Opened 2 years ago
Closed 22 months ago
Last modified 22 months ago
#12188 closed defect (outdated)
SCUMM: COMI: iMUSE crash on region number assertion
|Reported by:||orgads||Owned by:||orgads|
|Cc:||orgads||Game:||Monkey Island 3|
I'm using a development build. ScummVM crashed shortly after I threw the cheese to the volcano. I can't reproduce, but the error was that the following assertion was violated:
assert(region >= 0 && region < soundDesc->numRegions);
Saved game attached, but like I said - it doesn't reproduce.
I attached a debugger and found that region is 1 and numRegions is also 1.
These are the values of the other variables:
buf 0x0 byte* header_outside false bool header_size 443791488 int offset 0 int32 offset_data 0 int32 region 1 int region_length 0 int32 region_offset 442622752 int32 size 3307 int32 soundDesc @0x2131a63f810 Scumm::ImuseDigiSndMgr::SoundDesc allData 0x0 byte* bits 12 byte bundle 0x0 Scumm::BundleMgr* channels 1 byte compressed false bool compressedStream 0x0 Audio::SeekableAudioStream* disk 2 int endFlag false bool freq 11025 uint16 inUse true bool jump @0x2131937c2b0 Scumm::ImuseDigiSndMgr::Jump dest 531 int32 fadeDelay -25723 int16 hookId 73 byte offset -1878423586 int32 lastFileName "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" char littleEndian false bool marker @0x2131a73baf0 Scumm::ImuseDigiSndMgr::Marker length 13 int32 pos 138 int32 ptr "LAVABBL2.44S" char* name "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" char numJumps 0 int numMarkers 2 int numRegions 1 int numSyncs 0 int offsetData 138 int32 region @0x2131937c2f0 Scumm::ImuseDigiSndMgr::Region length 59530 int32 offset 138 int32 resPtr "iMUS" byte* soundId 595 int16 sync @0x2131937c300 Scumm::ImuseDigiSndMgr::Sync ptr 0x800173009b88e952 byte* size -2139588797 int32 type 1 int volGroupId 2 int start 531 int32
Change History (9)
by , 2 years ago
comment:1 by , 2 years ago
|Summary:||Crash on comi (iMuse) → SCUMM: COMI: iMUSE crash on region number assertion|
comment:2 by , 2 years ago
comment:3 by , 2 years ago
I doubt this will help. The loop in getRegionIdByJumpId is limited by soundDesc->numRegions. Can numRegions change? Maybe there's a race somewhere.
comment:4 by , 22 months ago
Does this still happen in the latest build?
comment:5 by , 22 months ago
Can we close this?
comment:6 by , 22 months ago
|Status:||new → closed|
It was extremely rare anyway, and I have no idea how to reproduce it.
comment:7 by , 22 months ago
Oh, I could actually reproduce it :-). It was easy to reproduce in the MSVC debugger.
But I think it is actually fixed now.
comment:8 by , 22 months ago
Darn. I'm really having a hard time reproducing it; this should never happen, since any request for a region higher than the total number of regions is already blocked in
All things considered, though, this happens in the same function after a while (Line 593):
and then this region variable is assigned to track->curRegion in a couple of instances.
A guess that a quick fix is to go to the line above and add a doublecheck to always have a region whose id is lower than the maximum number of regions for that soundDesc (and if an error occurs, what should we do?).
But I don't know how to test the fix if I can't reproduce the behaviour :-(