Opened 5 years ago

Closed 5 years ago

Last modified 2 years ago

#10884 closed defect (fixed)

SCI: ECO1: Mosaic puzzle crash (CD version)

Reported by: sluicebox Owned by: sluicebox
Priority: normal Component: Engine: SCI
Version: Keywords: original has-pull-request
Cc: Game: EcoQuest 1

Description

The temple (room 140) has a complex script bug in the CD version which can crash the interpreter when solving the mosaic puzzle after loading a game that was saved during the puzzle. The bug causes invalid memory access which locks up Sierra's interpreter and can cause ScummVM to fail an assertion.

This is a script bug that puts the game in a state that's unsafe to save. When restoring and solving the puzzle the interpreter will attempt to use a stale hunk address from before the restore.

For this bug to occur, the conch shell must still be on the pedestal in the center of the room.

To reproduce in Sierra's interpreter with attached save game:

  1. Click Do on the mosaic to bring up the puzzle
  2. Save the game
  3. Load the new saved game
  4. Solve the puzzle (manually or by clicking Help a lot)
  5. The game will freeze


To reproduce in ScummVM with attached save game

  1. Enter temple
  2. Click Do on the mosaic to bring up the puzzle
  3. In the debugger type "send shell underBits" and record the result
  4. Save the game
  5. Load the new saved game
  6. In the debugger type "send shell underBits" to see that the value hasn't changed
  7. In the debugger type "segtable" and record the hunk segment
  8. Solve the puzzle (manually or by clicking Help a lot)
  9. If the hunk segment equals shell:underBits' segment then an assertion will fail, otherwise there will be a console warning such as "Attempt to free Hunk from address 002c:051e: Invalid segment type 9!"


To quickly test the script patch with attached save game

  1. Enter temple
  2. Click Do on the mosaic to bring up the puzzle
  3. In the debugger type "send shell underBits" to see that it is zero


The script patch fully disposes of shell's resources when the puzzle is displayed so that it's safe to save the game.

Attachments (2)

ecoquest-cd.005 (40.2 KB ) - added by sluicebox 5 years ago.
ECOSG.004 (10.8 KB ) - added by sluicebox 5 years ago.

Download all attachments as: .zip

Change History (6)

by sluicebox, 5 years ago

Attachment: ecoquest-cd.005 added

by sluicebox, 5 years ago

Attachment: ECOSG.004 added

comment:2 by Filippos Karapetis <bluegr@…>, 5 years ago

In c03e52be:

SCI: Fix ECO1CD Mosaic puzzle crash, bug #10884

Fixes a bug in the original that crashes the interpreter

comment:3 by bluegr, 5 years ago

Owner: set to bluegr
Resolution: fixed
Status: newclosed

comment:4 by sluicebox, 2 years ago

Owner: changed from bluegr to sluicebox
Note: See TracTickets for help on using tickets.