Opened 9 months ago

Closed 9 months ago

#10884 closed defect (fixed)

SCI: ECO1: Mosaic puzzle crash (CD version)

Reported by: sluicebox Owned by: bluegr
Priority: normal Component: Engine: SCI
Keywords: original has-pull-request Cc:
Game: EcoQuest 1

Description

The temple (room 140) has a complex script bug in the CD version which can crash the interpreter when solving the mosaic puzzle after loading a game that was saved during the puzzle. The bug causes invalid memory access which locks up Sierra's interpreter and can cause ScummVM to fail an assertion.

This is a script bug that puts the game in a state that's unsafe to save. When restoring and solving the puzzle the interpreter will attempt to use a stale hunk address from before the restore.

For this bug to occur, the conch shell must still be on the pedestal in the center of the room.

To reproduce in Sierra's interpreter with attached save game:

  1. Click Do on the mosaic to bring up the puzzle
  2. Save the game
  3. Load the new saved game
  4. Solve the puzzle (manually or by clicking Help a lot)
  5. The game will freeze


To reproduce in ScummVM with attached save game

  1. Enter temple
  2. Click Do on the mosaic to bring up the puzzle
  3. In the debugger type "send shell underBits" and record the result
  4. Save the game
  5. Load the new saved game
  6. In the debugger type "send shell underBits" to see that the value hasn't changed
  7. In the debugger type "segtable" and record the hunk segment
  8. Solve the puzzle (manually or by clicking Help a lot)
  9. If the hunk segment equals shell:underBits' segment then an assertion will fail, otherwise there will be a console warning such as "Attempt to free Hunk from address 002c:051e: Invalid segment type 9!"


To quickly test the script patch with attached save game

  1. Enter temple
  2. Click Do on the mosaic to bring up the puzzle
  3. In the debugger type "send shell underBits" to see that it is zero


The script patch fully disposes of shell's resources when the puzzle is displayed so that it's safe to save the game.

Attachments (2)

ecoquest-cd.005 (40.2 KB ) - added by sluicebox 9 months ago.
ECOSG.004 (10.8 KB ) - added by sluicebox 9 months ago.

Download all attachments as: .zip

Change History (5)

by sluicebox, 9 months ago

Attachment: ecoquest-cd.005 added

by sluicebox, 9 months ago

Attachment: ECOSG.004 added

comment:2 by Filippos Karapetis <bluegr@…>, 9 months ago

In c03e52be:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled? 

comment:3 by bluegr, 9 months ago

Owner: set to bluegr
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.