Opened 16 months ago
Closed 16 months ago
#15546 closed defect (fixed)
Dreamweb French crashes right at the start
| Reported by: | criezy | Owned by: | criezy |
|---|---|---|---|
| Priority: | normal | Component: | Engine: Dreamweb |
| Version: | Keywords: | ||
| Cc: | Game: |
Description
When compiling with ASAN on macOS, playing the French CD version of Dreamweb crashes right at the start. Just skip the intro and watch it crash.
The issue does not happen with the English or the Czech versions of the game. This seems specific to the French version.
I also downloaded again a fresh version of Dreamweb from our website and got the same issue. So if the issue is due to corrupted game files this means it is corrupted in our download.
This happens with current master, but I verified it already happened with code from 2 years ago (Dec 2022 - commit 2521169). So this is not a recent regression.
The ASAN report is:
==81500==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000103f4d06b at pc 0x00010263b130 bp 0x00016d97fe70 sp 0x00016d97fe68
READ of size 1 at 0x000103f4d06b thread T0
#0 0x10263b12c in DreamWeb::DreamWebEngine::printDirect(unsigned char const**, unsigned short, unsigned short*, unsigned char, bool, bool) print.cpp:141
#1 0x10263ab50 in DreamWeb::DreamWebEngine::printDirect(unsigned char const*, unsigned short, unsigned short, unsigned char, bool) print.cpp:129
#2 0x102681c30 in DreamWeb::DreamWebEngine::commandWithOb(unsigned char, unsigned char, unsigned char) stubs.cpp:1290
#3 0x1026829d4 in DreamWeb::DreamWebEngine::walkToText() stubs.cpp:1328
#4 0x10267f930 in DreamWeb::DreamWebEngine::obName(unsigned char, unsigned char) stubs.cpp:1501
#5 0x1026863ec in DreamWeb::DreamWebEngine::checkIfSet(unsigned char, unsigned char) stubs.cpp:1666
#6 0x10261f970 in DreamWeb::DreamWebEngine::identifyOb() object.cpp:331
#7 0x102612768 in DreamWeb::DreamWebEngine::checkCoords(DreamWeb::RectWithCallback const*) mouse.cpp:164
#8 0x102672bc4 in DreamWeb::DreamWebEngine::mainScreen() stubs.cpp:1795
#9 0x10267127c in DreamWeb::DreamWebEngine::screenUpdate() stubs.cpp:751
#10 0x10266d564 in DreamWeb::DreamWebEngine::dreamweb() stubs.cpp:680
#11 0x1025f67c8 in DreamWeb::DreamWebEngine::run() dreamweb.cpp:442
This is on a mac M1 with macOS Sonoma.
Change History (4)
comment:1 by , 16 months ago
comment:2 by , 16 months ago
I created a pull request with a possible fix: https://github.com/scummvm/scummvm/pull/6281
comment:4 by , 16 months ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
The debugger gives us this info:
frame #5: 0x00000001001c3130 scummvm`DreamWeb::DreamWebEngine::printDirect(this=0x0000000116530800, string=0x000000016fdf80e0, x=13, y=0x000000016fdf8100, maxWidth='\xf0', centered=false, kerning=false) at print.cpp:141:21 138 uint16 i = offset; 139 do { 140 uint8 c = (*string)[0]; -> 141 uint8 nextChar = (*string)[1]; 142 ++(*string); 143 if ((c == 0) || (c == ':')) { 144 return c; (lldb) p c (uint8) '\0'So it appears that we have an empty string and
nextCharis thus read beyond the end of the string.This should be fairly easy to fix...