Opened 16 years ago
Closed 16 years ago
#4337 closed defect (fixed)
CRUISE: Heap corruption crash
| Reported by: | dreammaster | Owned by: | dreammaster |
|---|---|---|---|
| Priority: | normal | Component: | Engine: Cruise |
| Version: | Keywords: | ||
| Cc: | Game: | Cruise for a Corpse |
Description
The heap corruption bug occurs for me in:
ScummVM 0.14 SVN 2009-05-12 Cruise for a Corpse English WIndows XP using both MinGW and MSVC8
In the attached savegame, you're in the bar at the start of the 11:20am segment. You'll get the crash at some point in the following steps: * Right-click and select to use the map, and select the hall at the bottom of the map * Click on the exit icon in the bottom right-hand corner * If you successfully appear in the hall without any crash occurring, try exiting the screen to the right
Ticket imported from: #2790598. Ticket imported from: bugs/4337.
Attachments (2)
Change History (8)
by , 16 years ago
| Attachment: | cruise.s07 added |
|---|
comment:1 by , 16 years ago
I made a few minor bugfixes (I hope), but even assuming they made a difference (and that's a *big* if) there are still a bunch of Valgrind warnings when loading that savegame:
==22912== Invalid write of size 1
==22912== at 0x4026C34: memcpy (mc_replace_strmem.c:402)
==22912== by 0x82906C4: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:456)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int) (widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
==22912== by 0x878C438: GUI::Dialog::runModal() (dialog.cpp:77)
==22912== by 0x8782B10: Engine::runDialog(GUI::Dialog&) (engine.cpp:294)
==22912== Address 0x6d7868b is not stack'd, malloc'd or (recently) free'd
==22912==
==22912== Invalid write of size 1
==22912== at 0x4026C3C: memcpy (mc_replace_strmem.c:402)
==22912== by 0x82906C4: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:456)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int) (widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
==22912== by 0x878C438: GUI::Dialog::runModal() (dialog.cpp:77)
==22912== by 0x8782B10: Engine::runDialog(GUI::Dialog&) (engine.cpp:294)
==22912== Address 0x6d7868a is not stack'd, malloc'd or (recently) free'd
==22912==
==22912== Invalid write of size 1
==22912== at 0x4026C45: memcpy (mc_replace_strmem.c:402)
==22912== by 0x82906C4: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:456)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int) (widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
==22912== by 0x878C438: GUI::Dialog::runModal() (dialog.cpp:77)
==22912== by 0x8782B10: Engine::runDialog(GUI::Dialog&) (engine.cpp:294)
==22912== Address 0x6d78689 is not stack'd, malloc'd or (recently) free'd
==22912==
==22912== Invalid write of size 1
==22912== at 0x4026C4E: memcpy (mc_replace_strmem.c:402)
==22912== by 0x82906C4: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:456)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int) (widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
==22912== by 0x878C438: GUI::Dialog::runModal() (dialog.cpp:77)
==22912== by 0x8782B10: Engine::runDialog(GUI::Dialog&) (engine.cpp:294)
==22912== Address 0x6d78688 is not stack'd, malloc'd or (recently) free'd
==22912==
==22912== Invalid read of size 1
==22912== at 0x829042E: Cruise::decodeGfxUnified(Cruise::dataFileEntry*, short) (dataLoader.cpp:121)
==22912== by 0x82908A7: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:483)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int) (widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
==22912== by 0x878C438: GUI::Dialog::runModal() (dialog.cpp:77)
==22912== by 0x8782B10: Engine::runDialog(GUI::Dialog&) (engine.cpp:294)
==22912== Address 0x6d78670 is 0 bytes after a block of size 112 alloc'd
==22912== at 0x402601E: malloc (vg_replace_malloc.c:207)
==22912== by 0x828BAC8: Cruise::mallocAndZero(int) (cruise_main.cpp:1910)
==22912== by 0x828FEB4: Cruise::updateResFileEntry(int, int, int, int) (dataLoader.cpp:150)
==22912== by 0x829062F: Cruise::loadSetEntry(char const*, unsigned char*, int, int) (dataLoader.cpp:440)
==22912== by 0x8290D24: Cruise::loadFileRange(char const*, int, int, int) (dataLoader.cpp:289)
==22912== by 0x8285D8F: Cruise::loadSavegameData(int) (saveload.cpp:895)
==22912== by 0x828A80C: Cruise::CruiseEngine::loadGameState(int) (cruise.cpp:185)
==22912== by 0x87852A9: MainMenuDialog::handleCommand(GUI::CommandSender*, unsigned int, unsigned int) (dialogs.cpp:145)
==22912== by 0x87982D4: GUI::CommandSender::sendCommand(unsigned int, unsigned int) (object.h:54)
==22912== by 0x87C35C9: GUI::ButtonWidget::handleMouseUp(int, int, int, int)(widget.cpp:246)
==22912== by 0x878BF47: GUI::Dialog::handleMouseUp(int, int, int, int) (dialog.cpp:201)
==22912== by 0x878D25D: GUI::GuiManager::runLoop() (GuiManager.cpp:339)
comment:2 by , 16 years ago
Thanks for the Valgrind report. I've applied a fix which should resolve the loadSetEntry write errors. I'm not so sure about the final 'read' one - it may have been resolved by the bugfixes. It would be useful if you could see if it still occurs or not.
comment:3 by , 16 years ago
I no longer get any Valgrind warnings when loading that savegame. I haven't tried reproducing the crash, though.
comment:4 by , 16 years ago
I'm getting a new error - in the second attached savegame, if you open the cupboard and then click somewhere else to close it, the game crashes with an assert in affiche_chemin. I'm wondering if perhaps this is a corruption as well, since the restoration of the background area behind the doorway is not done correctly - and the data drawn there seems to vary
comment:5 by , 16 years ago
Turns out it the latest issue wasn't a corruption bug - the save/load code wasn't actually saving cached background areas, and there was a separate bug in code to add temporary actor animations that was removing the wrong pathfinding data structure when it got removed.
comment:6 by , 16 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Savegame from the Bar