Opened 10 days ago

Last modified 9 days ago

#15668 new defect

GRIM: Segfault and use-heap-after-free in the wine cellar moving around the forklift

Reported by: mparnaudeau Owned by:
Priority: high Component: Engine: Grim
Version: Keywords:
Cc: Game: Grim Fandango

Description

ScummVM version:
ScummVM 2.10.0git58485-g056477c1d01 (Jan 6 2025 23:24:16)
Using SDL backend with SDL 2.0.14
Features compiled in: TAINTED Vorbis ALSA SEQ sndio TiMidity RGB zLib MPEG2 Theora FreeType2 JPEG PNG cloud (servers, local) ENet SDL2 TinyGL OpenGL (with shaders)

Language:
User picked target 'grim-win-fr' (engine ID 'grim', game ID 'grim')...
Running Grim Fandango (Windows/French)

System:
Linux talos2-debian 5.10.0-32-powerpc64le #1 SMP Debian 5.10.223-1 (2024-08-10) ppc64le GNU/Linux

Description:
In Year 2, in the wine cellar, I was first blocked in a location at the bottom left of the forklift. See screenshot.
Then, I loaded the last saved game and came back, now moving on the other side of the forklift. I got a crash (segmentation fault).
With a version compiled with sanitizers, I got a heap-use-after-free error. See log attached. Note that I also get it on a x86-64 Debian 12.

Attachments (6)

GRIM-Y2-BlockedNearForkLift.png (590.9 KB ) - added by mparnaudeau 10 days ago.
heap_use_after_free_error.txt (5.3 KB ) - added by mparnaudeau 10 days ago.
lua_outputs_leading_to_segfaults.txt (10.4 KB ) - added by mparnaudeau 10 days ago.
grim10.gsv (923.9 KB ) - added by mparnaudeau 10 days ago.
grim04.gsv (869.3 KB ) - added by mparnaudeau 9 days ago.
grim-in-elevator-with-forklift-2025-01-07_22.46.29.mp4 (1.3 MB ) - added by mparnaudeau 9 days ago.

Change History (8)

by mparnaudeau, 10 days ago

by mparnaudeau, 10 days ago

by mparnaudeau, 10 days ago

by mparnaudeau, 10 days ago

Attachment: grim10.gsv added

comment:1 by antoniou79, 10 days ago

I am seeing the same thing (crash with Seg fault) when loading from your saved game. I am testing with the Windows ScummVM 2.9.0 release version and also a local msys/mingw64 build from recent master HEAD for 2.10.0git on mine (I am typically building in release mode, so with enable-release and disable-debug, so I haven't tested in debug builds).

This is the output for gdb in msys2/mingw64

Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007ff6e253a898 in Grim::luaV_execute(Grim::lua_Task*) ()
(gdb) bt
#0  0x00007ff6e253a898 in Grim::luaV_execute(Grim::lua_Task*) ()
#1  0x00007ff6e0fa105a in Grim::luaD_call(int, int) ()
#2  0x00007ff6e24b08be in Grim::runtasks(Grim::LState*) ()
#3  0x00007ff6e03e86ee in Grim::GrimEngine::luaUpdate() [clone .part.0] ()
#4  0x00007ff6e03eab2d in Grim::GrimEngine::mainLoop() ()
#5  0x00007ff6e03ebe60 in Grim::GrimEngine::run() ()
#6  0x00007ff6dff0fb8a in runGame(Plugin const*, OSystem&, DetectedGame const&, void const*) ()
#7  0x00007ff6dff122dd in scummvm_main ()
#8  0x00007ff6dff0c394 in SDL_main ()
#9  0x00007ff6dfee1319 in __tmainCRTStartup () at C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:266
#10 0x00007ff6dfee1426 in mainCRTStartup () at C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:186

Also I should add that on my original playthrough of the game, a few months ago now, I also did have the issue of getting stuck when trying to get on the forklift from the right side of the forklift (left of the screen as the player looks at it) but that was "resolved" by going from the other side. Still, that is also probably something to investigate for fixing.

comment:2 by mparnaudeau, 9 days ago

I tried starting with the saved game provided in an old ticket: https://bugs.scummvm.org/ticket/11812

I was able to use the forklift but in the elevator, I am in a situation where I can't jump in anymore. And Manny disappears and appears elsewhere in some cases.

I am about to provide the new saved game and a video recording of the behavior.

by mparnaudeau, 9 days ago

Attachment: grim04.gsv added
Note: See TracTickets for help on using tickets.