#249 closed defect (fixed)
INDY3: crash when fighting boxer
| Reported by: | SF/matt_hargett | Owned by: | fingolfin |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCUMM |
| Version: | Keywords: | ||
| Cc: | Game: | Indiana Jones 3 |
Description
In indy3-256 ("Detected game 'Indiana Jones and the Last Crusade (256)', version 3.0.22"):
1. start the game 2. let the intro finish 3. once in the gym, walk into the locker room 4. walk in to the locker room again (another bug) 5. after entering the boxing ring, choose "I'm out of shape, go easy on me!"
result: first, I see this message in the output window: "WARNING: getResourceAddress Illegal Glob type String (7) num 16385!"
then, a crash.
investigation in the debugger shows:
Scumm::addMessageToStack(unsigned char * 0xda1aff30) line 570 + 17 bytes Scumm::unkAddMsgToStack5(int 0x00004001) line 706 + 30 bytes Scumm::addMessageToStack(unsigned char * 0x02c4b4c8) line 611 + 78 bytes Scumm::drawString(int 0x00000001) line 451 + 55 bytes Scumm::decodeParseString() line 2729 + 28 bytes Scumm::o5_print() line 1741 + 14 bytes Scumm::executeScript() line 280 + 14 bytes Scumm::runScriptNested(int 0x00000004) line 195 + 14 bytes Scumm::runScript(int 0x00000029, int 0x00000000, int 0x00000000, short * 0x0013fd58) line 66 + 30 bytes Scumm::o5_startScript() line 2261 + 78 bytes Scumm::executeScript() line 280 + 14 bytes Scumm::runScriptNested(int 0x00000002) line 195 + 14 bytes Scumm::runScript(int 0x00000023, int 0x00000000, int 0x00000000, short * 0x0013fdf4) line 66 + 30 bytes Scumm::o5_startScript() line 2261 + 78 bytes Scumm::executeScript() line 280 + 14 bytes Scumm::runAllScripts() line 583 + 14 bytes
The pointer passed into addMessageToStack is bogus. It comes from string.cpp, line 704. where getStringAddress is called on variable 16385. The resulting pointer is the bogus one.
Because the pointer is reading from a bogus pointer, there is a possibility this won't cause a crash on some machines/platforms and instead just behave oddly.
Ticket imported from: #555317. Ticket imported from: bugs/249.
Change History (6)
comment:1 by , 22 years ago
comment:2 by , 22 years ago
Just FYI: The address 16385 = 0x2000 +1 - we use 0x2000 as a flag, so using this var ID is legal.
comment:3 by , 22 years ago
| Summary: | indy3: crash when fighting boxer → INDY3: crash when fighting boxer |
|---|
comment:4 by , 22 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:6 by , 5 years ago
| Component: | → Engine: SCUMM |
|---|---|
| Game: | → Indiana Jones 3 |
although this is a decent bug report you shouldn't be filing it against a game that isn't supported :)
quoting from readme.txt: "The following games should load, but are not yet fully playable. Play these at your own risk, and please do not file bug reports about them. If you want the latest updates on game compatibility, visit our web site and view the compatibility chart.
Monkey Island 1 (VGA floppy)
[Game: monkeyvga] Indiana Jones and the Last Crusade (256 color) [Game: indy3] Full Throttle
[Game: ft] The Dig
[Game: dig]"