#10665 closed defect (fixed)

Lands of Lore 1 bug which leads to a crash.

Reported by: Traveler84 Owned by: digitall
Priority: normal Component: Engine: Kyra
Keywords: has-pull-request Cc:
Game: Lands of Lore

Description

At Urbish mines level 4, when I encounter an overhanging lobster-like creature, the game and Scummvm always crashes. I have not found a way out of it. Clearly a unpassable bug, which is not avoidable - at least not for me.

My Scummvm version is 2.0.0 and using a laptop with windows 10.

At save game, kill the creature in front of you and then comes the lobster monster at which point the game crashes. I have tried at least 10-15 times to use different ways to encounter the lobster, but nothing has helped.

Attachments (1)

lol-cd.026 (24.7 KB ) - added by Traveler84 16 months ago.

Download all attachments as: .zip

Change History (7)

by Traveler84, 16 months ago

Attachment: lol-cd.026 added

comment:1 by Traveler84, 16 months ago

Forgot to tell that the game is an English version of Lands of Lore; The Throne of Chaos (CD-DOS, MULTILANGUAGE). It seems that the game files have been created or last modified in 1996. Can´t remember where I downloaded the game though.

In addition, some spesific details; Windows version is Windows Home 10.0.17134, x64-based and computer is Lenovo ideapad 80TJ.

comment:2 by digitall, 15 months ago

Component: --Unset--Engine: Kyra

comment:3 by digitall, 15 months ago

Replicated crash from savegame (Use Heal Spell on left fighter, Use them to do Freeze Spell on Rock Monster and keep Hitting).

I re-ran this using Valgrind and this shows invalid memory accesses in one of the sound effect loading functions i.e.
==21693== Invalid read of size 2
==21693== at 0x2A67D0: Kyra::LoLEngine::snd_playSoundEffect(int, int) (endian
.h:234)
==21693== by 0x2ACAEE: Kyra::LoLEngine::chasePartyWithCloseAttacks(Kyra::LoLM
onster*) (sprites_lol.cpp:1297)
==21693== by 0x2ABF3F: Kyra::LoLEngine::updateMonster(Kyra::LoLMonster*) (spr
ites_lol.cpp:1112)
==21693== by 0x2BB77E: Kyra::LoLEngine::timerProcessMonsters(int) (timer_lol.
cpp:53)
==21693== by 0x2BC638: Common::Functor1Mem<int, void, Kyra::LoLEngine>::opera
tor()(int) const (func.h:451)
==21693== by 0x250B0D: Kyra::TimerManager::update() (timer.cpp:119)
==21693== by 0x264EB4: Kyra::LoLEngine::runLoop() (lol.cpp:889)

This occurs several times before the segmentation fault i.e.
==21693== Invalid read of size 1
==21693== at 0x5A8391: scumm_stricmp(char const*, char const*) (str.cpp:1036)
==21693== by 0x2A6894: Kyra::LoLEngine::snd_playSoundEffect(int, int) (sound_
lol.cpp:185)
==21693== by 0x2ACAEE: Kyra::LoLEngine::chasePartyWithCloseAttacks(Kyra::LoLM
onster*) (sprites_lol.cpp:1297)
==21693== by 0x2ABF3F: Kyra::LoLEngine::updateMonster(Kyra::LoLMonster*) (spr
ites_lol.cpp:1112)
==21693== by 0x2BB77E: Kyra::LoLEngine::timerProcessMonsters(int) (timer_lol.
cpp:53)

comment:4 by digitall, 15 months ago

It appears that while the size of the sound index is 1000 (_soundIndexSize) bytes, and thus 500 16 bit values, the second half of these are not initialised properly or maybe only bytes 499/500. There are several other places in the KYRA engine which refer to "Unknown 500 bytes" so maybe the same.

The following patch fixes this issue in LoL:

diff --git a/engines/kyra/sound_lol.cpp b/engines/kyra/sound_lol.cpp
index 51239bc444..ec48dc8c30 100644
--- a/engines/kyra/sound_lol.cpp
+++ b/engines/kyra/sound_lol.cpp
@@ -161,7 +161,7 @@ void LoLEngine::snd_playSoundEffect(int track, int volume) {
                return;
 
        _lastSfxTrack = track;
-       if (track == -1 || track >= _ingameSoundIndexSize)
+       if (track == -1 || track >= (_ingameSoundIndexSize - 500) / 2)
                return;
 
        volume &= 0xFF;

However, not sure if this is the right solution... Need to check with a KYRA engine developer.

comment:5 by digitall, 14 months ago

Keywords: has-pull-request added

Because this needs review, have created a pull request:
https://github.com/scummvm/scummvm/pull/1352

comment:6 by digitall, 14 months ago

Owner: set to digitall
Resolution: fixed
Status: newclosed

Fix committed as 3f21fff11140f01ae80d487f0c10d1e2647ac5dd.

Closing as fixed.

Note: See TracTickets for help on using tickets.