Opened 5 months ago
Last modified 5 months ago
#15587 new defect
GUI: reducing the volume of a channel manually to zero produces a zero division
| Reported by: | neuromancer | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | GUI |
| Version: | Keywords: | ||
| Cc: | Game: |
Description
Tested on the latest git branch (ae3bc057d5cd8058e62eb3994a4a8ac38fdc927e)
Backtrace:
graphics/VectorRendererSpec.cpp:3234:43: runtime error: division by zero
Thread 1 "scummvm" received signal SIGFPE, Arithmetic exception.
0x00005555677be626 in Graphics::VectorRendererSpec<unsigned int>::drawBorderRoundedSquareAlg (this=0x50e0000122c0, x1=1314, y1=630, r=-2, w=3, h=54,
color=4281888891, fill_m=Graphics::VectorRenderer::kFillGradient, alpha_t=255 '\377', alpha_r=255 '\377', alpha_b=255 '\377', alpha_l=255 '\377')
at graphics/VectorRendererSpec.cpp:3234
3234 int alphaStep_tr = ((alpha_t - alpha_r) / (y + 1));
(gdb) bt
#0 0x00005555677be626 in Graphics::VectorRendererSpec<unsigned int>::drawBorderRoundedSquareAlg (this=0x50e0000122c0, x1=1314, y1=630, r=-2, w=3, h=54,
color=4281888891, fill_m=Graphics::VectorRenderer::kFillGradient, alpha_t=255 '\377', alpha_r=255 '\377', alpha_b=255 '\377', alpha_l=255 '\377')
at graphics/VectorRendererSpec.cpp:3234
#1 0x00005555677bc4c0 in Graphics::VectorRendererSpec<unsigned int>::drawRoundedSquareAlg (this=0x50e0000122c0, x1=1314, y1=630, r=1, w=3, h=54,
color=4281888891, fill_m=Graphics::VectorRenderer::kFillGradient) at graphics/VectorRendererSpec.cpp:3519
#2 0x0000555567668e60 in Graphics::VectorRendererSpec<unsigned int>::drawRoundedSquare (this=0x50e0000122c0, x=1314, y=630, r=1, w=3, h=54)
at graphics/VectorRendererSpec.cpp:1269
#3 0x0000555566083337 in Graphics::VectorRenderer::drawCallback_ROUNDSQ (this=0x50e0000122c0, area=..., step=...) at ./graphics/VectorRenderer.h:449
#4 0x00005555675a56b9 in Graphics::VectorRenderer::drawStep (this=0x50e0000122c0, area=..., clip=..., step=..., extra=0) at graphics/VectorRenderer.cpp:59
#5 0x0000555565fcc825 in GUI::ThemeEngine::drawDD (this=0x51e00006c080, type=GUI::kDDSliderHover, r=..., dynamic=0, forceRestore=false)
at gui/ThemeEngine.cpp:953
#6 0x0000555565fd14af in GUI::ThemeEngine::drawSlider (this=0x51e00006c080, r=..., width=3, state=GUI::ThemeEngine::kStateHighlight, rtl=false)
at gui/ThemeEngine.cpp:1152
#7 0x00005555660e0fc8 in GUI::SliderWidget::drawWidget (this=0x51200000a540) at gui/widget.cpp:930
#8 0x00005555660aacb8 in GUI::Widget::draw (this=0x51200000a540) at gui/widget.cpp:138
#9 0x00005555660ac2dd in GUI::Widget::draw (this=0x51300000de80) at gui/widget.cpp:158
#10 0x0000555566233dfa in GUI::TabWidget::draw (this=0x51300000de80) at gui/widgets/tab.cpp:417
#11 0x0000555565d0b6d5 in GUI::Dialog::drawWidgets (this=0x7fffeef5a820) at gui/dialog.cpp:192
#12 0x0000555565d2cf11 in GUI::GuiManager::redrawInternal (this=0x51d0000d2080) at gui/gui-manager.cpp:471
#13 0x0000555565d2d688 in GUI::GuiManager::redraw (this=0x51d0000d2080) at gui/gui-manager.cpp:488
#14 0x0000555565d35864 in GUI::GuiManager::runLoop (this=0x51d0000d2080) at gui/gui-manager.cpp:661
#15 0x0000555565d0666e in GUI::Dialog::runModal (this=0x7fffeef5a820) at gui/dialog.cpp:78
#16 0x0000555565d6166c in GUI::LauncherDialog::editGame (this=0x52b00007e200, item=74) at gui/launcher.cpp:485
#17 0x0000555565d69a10 in GUI::LauncherDialog::handleCommand (this=0x52b00007e200, sender=0x516000972218, cmd=1162105927, data=0) at gui/launcher.cpp:780
#18 0x0000555565d8af7c in GUI::LauncherSimple::handleCommand (this=0x52b00007e200, sender=0x516000972218, cmd=1162105927, data=0) at gui/launcher.cpp:1358
#19 0x0000555565cdcb7f in GUI::CommandSender::sendCommand (this=0x516000972218, cmd=1162105927, data=0) at ./gui/object.h:54
#20 0x00005555660b8b3f in GUI::ButtonWidget::handleMouseUp (this=0x516000972080, x=206, y=54, button=1, clickCount=1) at gui/widget.cpp:416
#21 0x0000555565d0db31 in GUI::Dialog::handleMouseUp (this=0x52b00007e200, x=3653, y=705, button=1, clickCount=1) at gui/dialog.cpp:233
#22 0x0000555565d42fd8 in GUI::GuiManager::processEvent (this=0x51d0000d2080, event=..., activeDialog=0x52b00007e200) at gui/gui-manager.cpp:896
#23 0x0000555565d3065e in GUI::GuiManager::runLoop (this=0x51d0000d2080) at gui/gui-manager.cpp:594
#24 0x0000555565d5b5b8 in GUI::LauncherDialog::run (this=0x52b00007e200) at gui/launcher.cpp:345
#25 0x0000555565d7839b in GUI::LauncherChooser::runModal (this=0x7fffeec62330) at gui/launcher.cpp:1064
#26 0x0000555562d0338f in launcherDialog () at base/main.cpp:118
#27 0x0000555562d172c6 in scummvm_main (argc=4, argv=0x7fffffffe708) at base/main.cpp:733
--Type <RET> for more, q to quit, c to continue without paging--
#28 0x0000555562cfa0f3 in main (argc=4, argv=0x7fffffffe708) at backends/platform/sdl/posix/posix-main.cpp:44
Change History (2)
comment:2 by , 5 months ago
I find it pretty easy to reproduce the issue. All I have to do is drag the volume slider over the left border. But it also depends a bit on the y pos. Sliding to the left may not always trigger it. But if I keep the mouse button pressed, move a bit up or down and then to the left again, I sure get it to crash.
I mentioned the issue on discord a month ago, but it got overlooked I guess...
Note:
See TracTickets
for help on using tickets.
I am unable to reproduce this on mine, with a MSYS2/MINGW64 Windows 10 build from current master HEAD (2.10.0git).
I've tested with volume sliders on the launcher from Global Options, Game specific options and the in-game ScummVM GMM menu for volume. I also tested with a few other GUI sliders since this issue might not be specific to only volume sliders.
For setting the value to 0, I've tested with:
All the above worked without crash.
Looking at the code, y seems to be initialized (within the BE_RESET()) to the value of the "r" method argument, so if r was -1 then that would result to (y + 1) being zero and hence the division by zero issue.
https://github.com/scummvm/scummvm/blob/4440b3ca24ab35ca3f86b3ce44a2baf643acb6a7/graphics/VectorRendererSpec.cpp#L3234
But I can't tell off hand what would cause r to be -1 or which use case that would be.
Edit: r gets reduced by 1 (r--) during the iteration of the outer loop, so I think the error is more likely to happen after a few iterations, not necessarily in the initial one.