SCI: Police Quest IV sometimes segfaults in DEV version with __memmove_avx_unaligned_erms () when the menu button is pressed

[heavysink]

VERSION
ScummVM 2.3.0git (Aug 16 2021 17:26:07)
Features compiled in: TAINTED Vorbis FLAC MP3 ALSA SEQ TiMidity RGB zLib MPEG2 FluidSynth Theora AAC A/52 FreeType2 FriBiDi JPEG PNG GIF cloud (servers, local) TinyGL OpenGL (with shaders) GLEW

DESCRIPTION
When calling the menu in-game, Police Quest IV sometimes crashes with SEGFAULT. GDB output:

GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from scummvm...
(No debugging symbols found in scummvm)
(gdb) run
Starting program: /usr/bin/scummvm 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Detaching after fork from child process 206408]
[New Thread 0x7fffee21d640 (LWP 206432)]
[New Thread 0x7fffed9ca640 (LWP 206434)]
[New Thread 0x7fffed989640 (LWP 206435)]
WARNING: SDL mixer output buffer size: 512 differs from desired: 1024!
[New Thread 0x7fffed188640 (LWP 206436)]
[New Thread 0x7fffbee5d640 (LWP 206437)]
[Thread 0x7fffbee5d640 (LWP 206437) exited]
User picked target 'pq4-cd' (engine ID 'sci', game ID 'pq4')...
   Looking for a plugin supporting this target... SCI [all games]
Connected to Alsa sequencer client [28:0]
ALSA client initialized [128:0]

Thread 1 "scummvm" received signal SIGSEGV, Segmentation fault.
0x00007ffff6a2f738 in __memmove_avx_unaligned_erms () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff6a2f738 in __memmove_avx_unaligned_erms () at /usr/lib/libc.so.6
#1  0x000055555775a491 in  ()
#2  0x000055555775a8c6 in  ()
#3  0x00005555577489fa in  ()
#4  0x00005555577afe52 in  ()
#5  0x00005555577b0803 in  ()
#6  0x000055555779f3fc in  ()
#7  0x0000555557787901 in  ()
#8  0x000055555770c24f in  ()
#9  0x00005555576fce6b in  ()
#10 0x00005555576c4b7a in  ()
#11 0x000055555770c24f in  ()
#12 0x00005555576a5144 in  ()
#13 0x00005555576a589c in  ()
#14 0x0000555555cdb537 in  ()
#15 0x0000555555cdd2f6 in  ()
#16 0x0000555555cb0ab9 in main ()
(gdb) quit

Game version
PQ4, DOS, CD version

Ways to reproduce

1. Enter the game
2. Press the menu button (for saving game, restoring game, etc.)
3. Sometimes it crashes

Note
ScummVM 2.2 does not have such problem

[sev-]

I am not able to reproduce it, I launched the menu a couple of dozen times without any problem.

Since you're on *nix, could you please compile scummvm with the following flags:

./configure --enable-asan --disable-all-engines --enable-engine=sci

and run it again. This will provide us with a more meaningful stack backtrace. Your scummvm is stripped of debug symbols and the output is not possible to work with.

[heavysink]

Hi,

I run it again with ./configure --enable-asan --disable-all-engines --enable-engine=sci32 and this time it will quit during game. The message is

==217823==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs operator delete) on 0x7fffe4f3d800
    #0 0x7ffff7675819 in operator delete(void*) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cpp:160
    #1 0x55555655e096  (/usr/bin/scummvm+0x100a096)
    #2 0x55555652513b  (/usr/bin/scummvm+0xfd113b)
    #3 0x555556554851  (/usr/bin/scummvm+0x1000851)
    #4 0x555556554a57  (/usr/bin/scummvm+0x1000a57)
    #5 0x5555565d652d  (/usr/bin/scummvm+0x108252d)
    #6 0x5555565b424c  (/usr/bin/scummvm+0x106024c)
    #7 0x7ffff74978e3  (/usr/lib/libSDL2-2.0.so.0+0x788e3)
    #8 0x7ffff7497442  (/usr/lib/libSDL2-2.0.so.0+0x78442)
    #9 0x7ffff753b0b9  (/usr/lib/libSDL2-2.0.so.0+0x11c0b9)
    #10 0x7ffff648b258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
    #11 0x7ffff60585e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)

0x7fffe4f3d800 is located 0 bytes inside of 10485760-byte region [0x7fffe4f3d800,0x7fffe593d800)
allocated by thread T4 (SDLTimer) here:
    #0 0x7ffff7674e21 in operator new[](unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cpp:102
    #1 0x555556528312  (/usr/bin/scummvm+0xfd4312)
    #2 0x55555652b997  (/usr/bin/scummvm+0xfd7997)
    #3 0x55555655f886  (/usr/bin/scummvm+0x100b886)
    #4 0x5555565257fe  (/usr/bin/scummvm+0xfd17fe)
    #5 0x555556560915  (/usr/bin/scummvm+0x100c915)
    #6 0x555556554665  (/usr/bin/scummvm+0x1000665)
    #7 0x555556554a57  (/usr/bin/scummvm+0x1000a57)
    #8 0x5555565d652d  (/usr/bin/scummvm+0x108252d)
    #9 0x5555565b424c  (/usr/bin/scummvm+0x106024c)
    #10 0x7ffff74978e3  (/usr/lib/libSDL2-2.0.so.0+0x788e3)

Thread T4 (SDLTimer) created by T0 here:
    #0 0x7ffff7614fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff753b137  (/usr/lib/libSDL2-2.0.so.0+0x11c137)

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cpp:160 in operator delete(void*)
==217823==HINT: if you don't care about these errors you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==217823==ABORTING

[bluegr]

I can't reproduce this at all. What are your music settings (i.e. which music driver have you chosen)?

[bluegr]

Are you using the French/German version of PQ4?

[sluicebox]

We haven't gotten a response to either ticket and without a usable stack trace there's nothing we can do. Between this and the other corruption reported in (#12811) this appears to be a local issue.

heavysink, if you're still having issues, feel free to re-open this ticket with further details and we'll be happy to help.