Opened 19 months ago

Closed 13 months ago

Last modified 13 months ago

#12188 closed defect (outdated)

SCUMM: COMI: iMUSE crash on region number assertion

Reported by: orgads Owned by: orgads
Priority: normal Component: Engine: SCUMM
Version: Keywords: imuse comi
Cc: orgads Game: Monkey Island 3

Description

I'm using a development build. ScummVM crashed shortly after I threw the cheese to the volcano. I can't reproduce, but the error was that the following assertion was violated:

assert(region >= 0 && region < soundDesc->numRegions);

Saved game attached, but like I said - it doesn't reproduce.

I attached a debugger and found that region is 1 and numRegions is also 1.

These are the values of the other variables:

buf 0x0 byte*
header_outside false bool
header_size 443791488 int
offset 0 int32
offset_data 0 int32
region 1 int
region_length 0 int32
region_offset 442622752 int32
size 3307 int32
soundDesc @0x2131a63f810 Scumm::ImuseDigiSndMgr::SoundDesc
allData 0x0 byte*
bits 12 byte
bundle 0x0 Scumm::BundleMgr*
channels 1 byte
compressed false bool
compressedStream 0x0 Audio::SeekableAudioStream*
disk 2 int
endFlag false bool
freq 11025 uint16
inUse true bool
jump @0x2131937c2b0 Scumm::ImuseDigiSndMgr::Jump
dest 531 int32
fadeDelay -25723 int16
hookId 73 byte
offset -1878423586 int32
lastFileName "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" char[24]
littleEndian false bool
marker @0x2131a73baf0 Scumm::ImuseDigiSndMgr::Marker
length 13 int32
pos 138 int32
ptr "LAVABBL2.44S" char*
name "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" char[15]
numJumps 0 int
numMarkers 2 int
numRegions 1 int
numSyncs 0 int
offsetData 138 int32
region @0x2131937c2f0 Scumm::ImuseDigiSndMgr::Region
length 59530 int32
offset 138 int32
resPtr "iMUS" byte*
soundId 595 int16
sync @0x2131937c300 Scumm::ImuseDigiSndMgr::Sync
ptr 0x800173009b88e952 byte*
size -2139588797 int32
type 1 int
volGroupId 2 int
start 531 int32

Attachments (1)

comi.s16 (79.1 KB ) - added by orgads 19 months ago.

Download all attachments as: .zip

Change History (9)

by orgads, 19 months ago

Attachment: comi.s16 added

comment:1 by AndywinXp, 19 months ago

Summary: Crash on comi (iMuse)SCUMM: COMI: iMUSE crash on region number assertion

comment:2 by AndywinXp, 19 months ago

Darn. I'm really having a hard time reproducing it; this should never happen, since any request for a region higher than the total number of regions is already blocked in

void IMuseDigital::switchToNextRegion(Track *track) {
	...
	int num_regions = _sound->getNumRegions(track->soundDesc);

	if (++track->curRegion == num_regions) {
		flushTrack(track);
		debug(5, "SwToNeReg(trackId:%d) - end of region, exiting SwToNeReg", track->trackId);
		return;
	}
	...
}

All things considered, though, this happens in the same function after a while (Line 593):

int region = _sound->getRegionIdByJumpId(soundDesc, jumpId);

and then this region variable is assigned to track->curRegion in a couple of instances.

A guess that a quick fix is to go to the line above and add a doublecheck to always have a region whose id is lower than the maximum number of regions for that soundDesc (and if an error occurs, what should we do?).

But I don't know how to test the fix if I can't reproduce the behaviour :-(

comment:3 by orgads, 19 months ago

I doubt this will help. The loop in getRegionIdByJumpId is limited by soundDesc->numRegions. Can numRegions change? Maybe there's a race somewhere.

comment:4 by AndywinXp, 14 months ago

Does this still happen in the latest build?

comment:5 by athrxx, 13 months ago

Can we close this?

comment:6 by orgads, 13 months ago

Owner: set to orgads
Resolution: outdated
Status: newclosed

It was extremely rare anyway, and I have no idea how to reproduce it.

comment:7 by athrxx, 13 months ago

Oh, I could actually reproduce it :-). It was easy to reproduce in the MSVC debugger.
But I think it is actually fixed now.

comment:8 by orgads, 13 months ago

Ok :)

Note: See TracTickets for help on using tickets.