980) at
 actor.cpp:666:21
     frame #6: 0x0000000100170e40
 scummvm`Scumm::Actor::calcMovementFactor(this=0x00006190003a3980,
 next=0x000000016fdf7100) at actor.cpp:575:9
     frame #7: 0x000000010018e010
 scummvm`Scumm::Actor::walkActor(this=0x00006190003a3980) at
 actor.cpp:1007:7
     frame #8: 0x000000010019c464
 scummvm`Scumm::Actor_v7::walkActor(this=0x00006190003a3980) at
 actor.cpp:1400:10
     frame #9: 0x000000010016ed88
 scummvm`Scumm::ScummEngine::walkActors(this=0x0000000124d44800) at
 actor.cpp:478:16
     frame #10: 0x000000010131e87c
 [...]

 (lldb) frame select 5
 frame #5: 0x00000001001791f0
 scummvm`Scumm::Actor::actorWalkStep(this=0x00006190003a3980) at
 actor.cpp:666:21
    663          _walkdata.xfrac = (uint16)tmpX;
    664          _pos.x = (tmpX >> 16);
    665
 -> 666          int tmpY = (_pos.y << 16) + _walkdata.yfrac +
 (_walkdata.deltaYFactor >> 8) * _scaley;
    667          _walkdata.yfrac = (uint16)tmpY;
    668          _pos.y = (tmpY >> 16);
    669
 (lldb) p _pos
 (Common::Point)  (x = 160, y = -14)
 (lldb) p _walkdata
 (Scumm::Actor::ActorWalkData) {
   dest = (x = 209, y = 105)
   destbox = '\x01'
   destdir = -1
   cur = (x = 160, y = -14)
   curbox = '\x06'
   next = (x = 160, y = 16)
   point3 = (x = 32000, y = 0)
   deltaXFactor = 0
   deltaYFactor = 131072
   xfrac = 0
   yfrac = 0
   xAdd = 0
   yAdd = 0
   facing = 180
 }
 }}}

 I can't say whether these UBSan errors may be related to the issue above.
 I haven't encountered any other ASan/UBSan error for now; but I have a few
 other hours of game play left to do. I'll update my findings.

 @AndywinXp: As usual, feel free to ping me over Discord if you need more
 debugging info or such :)

 I'm saving the game every few minutes, so I also have a lot of savegames
 to share if necessary.
-- 
Ticket URL: <https://bugs.scummvm.org/ticket/15215#comment:26>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM

More information about the Scummvm-tracker mailing list