id summary reporter owner description type status priority component version resolution keywords cc game 1033 SKY: Suspicious memory access in RNC decoder eriktorbjorn "{{{#!Markdown I've tried running BASS \(v0.0372\) with both Valgrind and Electric Fence, and they both seem to agree that there are times when the RNC decoder reads outside of its allocated buffer. Here's a stack trace of one such case: \#0 RncDecoder::inputBits\(unsigned char\) \(this=0xbfffe520, amount=7 '\a'\) at scummsys.h:378 \#1 0x080cbf1a in RncDecoder::inputValue\(unsigned short\*\) \(this=0xbfffe520, table=0x40b52ffd\) at sky/rnc\_deco.cpp:154 \#2 0x080cc1d0 in RncDecoder::unpackM1\(void const\*, void\*, unsigned short\) \(this=0xbfffe520, input=0xa, output=0x40b54efa, key=0\) at sky/rnc\_deco.cpp:244 \#3 0x080c6b49 in SkyDisk::loadFile\(unsigned short, unsigned char\*\) \(this=0x40b0ce5c, fileNr=11910, dest=0x40b54efa ""\) at sky/disk.cpp:199 \#4 0x080cb5d1 in SkyMouse \(this=0x412fcfe0, system=0x40b52fff, skyDisk=0x40b52fff\) at sky/mouse.cpp:87 \#5 0x080b7bfa in SkyState::initialise\(\) \(this=0x40aeaf98\) at sky/sky.cpp:253 \#6 0x080b76b5 in SkyState::go\(\) \(this=0x40aeaf98\) at sky/sky.cpp:176 \#7 0x080da661 in main \(argc=2, argv=0xbffffb94\) at common/main.cpp:230 Could this have any bearing on the random crashes that some people - me included - have been seeing? The good news is that this particular one happens when loading MICE\_FILE, which appears to be pretty small. That should make it easier to understand what's going on, right? }}} {{{#!div style=""font-size: 75%"" Ticket imported from: !#771549. Ticket imported from: bugs/1033. }}}" defect closed normal Engine: Sky fixed Beneath a Steel Sky