Opened 3 days ago

Last modified 9 hours ago

#12932 new defect

Grim Fandango crash after solving the signpost in the Petrified Forest

Reported by: Die4Ever Owned by:
Priority: blocker Component: Engine: Grim
Version: Keywords: crash
Cc: Game: Grim Fandango

Description

versioninfo=2.3.0pre233-gc62e0a307e

Language of the game: English
Version of the game: 2 CDs with gfupd101.exe

OS info:
Edition Windows 10 Home
Version 21H1
Installed on ‎11/‎3/‎2020
OS build 19043.1165
Experience Windows Feature Experience Pack 120.2212.3530.0

Bug Description:
I placed the signpost in the right spot, the door in the floor opened up, then I ran back to the previous screen to get in the car and the game just crashed.

Reproduction steps:
Just load the attached save file and walk to the right to cross to the next screen. Works with direct load.

Attachments (3)

grim06.gsv (886.3 KB ) - added by Die4Ever 3 days ago.
scummvm.log (801 bytes ) - added by Die4Ever 3 days ago.
grim14.gsv (879.2 KB ) - added by eriktorbjorn 15 hours ago.

Download all attachments as: .zip

Change History (10)

by Die4Ever, 3 days ago

Attachment: grim06.gsv added

by Die4Ever, 3 days ago

Attachment: scummvm.log added

comment:1 by Die4Ever, 3 days ago

Priority: normalblocker

comment:2 by Die4Ever, 3 days ago

I was able to avoid the crash by moving the car to that screen before solving the sign puzzle, but I had to load an older save in order to do it.

comment:3 by eriktorbjorn, 3 days ago

Valgrind log of the error happening:

==2424215== Thread 11 SDLTimer:
==2424215== Invalid read of size 8
==2424215==    at 0x1915C5D: Grim::Imuse::callback() (imuse.cpp:280)
==2424215==    by 0x1914DF7: Grim::Imuse::timerHandler(void*) (imuse.cpp:48)
==2424215==    by 0x3A39BE8: DefaultTimerManager::handler() (default-timer.cpp:111)
==2424215==    by 0x3A2F6F0: timer_handler(unsigned int, void*) (sdl-timer.cpp:37)
==2424215==    by 0x6DCCE31: ??? (in /usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.16.0)
==2424215==    by 0x6DCC8B0: ??? (in /usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.16.0)
==2424215==    by 0x6E5A138: ??? (in /usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.16.0)
==2424215==    by 0x8477EAD: start_thread (pthread_create.c:463)
==2424215==    by 0x83A1A5E: clone (clone.S:95)
==2424215==  Address 0x259dbfd0 is 0 bytes inside a block of size 48 free'd
==2424215==    at 0x6CD769B: operator delete(void*) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2424215==    by 0x3DE3E0D: Audio::QueuingAudioStreamImpl::~QueuingAudioStreamImpl() (audiostream.cpp:368)
==2424215==    by 0x2A4BD6D: Common::DefaultDeleter<Audio::AudioStream>::operator()(Audio::AudioStream*) (ptr.h:383)
==2424215==    by 0x3DFAED0: Common::DisposablePtr<Audio::AudioStream, Common::DefaultDeleter<Audio::AudioStream> >::~DisposablePtr() (ptr.h:450)
==2424215==    by 0x3DFA61D: Audio::Channel::~Channel() (mixer.cpp:527)
==2424215==    by 0x3DF984C: Audio::MixerImpl::stopHandle(Audio::SoundHandle) (mixer.cpp:336)
==2424215==    by 0x1919A58: Grim::Imuse::startSound(char const*, int, int, int, int, int, Grim::Track*) (imuse_track.cpp:87)
==2424215==    by 0x19178FD: Grim::Imuse::startMusic(char const*, int, int, int) (imuse_script.cpp:85)
==2424215==    by 0x191734A: Grim::Imuse::playMusic(Grim::ImuseTable const*, int, bool) (imuse_music.cpp:142)
==2424215==    by 0x1916E39: Grim::Imuse::setMusicState(int) (imuse_music.cpp:50)
==2424215==    by 0x18F926E: Grim::SoundPlayer::setMusicState(int) (sound.cpp:80)
==2424215==    by 0x18BA99D: Grim::GrimEngine::mainLoop() (grim.cpp:1115)
==2424215==  Block was alloc'd at
==2424215==    at 0x6CD4F2F: operator new(unsigned long) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2424215==    by 0x3DE4098: Audio::makeQueuingAudioStream(int, bool) (audiostream.cpp:404)
==2424215==    by 0x19154A7: Grim::Imuse::restoreState(Grim::SaveGame*) (imuse.cpp:145)
==2424215==    by 0x18F930D: Grim::SoundPlayer::restoreState(Grim::SaveGame*) (sound.cpp:96)
==2424215==    by 0x18BAF73: Grim::GrimEngine::savegameRestore() (grim.cpp:1215)
==2424215==    by 0x18BA3A5: Grim::GrimEngine::mainLoop() (grim.cpp:978)
==2424215==    by 0x18B6CA4: Grim::GrimEngine::run() (grim.cpp:437)
==2424215==    by 0x918816: runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) (main.cpp:311)
==2424215==    by 0x91A0FF: scummvm_main (main.cpp:621)
==2424215==    by 0x915D26: main (posix-main.cpp:45)
==2424215==

So it's trying to access memory after it was freed.

comment:4 by Die4Ever, 2 days ago

I myself have noticed that it's all too easy to do that with AudioStreams, I wonder if it's worth using smart pointers for them. I might take it upon myself to work on that

Last edited 2 days ago by Die4Ever (previous) (diff)

comment:5 by eriktorbjorn, 16 hours ago

I tried playing the game from the beginning, and it crashed in the exact same spot. Which I guess is good in a way...?

Edit: And it doesn't seem to happen until after you've solved the signpost puzzle. Just entering and leaving the room did not crash it for me.

Last edited 15 hours ago by eriktorbjorn (previous) (diff)

by eriktorbjorn, 15 hours ago

Attachment: grim14.gsv added

comment:6 by eriktorbjorn, 15 hours ago

I've attached another savegame, right after arriving at the Petrified Forest. I figured that might make it easier to reproduce what happens right before the crash. (Of course, you still need to revive Glottis first but that's quicker than starting from the beginning.)

comment:7 by eriktorbjorn, 9 hours ago

I could avoid the crash by riding the Bone Wagon out of the room (which of course isn't an option in the first savegame), but then it crashed when I walked back to the room on foot.

Note: See TracTickets for help on using tickets.