Opened 2 years ago

Closed 2 years ago

#13192 closed defect (fixed)

SCI: Police Quest 4 - Random Crashes

Reported by: jamokoo Owned by: digitall
Priority: normal Component: Engine: SCI
Version: Keywords:
Cc: Game: Police Quest 4

Description (last modified by jamokoo)

Seems to happen when moving mouse to bottom of the screen to open the game menu with actions, map, settings etc.

nothing much in the scummvm.log

[2021-12-31 21:21:20] ScummVM 2.6.0git2179-g25c63234e49 (Dec 27 2021 14:36:45)
[2021-12-31 21:21:20] TAINTED Vorbis FLAC MP3 RGB zLib MPEG2 FluidSynth Theora AAC A/52 FreeType2 FriBiDi JPEG PNG GIF taskbar TTS cloud (servers, local) TinyGL OpenGL (with shaders) GLEW
[2021-12-31 21:21:20] --- Log opened.
[2021-12-31 21:22:14] Running Police Quest IV: Open Season (CD/DOS/English)
[2021-12-31 21:22:14] resource.000: fd316a09b628b7032248139003369022, 18841068 bytes.
[2021-12-31 21:22:14] 379dfe80ed6bd16c47e4b950c4722eac, 11374 bytes.
[2021-12-31 21:25:31] Running Police Quest IV: Open Season (CD/DOS/English)
[2021-12-31 21:25:31] resource.000: fd316a09b628b7032248139003369022, 18841068 bytes.
[2021-12-31 21:25:31] 379dfe80ed6bd16c47e4b950c4722eac, 11374 bytes.

Change History (21)

comment:1 by jamokoo, 2 years ago

Description: modified (diff)

comment:2 by jamokoo, 2 years ago

Description: modified (diff)

comment:3 by digitall, 2 years ago

Component: --Unset--Engine: SCI
Summary: Police Quest 4 Random CrashesSCI: Police Quest 4 - Random Crashes

comment:4 by digitall, 2 years ago

No crash here running with same checksums for datafiles on Linux x86_64 with latest master. However, I do get this from valgrind:

==6509== Conditional jump or move depends on uninitialised value(s)
==6509== at 0x2B44D92: Sci::musicEntryCompare(Sci::MusicEntry const*, Sci::MusicEntry const*) (music.cpp:364)
==6509== by 0x2B49C49: Sci::MusicEntry Common::sortPartition<Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry, Sci::MusicEntry, Sci::MusicEntry, bool (*&)(Sci::MusicEntry const*, Sci::MusicEntry const*)) (algorithm.h:243)
==6509== by 0x2B494F0: void Common::sort<Sci::MusicEntry**, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)>(Sci::MusicEntry, Sci::MusicEntry, bool (*)(Sci::MusicEntry const*, Sci::MusicEntry const*)) (algorithm.h:291)
==6509== by 0x2B44DE3: Sci::SciMusic::sortPlayList() (music.cpp:369)
==6509== by 0x2B458D5: Sci::SciMusic::soundPlay(Sci::MusicEntry*, bool) (music.cpp:539)
==6509== by 0x2B4ADB0: Sci::SoundCommandParser::processPlaySound(Sci::reg_t, bool, bool) (soundcmd.cpp:244)
==6509== by 0x2B4A901: Sci::SoundCommandParser::kDoSoundPlay(Sci::EngineState*, int, Sci::reg_t*) (soundcmd.cpp:177)
==6509== by 0x2AAF377: Sci::kDoSoundPlay(Sci::EngineState*, int, Sci::reg_t*) (ksound.cpp:51)
==6509== by 0x2AE7902: Sci::callKernelFunc(Sci::EngineState*, int, int) (vm.cpp:449)
==6509== by 0x2AE9655: Sci::run_vm(Sci::EngineState*) (vm.cpp:902)
==6509== by 0x2AD8E0D: Sci::invokeSelector(Sci::EngineState*, Sci::reg_t, int, int, Sci::reg_t*, int, Sci::reg_t const*) (selector.cpp:325)
==6509== by 0x2A9D5C1: Sci::kListEachElementDo(Sci::EngineState*, int, Sci::reg_t*) (klists.cpp:619)

This may cause a segfault / invalid access in other OS.

comment:5 by jamokoo, 2 years ago

Yeah i am using windows 10. Is there some way i can help with this? or seems to be simple to reproduce? game works fine using dosbox with mt32

comment:6 by digitall, 2 years ago

jamokoo: A savegame would be useful at a screen to trigger this reliably... Or does this happen from new game on the first screen in alley?

comment:7 by jamokoo, 2 years ago

well it can happen quite soon in the beginning of the game. just access menu items, save, change location, repeat. does not happen in same place but always happends sooner or later so im not sure save helps anything.

I did the first scene, went to police station, morgue, hickmans place, back to murder scene, shooting range and back to station playing the game and it would always crash in one of these places. i guess it happened usually trying to go to the menu to save

comment:8 by digitall, 2 years ago

Owner: set to digitall
Resolution: fixed
Status: newpending

Have committed a fix for the valgrind invalid reads which may fix your issue as
commit 3e32365f0f03a5e32ec5b56194ce000c72ff2b63.

jamokoo: Please try testing with the next nightly build to see if this fixes your issue.

comment:9 by jamokoo, 2 years ago

Still crashing for me

comment:10 by jamokoo, 2 years ago

i compiled 3e32365f0f03a5e32ec5b56194ce000c72ff2b63 with visual studio and got it to crash.

Exception thrown at 0x79A63AFF (vcruntime140d.dll) in scummvm.exe: 0xC0000005: Access violation reading location 0x00000000.

source seems to be null

its trying to findResource with id 10988

here is the callstack:

vcruntime140d.dll![Frames below may be incorrect and/or missing, no symbols loaded for vcruntime140d.dll]
scummvm.exe!Sci::ResourcePatcher::patchResource(Sci::Resource & resource, const Sci::GameResourcePatch & patch) Line 670

at D:\projects\scummvm\engines\sci\resource\resource_patcher.cpp(670)

scummvm.exe!Sci::ResourcePatcher::applyPatch(Sci::Resource & resource) Line 521

at D:\projects\scummvm\engines\sci\resource\resource_patcher.cpp(521)

scummvm.exe!Sci::ResourceManager::loadResource(Sci::Resource * res) Line 430

at D:\projects\scummvm\engines\sci\resource\resource.cpp(430)

scummvm.exe!Sci::ResourceManager::findResource(Sci::ResourceId id, bool lock) Line 1219

at D:\projects\scummvm\engines\sci\resource\resource.cpp(1219)

scummvm.exe!Sci::ScreenItem::setFromObject(Sci::SegManager * segMan, const Sci::reg_t object, const bool updateCel, const bool updateBitmap) Line 169

at D:\projects\scummvm\engines\sci\graphics\screen_item32.cpp(169)

scummvm.exe!Sci::ScreenItem::ScreenItem(const Sci::reg_t object) Line 51

at D:\projects\scummvm\engines\sci\graphics\screen_item32.cpp(51)

scummvm.exe!Sci::GfxFrameout::kernelAddScreenItem(const Sci::reg_t object) Line 227

at D:\projects\scummvm\engines\sci\graphics\frameout.cpp(227)

scummvm.exe!Sci::kAddScreenItem(Sci::EngineState * s, int argc, Sci::reg_t * argv) Line 184

at D:\projects\scummvm\engines\sci\engine\kgraphics32.cpp(184)

scummvm.exe!Sci::callKernelFunc(Sci::EngineState * s, int kernelCallNr, int argc) Line 382

at D:\projects\scummvm\engines\sci\engine\vm.cpp(382)

scummvm.exe!Sci::run_vm(Sci::EngineState * s) Line 902

at D:\projects\scummvm\engines\sci\engine\vm.cpp(902)

scummvm.exe!Sci::invokeSelector(Sci::EngineState * s, Sci::reg_t object, int selectorId, int k_argc, Sci::reg_t * k_argp, int argc, const Sci::reg_t * argv) Line 325

at D:\projects\scummvm\engines\sci\engine\selector.cpp(325)

scummvm.exe!Sci::kListEachElementDo(Sci::EngineState * s, int argc, Sci::reg_t * argv) Line 619

at D:\projects\scummvm\engines\sci\engine\klists.cpp(619)

scummvm.exe!Sci::callKernelFunc(Sci::EngineState * s, int kernelCallNr, int argc) Line 382

at D:\projects\scummvm\engines\sci\engine\vm.cpp(382)

scummvm.exe!Sci::run_vm(Sci::EngineState * s) Line 902

at D:\projects\scummvm\engines\sci\engine\vm.cpp(902)

scummvm.exe!Sci::SciEngine::runGame() Line 673

at D:\projects\scummvm\engines\sci\sci.cpp(673)

scummvm.exe!Sci::SciEngine::run() Line 443

at D:\projects\scummvm\engines\sci\sci.cpp(443)

scummvm.exe!runGame(const Plugin * plugin, const Plugin * enginePlugin, OSystem & system, const Common::String & debugLevels) Line 318

at D:\projects\scummvm\base\main.cpp(318)

scummvm.exe!scummvm_main(int argc, const char * const * argv) Line 626

at D:\projects\scummvm\base\main.cpp(626)

scummvm.exe!SDL_main(int argc, char * * argv) Line 75

at D:\projects\scummvm\backends\platform\sdl\win32\win32-main.cpp(75)

scummvm.exeWinMain(HINSTANCE * formal, HINSTANCE * formal, char * formal, int formal) Line 54

at D:\projects\scummvm\backends\platform\sdl\win32\win32-main.cpp(54)

[External Code]

Last edited 2 years ago by jamokoo (previous) (diff)

comment:11 by digitall, 2 years ago

jamokoo: Thank you for the backtrace. That is associated with the PQ4 resource patch for Enchanced Audio View:

I have added a check for the source data being null i.e. resource data loading failure in the patcher which should prevent the crash (as doing an memcpy on a null pointer is not valid) as commit

That should prevent the crash, though I have tested with my copy of PQ4 from Police Quest Collection and I don't get this issue.

Can I suggest that you attach a list of your PQ4 resource files and associated sizes and MD5sums? The output of a tool such as MD5summer on Win32 would be fine.

It sounds like you either have a corrupted or variant resource file in your PQ4 datafiles.

comment:12 by jamokoo, 2 years ago

Im using Police quest collection from Steam. I guess it wouldn't crash randomly if the files would be corrupt?

Not sure which md5sums you need. here is all of them:

# MD5 checksums generated by MD5summer (
# Generated 2.1.2022 19.27.25

0c670e104ecc4efe79a70d51d8d55ae3 *AUD/0.MAP
ccb469b3adbfdb777b5e972492e5171c *AUD/100.MAP
742caca73161ee7d25f8bbd3cacbb696 *AUD/11.MAP
bdd509bedc55605993d1f6ee894275eb *AUD/110.MAP
412890ce0fe2debf4762526200939034 *AUD/115.MAP
cc47f4a851ddc58474292d59416dba51 *AUD/130.MAP
b09db7cf972be68bbe6c91e54251169a *AUD/140.MAP
71a6f90c7932a5c8226f92a27441e9ab *AUD/150.MAP
fc041cf4da7e5d2bd07461395a282d7c *AUD/170.MAP
e91578ce41d12eeda3c4c27cc7902340 *AUD/180.MAP
ff5e8e9897bedba23bb14bc5d503f344 *AUD/190.MAP
96b5c5b8973c477456b5241363abcb98 *AUD/20.MAP
488e53d691b2b8ea8cd63aa3bac30dca *AUD/210.MAP
7ff2e7d035025f99b7f7bf74b3693ca9 *AUD/220.MAP
1e15cc4adefee437e113643383913f05 *AUD/225.MAP
6eb6ae47ddad9d818014741a900bc0c4 *AUD/230.MAP
989e4e96f4366cbe531825a6c1dd1394 *AUD/240.MAP
02a3a79b872fd24636bb38e8488f1a2d *AUD/250.MAP
3123055bd6f38612b8bf0ad7ee265bdb *AUD/270.MAP
e8f4f1a9fef4f23fa0d3a7b71e0d9cb9 *AUD/275.MAP
c663c7602124198de8deea7cbcad316f *AUD/28.MAP
cb864d30b766d123c20310c06bc0daca *AUD/290.MAP
10bce207e56d003b605a44ff6b8ffc4f *AUD/31.MAP
0b25d43fd1cb27d239e72b25e42f4425 *AUD/310.MAP
0fbcb200ac71f2ac21149b854fc6f18f *AUD/315.MAP
893e9962be903e74ae9e71d448c78dc8 *AUD/335.MAP
b9f1a7d6d4710c7a15f07470bd884677 *AUD/340.MAP
6af879a65776f3c9703bffdf0690791b *AUD/355.MAP
64213c4e26567606bb9f8841f3214632 *AUD/360.MAP
42dd020a85ead587544a723683512025 *AUD/385.MAP
38f69e132c6af14f0d5dcc137e498acb *AUD/390.MAP
f4e2f6cd942a1d425ccfab8210ae1511 *AUD/395.MAP
9ac511a950da5104b0f383169f9266c1 *AUD/405.MAP
ff484efb55fcf5e40fc7be0b87ec5527 *AUD/410.MAP
a53ea3d5bf74a1330b0344918324cb52 *AUD/415.MAP
f24826e04b4474a4ef1f9b7a1440d088 *AUD/417.MAP
3542cffa73cf5f931f7d289b2ad44211 *AUD/420.MAP
99ffeec5acaf42cb18841fd4fbadc4b4 *AUD/440.MAP
a35f0c4842853bc9508f6863954c4600 *AUD/505.MAP
3fca1d4b6c58cb1c2e6c1630933b272f *AUD/510.MAP
c23f4913e3960bd887800a7dffe5efab *AUD/512.MAP
a9da772cf873a5aa429513c746be0072 *AUD/515.MAP
5a65fa26618eb41a2986911afde25120 *AUD/520.MAP
2348178f5ab7bc7dc395b3ca677b845d *AUD/525.MAP
b3e0b9cd369f8538433d9bd30b5b0e72 *AUD/530.MAP
22beebbdad7cc0f6afab0ec086ad9b9a *AUD/533.MAP
25837197eb13db3f5229349e62241efa *AUD/534.MAP
1203ab0263026fcebe5cf462ef445150 *AUD/535.MAP
ac451c14e65186f2ab13991a0153ee27 *AUD/540.MAP
067ed36b28797b4ff136a58e764feaf4 *AUD/545.MAP
9d1fdf8e0e8f5c6693ed5b0731e4809f *AUD/560.MAP
dd86752ff3a1492ba139a5affed006dd *AUD/570.MAP
09ff1d701aef0442d691fcc7533d9f30 *AUD/580.MAP
7b9d80aeaca0e4aed893b47e6767377d *AUD/600.MAP
f6742f0e394cc10679b522151e69ca42 *AUD/605.MAP
473b0f0aa9fb5c433bec59a0b25c45ca *AUD/610.MAP
a3ecf06c02a2679df2a01daba24e37ea *AUD/620.MAP
a648a6eb9b13bbb4d5bee098a118c693 *AUD/625.MAP
7ecbb22bfb4db04b37158665039e71a1 *AUD/640.MAP
184322d1798dfc0790d330bb95482b5d *AUD/670.MAP
8ae4361aa018591f59cd02eaeaba0d43 *AUD/675.MAP
fd22c45333b5369275cbdcc891c48676 *AUD/680.MAP
f3b5aaf154c6e9020873b3e2e1038e04 *AUD/690.MAP
db6b1c722a71817a842a4ddd8f4096bd *AUD/7.MAP
77efd3ef5e0f8a7b75832008cc3a01f9 *AUD/700.MAP
194c00bc5e551c2ac953a1c247dd00a3 *AUD/710.MAP
0c8eeae0dc40b51d989f9cdc65c3ce2e *AUD/715.MAP
a6aefa07cbeee883964b9fd329cee754 *AUD/725.MAP
bb6d3aa899f1efc8134b1544653f0f0b *AUD/735.MAP
ebfdc1b410950dfc82094dab253d642e *AUD/740.MAP
06a5b6ee940a487f6666609f10c0af9f *AUD/745.MAP
5f935a0dd3a05df65eadd6e161ccc273 *AUD/750.MAP
8a6804324bcfcb93aa14fce47617877c *AUD/755.MAP
243dafd1ba9330b69552cd4b4bcf3ffb *AUD/775.MAP
2c2abd3c00af959369b92b2dfe629317 *AUD/779.MAP
bc1132d23eb4e6bdbd9b41c70ee2e30f *AUD/780.MAP
2166461f5148937447af6419968c7af9 *AUD/785.MAP
68307f9b5ba3e32fe6b77e68ae090f90 *AUD/790.MAP
98134b0b6a9c21e1a0e257c3e0141e99 *AUD/800.MAP
7a16d2523b52b817f69161cd737b48c1 *AUD/810.MAP
33855dcf4308046f5ee5616f5be660af *AUD/850.MAP
b6ad0011a8c04a1ea9d02b03bd121bff *AUD/860.MAP
07a61ade06f07faf799b357eaf726bc2 *AUD/880.MAP
3ea0e2df9276968d14a2f2c6e037db99 *AUD/885.MAP
5473be295ac89efb384d4991302ac341 *AUD/9.MAP
4cb7696fc331e1a5e028abafec6ede28 *AUD/905.MAP
50ca56c590f47dfff876dff566c526a0 *AUD/910.MAP
76da8b465652a5fc44501d3b1acf53ab *AUD/RESOURCE.AUD
5a9ec455b19d07f93d2aa8bb4d581826 *PATCHES/0.HEP
81130c4da4fcd3503c2440bcda3a46ef *PATCHES/0.SCR
bc917ca04a0d48cff91ed25242ad40e0 *PATCHES/170.HEP
08fb1220496ac1342899e79b30c9979a *PATCHES/170.SCR
e708350d82e3a1a5a572da4d695880c4 *PATCHES/1937.V56
ff8f10419f667e86e344661d9f24b1f9 *PATCHES/1938.V56
43d36d8f7373e4b3abaa72f156193abf *PATCHES/23.MSG
94a7a058351338b9a07018f050bb1716 *PATCHES/230.HEP
81975e18c347b939cc1b9b8104f9afe2 *PATCHES/230.SCR
2a963baa72c3723168e69da4ddae0d29 *PATCHES/4.HEP
f5c442e330118afbd7e5f530628935e6 *PATCHES/4.SCR
baab5db795eb0949fe9c8c10e52bfe17 *PATCHES/779.HEP
2672bbf9498de1b3ee5f74dd50046e0b *PATCHES/779.SCR
5eafaf80f0a13f7c56f5826cff0940cf *PATCHES/8.MSG
1780dd45e529799bbd8cbb772c66a053 *PATCHES/T
6df636978de94d6fcf776262c58999c1 *SFX/RESOURCE.SFX
b7901ed6f8863cee5fa743cd430c8ceb *ADL.DRV
4d0b552a80a88a9c416223950fd7ff60 *BOOTDISK.EXE
7744a0663050fd732e1c6c31afd6fff8 *DACBLAST.DRV
a3bb99bfa8dfd220ea65f67c7d4a6e3a *DACMSSYS.DRV
4c75d525fc438dddd79d123f68f010f3 *DACPRO.DRV
a994f783218151b09c2e26a4f807f5e1 *DACPRO16.DRV
2dcd68a74bc1ff2298eb6ff3d6b3d9a6 *DACTHUND.DRV
21e6c0bf850ec57a4b7c46b677ae3a76 *EXPFILE.EXE
35301ad2792d2350911fc5b9a4c3318a *FUN.BAT
473654d11fc10702e73722e97ec66c48 *GENMIDI.DRV
35301ad2792d2350911fc5b9a4c3318a *INN.BAT
8d6b0331e508b0f21962659771a984f1 *INSTALL.EX$
561b5c051b1bb010e91b41c89d6de979 *INSTALL.EXE
a5565591f0879a21d743d4351c5bbfb7 *INSTALL.HLP
8950d1ea27ab249245eb6bc84b709e25 *INSTALL.INI
3117a384a70324dcf3dfa7d47884f1d3 *INSTALL.INS
a5f6d863f7d7ac134c6f69fdf8aed35f *INSTALL.SCR
c959ec0cbe3be152ac9586d95745b0d2 *INSTALL.TXT
70187181f14fe77a1ea7e99f68893b99 *LANGUAGE.INF
0281447fb80a1a4dc3e6aa1e70fe3f08 *MICROSOF.DRV
6447a122d198fea2715888a4a537429c *MIDNONE.DRV
38755038b0c7737919b039453273ab4e *MT32.DRV
5a6a43704ff4156b19ac2c084779ea0b *PQ4CHK.BAT
b7fb4946ad4ec02d471e1ac9e56fbec1 *PROAUDIO.DRV
40ca1ba4c9902bab45161a7d9871159e *PROGLIB.DLL
da4372f49112b9a2240a09622017553b *README
1539e0abc0db78d7d06b81aad79f3df3 *README.BAT
468f4d4b80cae7c88066a9937046dca7 *RESOURCE.000
5f7f6aa258ce9f7df2622fff90a74d4f *RESOURCE.CFG
069123b257f9e7655f13eb768397c345 *RESOURCE.MAP
35d74402c5fb7d9d89f91bf3c07cf780 *RESOURCE.WIN
b030e8c495e215d2689c01d570c30419 *SADL.DRV
162d35e8828f43fe2fcd087aadddf851 *SBPRO.DRV
e9b2ae379dab00f524e6df746dcbb676 *SCIDLL.DLL
e036fdb5d7cdf048f792c629a691b9b9 *SETUP.EXE
91e48c5dfb90838c83d4453be43aa80f *SETUP.SOL
bc22595441b061e654dd4f0d8bb9d89c *SIERRA.BMP
8ef0ec0e716762478779b21f2fa4eeea *SIERRA.ERR
ea55ca2eb511e5c60f5bb99c5b3f9bab *SIERRA.EXE
5895b8831e472023aafb7290d0818a70 *SIERRA.INF
01fade8ccd18c42a00c1a27323da717c *STD.DRV
f3eebba3721df54ef7144b67d751494c *VERSION
8b6220a473e9a6c0f7a8ec471a401782 *VESA.DRV
ec6a657271a6067ed18583afcd58ec5a *VESATEST.EXE
e78b5d342f77badf9f807d07a8e01cc8 *WHAT.EXE
41759a59b049c24bbb2ff7fd9db90cc4 *WINDOS.EXE

comment:13 by digitall, 2 years ago

Right. Those MD5sums exactly match the datafiles found in the GOG version as well.

When I run with those datafiles and enter the Audio Settings icon on the bottom of the screen and then click on the "Text" button to enable subtitles, I now get the following engine abort due to failure to load resource view.10988:

Running Police Quest IV: Open Season (CD/DOS/English)
resource.000: fd316a09b628b7032248139003369022, 18841068 bytes. 379dfe80ed6bd16c47e4b950c4722eac, 11374 bytes.
WARNING: Unable to apply patch view.10988: source data is null!
WARNING: resMan: Failed to read view.10988!
Failed to load view 10988, loop 0, cel 0!
Debugger started, type 'exit' to return to the game.
Type 'help' to see a little list of commands and variables.
ERROR: Failed to load view 10988, loop 0, cel 0!
Read 20 history entries

comment:14 by digitall, 2 years ago

The CD collection datafiles for PQ4 differ in several files including patches and resource files, but I get the same error when I run with those and press the Text button in the audio options menu.

Hmm, this resource patch dates from the addition of the SCI resource patcher with commit

It will probably need a SCI dev with patching experience to review this.

comment:15 by digitall, 2 years ago

@sluicebox, @bluegr: Any takers? :)

comment:16 by digitall, 2 years ago

Resolution: fixed
Status: pendingnew

comment:17 by jamokoo, 2 years ago

so are you saying that only the original pq4 game works and not the collection?

comment:18 by digitall, 2 years ago

jamokoo: Sorry to be clear, I originally thought that I could not replicate with my CD collection datafiles, but I can replicate with both.

comment:19 by digitall, 2 years ago

Resolution: fixed
Status: newpending

jamokoo: Right, have worked out the issue and committed a fix:

Can you try testing with the next nightly build please?

comment:20 by jamokoo, 2 years ago

i have played for a while now. no crashes yet. nice work! ill let you know if it happends again.

comment:21 by bluegr, 2 years ago

Status: pendingclosed

Thanks! Closing

Note: See TracTickets for help on using tickets.