#10001 closed defect (fixed)
TITANIC: MaitreD Random Crashes
Reported by: | dafioram | Owned by: | wjp |
---|---|---|---|
Priority: | high | Component: | Engine: Titanic |
Version: | Keywords: | ||
Cc: | Game: | Starship Titanic |
Description
OS: Win7-64
Game: Titanic GOG version c
ScummVM: 1.10.0git-4073-g2005ed7
In the restaurant when you are infront of the MaitreD the game will often crash. Its hard to narrow this down to reproducible steps, since it happens at random times.
Its seems like it happens more often if I am clicking and if I have prod'ed the MaitreD a few times and he is dancing. Several times scummvm has crashed as soon as I reach the MaitreD. It also happens without clicking anything, but that is less likely.
Scummvm closes immediately with no message when it crashes.
Demo: https://streamable.com/a4big
When the video goes blank thats when scummvm exits.
3965-gc55132b no crash
3986-gc3f8f1a crash
4073-g2005ed7 crash
Attachments (1)
Change History (11)
by , 7 years ago
Attachment: | titanic-win-1.005 added |
---|
comment:1 by , 7 years ago
Can't reproduce a crash here, but valgrind give somewhat randomly reproducible warnings:
==31679== Conditional jump or move depends on uninitialised value(s) ==31679== at 0x6F7978: huffDescCompare (indeo.cpp:119) ==31679== by 0x6F7978: Image::Indeo::IVIHuffTab::decodeHuffDesc(Image::Indeo::IVI45DecContext*, int, int) (indeo.cpp:155) ==31679== by 0x6E179A: Image::Indeo4Decoder::decodePictureHeader() (indeo4.cpp:206) ==31679== by 0x6FB0EC: Image::Indeo::IndeoDecoderBase::decodeIndeoFrame() (indeo.cpp:502) ==31679== by 0x6E047C: Image::Indeo4Decoder::decodeFrame(Common::SeekableReadStream&) (indeo4.cpp:80) ==31679== by 0x6C2392: Video::AVIDecoder::AVIVideoTrack::decodeFrame(Common::SeekableReadStream*) (avi_decoder.cpp:889) ==31679== by 0x6C2921: Video::AVIDecoder::handleNextPacket(Video::AVIDecoder::TrackStatus&) (avi_decoder.cpp:538) ==31679== by 0x6C29CF: Video::AVIDecoder::readNextPacket() (avi_decoder.cpp:445) ==31679== by 0x6D11E1: Video::VideoDecoder::decodeNextFrame() (video_decoder.cpp:178) ==31679== by 0x617185: Titanic::AVISurface::renderFrame() (avi_surface.cpp:377) ==31679== by 0x5EA8EE: Titanic::OSMovie::handleEvents(Titanic::CMovieEventList&) (movie.cpp:163) ==31679== by 0x5FEFF3: Titanic::CGameManager::updateMovies() (game_manager.cpp:236) ==31679== by 0x5FF2F8: Titanic::CGameManager::update() (game_manager.cpp:167) ==31679== Uninitialised value was created by a heap allocation ==31679== at 0x4C2A610: operator new(unsigned long) (vg_replace_malloc.c:334) ==31679== by 0x6D9279: Image::createBitmapCodec(unsigned int, int, int, int) (codec.cpp:216) ==31679== by 0x6C1430: createCodec (avi_decoder.cpp:962) ==31679== by 0x6C1430: Video::AVIDecoder::AVIVideoTrack::AVIVideoTrack(int, Video::AVIDecoder::AVIStreamHeader const&, Video::AVIDecoder::BitmapInfoHeader const&, unsigned char*) (avi_decoder.cpp:873) ==31679== by 0x6C1CEE: Video::AVIDecoder::handleStreamHeader(unsigned int) (avi_decoder.cpp:297) ==31679== by 0x6C1F44: Video::AVIDecoder::parseNextChunk() (avi_decoder.cpp:169) ==31679== by 0x6C230F: Video::AVIDecoder::handleList(unsigned int) (avi_decoder.cpp:228) ==31679== by 0x6C1FB4: Video::AVIDecoder::parseNextChunk() (avi_decoder.cpp:151) ==31679== by 0x6C230F: Video::AVIDecoder::handleList(unsigned int) (avi_decoder.cpp:228) ==31679== by 0x6C1FB4: Video::AVIDecoder::parseNextChunk() (avi_decoder.cpp:151) ==31679== by 0x6C3197: Video::AVIDecoder::loadStream(Common::SeekableReadStream*) (avi_decoder.cpp:368) ==31679== by 0x61658C: Titanic::AVISurface::AVISurface(Titanic::CResourceKey const&) (avi_surface.cpp:56) ==31679== by 0x5EA67E: Titanic::OSMovie::OSMovie(Titanic::CResourceKey const&, Titanic::CVideoSurface*) (movie.cpp:85) ==31679== ==31823== Thread 4 SDLAudioDev1: ==31823== Use of uninitialised value of size 8 ==31823== at 0x59B3CCC: III_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59B5B2A: mad_layer_III (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59AEBA6: mad_frame_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x7AA960: Audio::BaseMP3Stream::decodeMP3Data(Common::ReadStream&) (mp3.cpp:166) ==31823== by 0x7AACFA: Audio::BaseMP3Stream::fillBuffer(Common::ReadStream&, short*, int) (mp3.cpp:322) ==31823== by 0x7C4C26: Audio::CopyRateConverter<false, false>::flow(Audio::AudioStream&, short*, unsigned int, unsigned short, unsigned short) (rate.cpp:315) ==31823== by 0x7A4EE9: Audio::Channel::mix(short*, unsigned int) (mixer.cpp:621) ==31823== by 0x7A4FFA: Audio::MixerImpl::mixCallback(unsigned char*, unsigned int) (mixer.cpp:293) ==31823== by 0x4E4FC61: SDL_RunAudio (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x4EAB25B: SDL_RunThread (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x4EF5ED8: RunThread (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x8FB7443: start_thread (in /lib64/libpthread-2.22.so) ==31823== Uninitialised value was created by a heap allocation ==31823== at 0x4C29FA0: malloc (vg_replace_malloc.c:299) ==31823== by 0x59B5D12: mad_layer_III (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59AEBA6: mad_frame_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x7AA960: Audio::BaseMP3Stream::decodeMP3Data(Common::ReadStream&) (mp3.cpp:166) ==31823== by 0x7AB390: Audio::MP3Stream::MP3Stream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (mp3.cpp:359) ==31823== by 0x7AB908: Audio::makeMP3Stream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (mp3.cpp:534) ==31823== by 0x7B1589: Audio::makeWAVStream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (wave.cpp:208) ==31823== by 0x5D9094: Titanic::CWaveFile::audioStream() (wave_file.cpp:183) ==31823== by 0x612E9F: Titanic::QMixer::qsWaveMixPump() (qmixer.cpp:239) ==31823== by 0x6132A2: Titanic::QMixer::qsWaveMixPlayEx(int, unsigned int, Titanic::CWaveFile*, int, Titanic::QMIXPLAYPARAMS const&) (qmixer.cpp:166) ==31823== by 0x5D6F27: Titanic::QSoundManager::playWave(Titanic::CWaveFile*, int, unsigned int, Titanic::CProximity&) (sound_manager.cpp:426) ==31823== by 0x5F47CA: Titanic::CTrueTalkManager::playSpeech(Titanic::TTtalker*, Titanic::TTroomScript*, Titanic::CViewItem*, bool) (true_talk_manager.cpp:536) ==31823== ==31823== Use of uninitialised value of size 8 ==31823== at 0x59B3D18: III_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59B5B2A: mad_layer_III (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59AEBA6: mad_frame_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x7AA960: Audio::BaseMP3Stream::decodeMP3Data(Common::ReadStream&) (mp3.cpp:166) ==31823== by 0x7AACFA: Audio::BaseMP3Stream::fillBuffer(Common::ReadStream&, short*, int) (mp3.cpp:322) ==31823== by 0x7C4C26: Audio::CopyRateConverter<false, false>::flow(Audio::AudioStream&, short*, unsigned int, unsigned short, unsigned short) (rate.cpp:315) ==31823== by 0x7A4EE9: Audio::Channel::mix(short*, unsigned int) (mixer.cpp:621) ==31823== by 0x7A4FFA: Audio::MixerImpl::mixCallback(unsigned char*, unsigned int) (mixer.cpp:293) ==31823== by 0x4E4FC61: SDL_RunAudio (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x4EAB25B: SDL_RunThread (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x4EF5ED8: RunThread (in /usr/lib64/libSDL2-2.0.so.0.4.1) ==31823== by 0x8FB7443: start_thread (in /lib64/libpthread-2.22.so) ==31823== Uninitialised value was created by a heap allocation ==31823== at 0x4C29FA0: malloc (vg_replace_malloc.c:299) ==31823== by 0x59B5D12: mad_layer_III (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x59AEBA6: mad_frame_decode (in /usr/lib64/libmad.so.0.2.1) ==31823== by 0x7AA960: Audio::BaseMP3Stream::decodeMP3Data(Common::ReadStream&) (mp3.cpp:166) ==31823== by 0x7AB390: Audio::MP3Stream::MP3Stream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (mp3.cpp:359) ==31823== by 0x7AB908: Audio::makeMP3Stream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (mp3.cpp:534) ==31823== by 0x7B1589: Audio::makeWAVStream(Common::SeekableReadStream*, DisposeAfterUse::Flag) (wave.cpp:208) ==31823== by 0x5D9094: Titanic::CWaveFile::audioStream() (wave_file.cpp:183) ==31823== by 0x612E9F: Titanic::QMixer::qsWaveMixPump() (qmixer.cpp:239) ==31823== by 0x6132A2: Titanic::QMixer::qsWaveMixPlayEx(int, unsigned int, Titanic::CWaveFile*, int, Titanic::QMIXPLAYPARAMS const&) (qmixer.cpp:166) ==31823== by 0x5D6F27: Titanic::QSoundManager::playWave(Titanic::CWaveFile*, int, unsigned int, Titanic::CProximity&) (sound_manager.cpp:426) ==31823== by 0x5F47CA: Titanic::CTrueTalkManager::playSpeech(Titanic::TTtalker*, Titanic::TTroomScript*, Titanic::CViewItem*, bool) (true_talk_manager.cpp:536)
comment:2 by , 7 years ago
Would it make sense to add asserts to this area of the code so we can see what exactly is getting tripped for me?
comment:3 by , 7 years ago
First valgrind warning is probably caused by an uninitialized IVIHuffTab::_custDesc::_numRows
.
comment:4 by , 7 years ago
asserts may only be useful if we could first narrow down the crash to a specific point. wjp's work with Valgrind may be helpful. I've added in anitialisation of _numRows.. lets see if it makes any difference for you. Given that I too can't replicate a crash locally.
comment:6 by , 7 years ago
Thread 1 "scummvm2" received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) backtrace #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x00000000007b6cf1 in Common::String::String (this=0x7ffffffb7950, str=0x6767695720706948 <error: Cannot access memory at address 0x6767695720706948>) at common/str.cpp:43 #2 0x000000000045dd7f in Titanic::CString::CString (this=0x7ffffffb7950, str=0x6767695720706948 <error: Cannot access memory at address 0x6767695720706948>) at ./engines/titanic/support/string.h:44 #3 0x00000000004e463d in Titanic::CMaitreDLegs::AnimateMaitreDMsg ( this=0x1f5ca30, msg=0x7ffffffb7a30) at engines/titanic/game/maitred/maitred_legs.cpp:71 #4 0x0000000000500036 in Titanic::CMessage::perform (this=0x7ffffffb7a30, treeItem=0x1f5ca30) at engines/titanic/messages/messages.cpp:105 #5 0x00000000004ffddb in Titanic::CMessage::execute (this=0x7ffffffb7a30, target=0x1f5b270, classDef=0x0, flags=1) at engines/titanic/messages/messages.cpp:58 #6 0x0000000000511be7 in Titanic::CMaitreD::NPCPlayTalkingAnimationMsg ( this=0x1f5b270, msg=0x7ffffffb7af0) at engines/titanic/npcs/maitre_d.cpp:168 #7 0x0000000000500036 in Titanic::CMessage::perform (this=0x7ffffffb7af0, treeItem=0x1f5b270) at engines/titanic/messages/messages.cpp:105 #8 0x00000000004ffddb in Titanic::CMessage::execute (this=0x7ffffffb7af0, target=0x1f5b270, classDef=0x0, flags=3) at engines/titanic/messages/messages.cpp:58
comment:7 by , 7 years ago
Starting program: /home/ubuntu/ScummVM/Builds/variable/scummvm2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffebe2f700 (LWP 11260)]
[New Thread 0x7fffeb62e700 (LWP 11261)]
[New Thread 0x7fffd3dc5700 (LWP 11262)]
[New Thread 0x7fffcb5c2700 (LWP 11263)]
[New Thread 0x7fffcadc1700 (LWP 11264)]
Thread 1 "scummvm2" received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: No such file or directory.
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00000000007b6cf1 in Common::String::String (this=0x7ffffffb7c80,
str=0x6767695720706948 <error: Cannot access memory at address 0x6767695720706948>) at common/str.cpp:43
#2 0x000000000045dd7f in Titanic::CString::CString (this=0x7ffffffb7c80,
str=0x6767695720706948 <error: Cannot access memory at address 0x6767695720706948>) at ./engines/titanic/support/string.h:44
#3 0x00000000004e463d in Titanic::CMaitreDLegs::AnimateMaitreDMsg (this=0x1f5d7c0, msg=0x7ffffffb7d60)
at engines/titanic/game/maitred/maitred_legs.cpp:71
#4 0x0000000000500036 in Titanic::CMessage::perform (this=0x7ffffffb7d60, treeItem=0x1f5d7c0)
at engines/titanic/messages/messages.cpp:105
#5 0x00000000004ffddb in Titanic::CMessage::execute (this=0x7ffffffb7d60, target=0x1f5c000, classDef=0x0, flags=1)
at engines/titanic/messages/messages.cpp:58
#6 0x0000000000511be7 in Titanic::CMaitreD::NPCPlayTalkingAnimationMsg (this=0x1f5c000, msg=0x7ffffffb7e30)
at engines/titanic/npcs/maitre_d.cpp:168
#7 0x0000000000500036 in Titanic::CMessage::perform (this=0x7ffffffb7e30, treeItem=0x1f5c000)
at engines/titanic/messages/messages.cpp:105
#8 0x00000000004ffddb in Titanic::CMessage::execute (this=0x7ffffffb7e30, target=0x1f5c000, classDef=0x0, flags=3)
at engines/titanic/messages/messages.cpp:58
#9 0x000000000051c4cd in Titanic::CTrueTalkNPC::MovieEndMsg (this=0x1f5c000, msg=0x7ffffffb7f50)
at engines/titanic/npcs/true_talk_npc.cpp:160
#10 0x0000000000500036 in Titanic::CMessage::perform (this=0x7ffffffb7f50, treeItem=0x1f5c000)
at engines/titanic/messages/messages.cpp:105
#11 0x00000000004ffddb in Titanic::CMessage::execute (this=0x7ffffffb7f50, target=0x1f5c000, classDef=0x0, flags=3)
at engines/titanic/messages/messages.cpp:58
#12 0x0000000000583a64 in Titanic::CGameManager::updateMovies (this=0x1a8e280) at engines/titanic/game_manager.cpp:245
#13 0x000000000058362b in Titanic::CGameManager::update (this=0x1a8e280) at engines/titanic/game_manager.cpp:167
#14 0x0000000000587ded in Titanic::CMainGameWindow::mouseChanged (this=0x151af30) at engines/titanic/main_game_window.cpp:229
#15 0x0000000000587eef in Titanic::CMainGameWindow::mouseMove (this=0x151af30, mousePos=...) at engines/titanic/main_game_window.cpp:263
#16 0x0000000000582117 in Titanic::Events::pollEvents (this=0x1518d50) at engines/titanic/events.cpp:102
#17 0x0000000000582146 in Titanic::Events::pollEventsAndWait (this=0x1518d50) at engines/titanic/events.cpp:108
#18 0x000000000045d465 in Titanic::TitanicEngine::run (this=0x14d0f40) at engines/titanic/titanic.cpp:144
#19 0x000000000040e00e in runGame (plugin=0xce3e80, system=..., edebuglevels=...) at base/main.cpp:263
#20 0x000000000040f1d1 in scummvm_main (argc=1, argv=0x7fffffffdf38) at base/main.cpp:529
#21 0x000000000040c17e in main (argc=1, argv=0x7fffffffdf38) at backends/platform/sdl/posix/posix-main.cpp:45
comment:8 by , 7 years ago
Thanks, that backtrace is very useful. This might now be fixed by 4c27396aaae3ee31849a2934ca932149414f1290.
comment:9 by , 7 years ago
Owner: | set to |
---|---|
Resolution: | → fixed |
Status: | new → closed |
That did the trick.
restaurant