Lands of Lore 1 bug which leads to a crash.

[Traveler84]

At Urbish mines level 4, when I encounter an overhanging lobster-like creature, the game and Scummvm always crashes. I have not found a way out of it. Clearly a unpassable bug, which is not avoidable - at least not for me.

My Scummvm version is 2.0.0 and using a laptop with windows 10.

At save game, kill the creature in front of you and then comes the lobster monster at which point the game crashes. I have tried at least 10-15 times to use different ways to encounter the lobster, but nothing has helped.

[Traveler84]

Forgot to tell that the game is an English version of Lands of Lore; The Throne of Chaos (CD-DOS, MULTILANGUAGE). It seems that the game files have been created or last modified in 1996. Can´t remember where I downloaded the game though.

In addition, some spesific details; Windows version is Windows Home 10.0.17134, x64-based and computer is Lenovo ideapad 80TJ.

[digitall]

Replicated crash from savegame (Use Heal Spell on left fighter, Use them to do Freeze Spell on Rock Monster and keep Hitting).

I re-ran this using Valgrind and this shows invalid memory accesses in one of the sound effect loading functions i.e.
==21693== Invalid read of size 2
==21693== at 0x2A67D0: Kyra::LoLEngine::snd_playSoundEffect(int, int) (endian
.h:234)
==21693== by 0x2ACAEE: Kyra::LoLEngine::chasePartyWithCloseAttacks(Kyra::LoLM
onster*) (sprites_lol.cpp:1297)
==21693== by 0x2ABF3F: Kyra::LoLEngine::updateMonster(Kyra::LoLMonster*) (spr
ites_lol.cpp:1112)
==21693== by 0x2BB77E: Kyra::LoLEngine::timerProcessMonsters(int) (timer_lol.
cpp:53)
==21693== by 0x2BC638: Common::Functor1Mem<int, void, Kyra::LoLEngine>::opera
tor()(int) const (func.h:451)
==21693== by 0x250B0D: Kyra::TimerManager::update() (timer.cpp:119)
==21693== by 0x264EB4: Kyra::LoLEngine::runLoop() (lol.cpp:889)

This occurs several times before the segmentation fault i.e.
==21693== Invalid read of size 1
==21693== at 0x5A8391: scumm_stricmp(char const*, char const*) (str.cpp:1036)
==21693== by 0x2A6894: Kyra::LoLEngine::snd_playSoundEffect(int, int) (sound_
lol.cpp:185)
==21693== by 0x2ACAEE: Kyra::LoLEngine::chasePartyWithCloseAttacks(Kyra::LoLM
onster*) (sprites_lol.cpp:1297)
==21693== by 0x2ABF3F: Kyra::LoLEngine::updateMonster(Kyra::LoLMonster*) (spr
ites_lol.cpp:1112)
==21693== by 0x2BB77E: Kyra::LoLEngine::timerProcessMonsters(int) (timer_lol.
cpp:53)

[digitall]

It appears that while the size of the sound index is 1000 (_soundIndexSize) bytes, and thus 500 16 bit values, the second half of these are not initialised properly or maybe only bytes 499/500. There are several other places in the KYRA engine which refer to "Unknown 500 bytes" so maybe the same.

The following patch fixes this issue in LoL:

diff --git a/engines/kyra/sound_lol.cpp b/engines/kyra/sound_lol.cpp
index 51239bc444..ec48dc8c30 100644
--- a/engines/kyra/sound_lol.cpp
+++ b/engines/kyra/sound_lol.cpp
@@ -161,7 +161,7 @@ void LoLEngine::snd_playSoundEffect(int track, int volume) {
                return;
 
        _lastSfxTrack = track;
-       if (track == -1 || track >= _ingameSoundIndexSize)
+       if (track == -1 || track >= (_ingameSoundIndexSize - 500) / 2)
                return;
 
        volume &= 0xFF;

However, not sure if this is the right solution... Need to check with a KYRA engine developer.

[digitall]

Because this needs review, have created a pull request:
​https://github.com/scummvm/scummvm/pull/1352

[digitall]

Fix committed as 3f21fff11140f01ae80d487f0c10d1e2647ac5dd.

Closing as fixed.

[SteffenKuch]

Hi,

sorry for disturbing - but how can i fix this bug without knowing something about github or kyra engine...?
I am just a player, thank you!

[digitall]

SteffenKuch: This bug is closed as the fix was committed to the codebase before the v2.1.0 release so this bug should be fixed if you are running the latest version of ScummVM i.e. v2.1.1: ​https://www.scummvm.org/downloads/

If you have already updated to the latest and this is still occurring, then you should report that as a new bug item referencing this bug as a possible regression.