#10229 closed defect (fixed)

SCI: SQ4: Shoplifting crashes the game

Reported by: EricOakford Owned by: csnover
Priority: normal Component: Engine: SCI
Keywords: Cc:
Game: Space Quest 4

Description

ScummVM: 1.10.0git-4978-g9e2d78446e
Game: Space Quest 4 Windows CD 1.0
OS: Win7-64

Attempting to shoplift the SQ4 hintbook crashes the game with this error:
"Uninitialized read for temp 0 form method fromStoreScript::changeState (room 395, script 395, localCall ffffffff)!"

Attachments (1)

sq4-cd-win.031 (40.0 KB) - added by EricOakford 19 months ago.
Savegame with SQ4 hintbook in inventory, but not paid for yet (Windows CD 1.0)

Download all attachments as: .zip

Change History (5)

Changed 19 months ago by EricOakford

Attachment: sq4-cd-win.031 added

Savegame with SQ4 hintbook in inventory, but not paid for yet (Windows CD 1.0)

comment:1 Changed 19 months ago by dafioram

Thanks for your submission.
ScummVM: 1.10.0git-5038-gd9cdfca2fcb
Backtrace:

0: script 0 - sq4::replay()
     obj@0001:2224 pc=0001:05fe sp=ST:0015 fp=ST:0000 argp:ST:0001
 1: script 994 - Game::replay()
     by 0 obj@0001:2224 pc=0010:0448 sp=ST:0018 fp=ST:0017 argp:ST:0016
 2: script 0 - sq4::doit()
     by 1 obj@0001:2224 pc=0001:0737 sp=ST:001a fp=ST:001a argp:ST:0019
 3: script 994 - Game::doit()
     by 2 obj@0001:2224 pc=0010:05e5 sp=ST:001f fp=ST:001c argp:ST:001b
 4: script 999 - regions::eachElementDo(0000:0039)
     by 3 obj@0010:1016 pc=0008:0473 sp=ST:0025 fp=ST:0022 argp:ST:0020
 5: script 395 - rm395::doit()
     by 4 obj@00b2:126b pc=00b2:07ce sp=ST:0029 fp=ST:0027 argp:ST:0026
 6: script 812 - SQRoom::doit()
     by 5 obj@00b2:126b pc=002d:01c5 sp=ST:002c fp=ST:002b argp:ST:002a
 7: script 999 - fromStoreScript::doit()
     by 6 obj@00b2:136b pc=0008:06f3 sp=ST:002f fp=ST:002e argp:ST:002d
 8: script 999 - fromStoreScript::cue()
     by 7 obj@00b2:136b pc=0008:0804 sp=ST:0031 fp=ST:0031 argp:ST:0030
 9: script 395 - fromStoreScript::changeState(0000:0005)
     by 8 obj@00b2:136b pc=00b2:0f0f sp=ST:0040 fp=ST:0034 argp:ST:0032

comment:2 Changed 19 months ago by dafioram

The address at 00b2:0f0f contains: lst 00 which pushes the value in temporary variable 0 onto the stack. At this point the value for temporary variable 0 has value 1fff:0000 (unintialized) hence why it crashes.

comment:3 Changed 19 months ago by dafioram

Fixed by PR1031.

comment:4 Changed 19 months ago by csnover

Owner: set to csnover
Resolution: fixed
Status: newclosed

Thanks for your report and patch! A patch for this issue has been added in commit c88d5519c2e2672ce7faabfa52f36af4a8706cba and will be available in daily builds 1.10.0git-5064 and later.

Note: See TracTickets for help on using tickets.