Opened 14 years ago

Closed 14 years ago

#4714 closed defect (fixed)

CRUISE: crash after intro movie

Reported by: SF/yar-tour Owned by: dreammaster
Priority: normal Component: Engine: Cruise
Version: Keywords:
Cc: Game: Cruise for a Corpse

Description

Hello, I install ScummVM-1.0.0 on y Gentoo Linux (amd64) and try to play Cruise the Corpse. But after intro movie scummvm crashed. I launched it under valgrind and here is output:

==20973== Memcheck, a memory error detector. ==20973== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==20973== Using LibVEX rev 1884, a library for dynamic binary translation. ==20973== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==20973== Using valgrind-3.4.1, a dynamic binary instrumentation framework. ==20973== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==20973== For more details, rerun with: -v ==20973== User picked target 'cruise' (gameid 'cruise')... Looking for a plugin supporting this gameid... Cinematique evo 2 engine Starting 'Cinematique evo.2 engine game' **20973** *** strcpy_chk: buffer overflow detected ***: program terminated ==20973== at 0x4C25651: (within /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x4C257C1: __strcpy_chk (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x5ACFE0: (within /usr/games/bin/scummvm) ==20973== by 0x5B84A7: (within /usr/games/bin/scummvm) ==20973== by 0x5B649B: (within /usr/games/bin/scummvm) ==20973== by 0x5A8E6C: (within /usr/games/bin/scummvm) ==20973== by 0x5A8F0B: (within /usr/games/bin/scummvm) ==20973== by 0x5B215E: (within /usr/games/bin/scummvm) ==20973== by 0x5AF1AB: (within /usr/games/bin/scummvm) ==20973== by 0x40CE57: (within /usr/games/bin/scummvm) ==20973== by 0x40D806: (within /usr/games/bin/scummvm) ==20973== by 0x40A5DA: (within /usr/games/bin/scummvm) ==20973== ==20973== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 228 from 3) ==20973== malloc/free: in use at exit: 4,918,835 bytes in 3,158 blocks. ==20973== malloc/free: 27,727 allocs, 24,569 frees, 11,080,440 bytes allocated. ==20973== For counts of detected errors, rerun with: -v ==20973== searching for pointers to 3,158 not-freed blocks. ==20973== checked 90,841,000 bytes. ==20973== ==20973== 192 (16 direct, 176 indirect) bytes in 1 blocks are definitely lost in loss record 81 of 410 ==20973== at 0x4C23DB4: realloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x8264984: (within /usr/lib64/libX11.so.6.3.0) ==20973== by 0x8265241: (within /usr/lib64/libX11.so.6.3.0) ==20973== by 0x8266584: (within /usr/lib64/libX11.so.6.3.0) ==20973== by 0x8266C84: _XlcCreateLC (in /usr/lib64/libX11.so.6.3.0) ==20973== by 0x82828A7: _XlcDefaultLoader (in /usr/lib64/libX11.so.6.3.0) ==20973== by 0x826DB34: _XOpenLC (in /usr/lib64/libX11.so.6.3.0) ==20973== by 0x826DC1A: _XlcCurrentLC (in /usr/lib64/libX11.so.6.3.0) ==20973== by 0x826E01F: XSetLocaleModifiers (in /usr/lib64/libX11.so.6.3.0) ==20973== by 0x608A17D: (within /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x608ADFC: (within /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x607CFD7: SDL_VideoInit (in /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== ==20973== ==20973== 328 bytes in 1 blocks are possibly lost in loss record 261 of 410 ==20973== at 0x4C22DDD: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x9F64B7: (within /usr/games/bin/scummvm) ==20973== by 0x9F8334: (within /usr/games/bin/scummvm) ==20973== by 0x40DA2C: (within /usr/games/bin/scummvm) ==20973== by 0x40A5DA: (within /usr/games/bin/scummvm) ==20973== by 0x6C8156D: (below main) (in /lib64/libc-2.9.so) ==20973== ==20973== ==20973== 608 bytes in 2 blocks are possibly lost in loss record 286 of 410 ==20973== at 0x4C21A0A: calloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x4010180: _dl_allocate_tls (in /lib64/ld-2.9.so) ==20973== by 0x62B7528: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.9.so) ==20973== by 0x8B9D45E: pa_thread_new (in /usr/lib64/libpulsecommon-0.9.21.so) ==20973== by 0x7A843B6: pa_threaded_mainloop_start (in /usr/lib64/libpulse.so.0.12.2) ==20973== by 0x785574D: pa_simple_new (in /usr/lib64/libpulse-simple.so.0.0.3) ==20973== by 0x6081748: (within /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x605772C: SDL_AudioInit (in /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x60568DD: SDL_InitSubSystem (in /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x605698F: SDL_Init (in /usr/lib64/libSDL-1.2.so.0.11.3) ==20973== by 0x40BD29: (within /usr/games/bin/scummvm) ==20973== by 0x40D6C1: (within /usr/games/bin/scummvm) ==20973== ==20973== ==20973== 1,288 bytes in 1 blocks are possibly lost in loss record 337 of 410 ==20973== at 0x4C22DDD: operator new[](unsigned long) (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==20973== by 0x5AEB83: (within /usr/games/bin/scummvm) ==20973== by 0x5AF161: (within /usr/games/bin/scummvm) ==20973== by 0x40CE57: (within /usr/games/bin/scummvm) ==20973== by 0x40D806: (within /usr/games/bin/scummvm) ==20973== by 0x40A5DA: (within /usr/games/bin/scummvm) ==20973== by 0x6C8156D: (below main) (in /lib64/libc-2.9.so) ==20973== ==20973== LEAK SUMMARY: ==20973== definitely lost: 16 bytes in 1 blocks. ==20973== indirectly lost: 176 bytes in 4 blocks. ==20973== possibly lost: 2,224 bytes in 4 blocks. ==20973== still reachable: 4,916,419 bytes in 3,149 blocks. ==20973== suppressed: 0 bytes in 0 blocks. ==20973== Reachable blocks (those to which a pointer was found) are not shown. ==20973== To see them, rerun with: --leak-check=full --show-reachable=yes

Ticket imported from: #2905601. Ticket imported from: bugs/4714.

Attachments (1)

cruise.log (31.0 KB ) - added by SF/yar-tour 14 years ago.
Debug log

Download all attachments as: .zip

Change History (23)

comment:1 by SF/yar-tour, 14 years ago

And here is original (without valgrind) error: User picked target 'cruise' (gameid 'cruise')... Looking for a plugin supporting this gameid... Cinematique evo 2 engine Starting 'Cinematique evo.2 engine game' *** buffer overflow detected ***: scummvm terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f99621d6e1f] /lib/libc.so.6[0x7f99621d505c] scummvm[0x5acfe1] scummvm[0x5b84a8] scummvm[0x5b649c] scummvm[0x5a8e6d] scummvm[0x5a8f0c] scummvm[0x5b215f] scummvm[0x5af1ac] scummvm[0x40ce58] scummvm[0x40d807] scummvm[0x40a5db] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f996211d56e] scummvm[0x405d29] ======= Memory map: ======== 00400000-00d21000 r-xp 00000000 08:02 583034 /usr/games/bin/scummvm 00f20000-00f21000 r--p 00920000 08:02 583034 /usr/games/bin/scummvm 00f21000-00f38000 rw-p 00921000 08:02 583034 /usr/games/bin/scummvm 00f38000-00fe5000 rw-p 00000000 00:00 0 02455000-0273c000 rw-p 00000000 00:00 0 [heap] 7f9954000000-7f9954021000 rw-p 00000000 00:00 0 7f9954021000-7f9958000000 ---p 00000000 00:00 0 7f99580f3000-7f99580f4000 rw-p 00000000 00:00 0 7f99581ee000-7f99583e9000 rw-p 00000000 00:00 0 7f99583e9000-7f99584e3000 rw-s 00000000 00:07 72056861 /SYSV00000000 (deleted) 7f99584e3000-7f99584e4000 ---p 00000000 00:00 0 7f99584e4000-7f9958ce4000 rw-p 00000000 00:00 0 7f9958ce4000-7f9958ce5000 ---p 00000000 00:00 0 7f9958ce5000-7f99594e5000 rw-p 00000000 00:00 0 7f99594e5000-7f995d4e6000 rw-s 00000000 00:0e 16955868 /dev/shm/pulse-shm-1276806269 7f995d4e6000-7f995d4eb000 r-xp 00000000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7f995d4eb000-7f995d6ea000 ---p 00005000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7f995d6ea000-7f995d6eb000 r--p 00004000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7f995d6eb000-7f995d6ec000 rw-p 00005000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7f995d6ec000-7f995d6f5000 r-xp 00000000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7f995d6f5000-7f995d8f4000 ---p 00009000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7f995d8f4000-7f995d8f5000 r--p 00008000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7f995d8f5000-7f995d8f6000 rw-p 00009000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7f995d8f6000-7f995dbd6000 r--p 00000000 08:02 281428 /usr/lib64/locale/locale-archive 7f995dbd6000-7f995dbdd000 r-xp 00000000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7f995dbdd000-7f995dddd000 ---p 00007000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7f995dddd000-7f995ddde000 r--p 00007000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7f995ddde000-7f995dddf000 rw-p 00008000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7f995dddf000-7f995dde8000 r-xp 00000000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7f995dde8000-7f995dfe7000 ---p 00009000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7f995dfe7000-7f995dfe8000 r--p 00008000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7f995dfe8000-7f995dfe9000 rw-p 00009000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7f995dfe9000-7f995dfed000 r-xp 00000000 08:02 776963 /lib64/libattr.so.1.1.0 7f995dfed000-7f995e1ec000 ---p 00004000 08:02 776963 /lib64/libattr.so.1.1.0 7f995e1ec000-7f995e1ed000 r--p 00003000 08:02 776963 /lib64/libattr.so.1.1.0 7f995e1ed000-7f995e1ee000 rw-p 00004000 08:02 776963 /lib64/libattr.so.1.1.0 7f995e1ee000-7f995e1f2000 r-xp 00000000 08:02 488030 /lib64/libcap.so.2.17 7f995e1f2000-7f995e3f2000 ---p 00004000 08:02 488030 /lib64/libcap.so.2.17 7f995e3f2000-7f995e3f3000 r--p 00004000 08:02 488030 /lib64/libcap.so.2.17 7f995e3f3000-7f995e3f4000 rw-p 00005000 08:02 488030 /lib64/libcap.so.2.17 7f995e3f4000-7f995e3f9000 r-xp 00000000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7f995e3f9000-7f995e5f8000 ---p 00005000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7f995e5f8000-7f995e5f9000 r--p 00004000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7f995e5f9000-7f995e5fa000 rw-p 00005000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7f995e5fa000-7f995e633000 r-xp 00000000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7f995e633000-7f995e832000 ---p 00039000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7f995e832000-7f995e833000 r--p 00038000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7f995e833000-7f995e834000 rw-p 00039000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7f995e834000-7f995e848000 r-xp 00000000 08:02 901380 /lib64/libnsl-2.9.so 7f995e848000-7f995ea47000 ---p 00014000 08:02 901380 /lib64/libnsl-2.9.so 7f995ea47000-7f995ea48000 r--p 00013000 08:02 901380 /lib64/libnsl-2.9.so 7f995ea48000-7f995ea49000 rw-p 00014000 08:02 901380 /lib64/libnsl-2.9.so 7f995ea49000-7f995ea4b000 rw-p 00000000 00:00 0 7f995ea4b000-7f995ea5d000 r-xp 00000000 08:02 901396 /lib64/libresolv-2.9.so 7f995ea5d000-7f995ec5d000 ---p 00012000 08:02 901396 /lib64/libresolv-2.9.so 7f995ec5d000-7f995ec5e000 r--p 00012000 08:02 901396 /lib64/libresolv-2.9.so 7f995ec5e000-7f995ec5f000 rw-p 00013000 08:02 901396 /lib64/libresolv-2.9.so 7f995ec5f000-7f995ec61000 rw-p 00000000 00:00 0 7f995ec61000-7f995ec64000 r-xp 00000000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7f995ec64000-7f995ee64000 ---p 00003000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7f995ee64000-7f995ee65000 r--p 00003000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7f995ee65000-7f995ee66000 rw-p 00004000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7f995ee66000-7f995f028000 r-xp 00000000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7f995f028000-7f995f227000 ---p 001c2000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7f995f227000-7f995f23e000 r--p 001c1000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7f995f23e000-7f995f23f000 rw-p 001d8000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6

comment:2 by jvprat, 14 years ago

Owner: set to dreammaster

comment:3 by fingolfin, 14 years ago

It looks as if you are using a stripped & optimized build, so the crash output is not very helpful. Can you try running a build with debug information enabled? (Considering that you use Gentoo... ;)

comment:4 by fingolfin, 14 years ago

Summary: Cruise the Corpse crash after intro movie in ScummVM-1.0.0CRUISE: crash after intro movie

comment:5 by SF/yar-tour, 14 years ago

I found that it I remove -O2 from my CFLAGS and CXXFLAGS (they are '-O2 -pipe -march=nocona -mtune=nocona'), then Cruise didn't crash after intro. Also I added -ggdb to these flags, But unfortunately, the crash message was not more informative than without '-ggdb' Here it is: User picked target 'cruise' (gameid 'cruise')... Looking for a plugin supporting this gameid... Cinematique evo 2 engine Starting 'Cinematique evo.2 engine game' *** buffer overflow detected ***: scummvm terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7fd956777e1f] /lib/libc.so.6[0x7fd95677605c] scummvm[0x5acfe1] scummvm[0x5b84a8] scummvm[0x5b649c] scummvm[0x5a8e6d] scummvm[0x5a8f0c] scummvm[0x5b215f] scummvm[0x5af1ac] scummvm[0x40ce58] scummvm[0x40d807] scummvm[0x40a5db] /lib/libc.so.6(__libc_start_main+0xe6)[0x7fd9566be56e] scummvm[0x405d29] ======= Memory map: ======== 00400000-00d21000 r-xp 00000000 08:02 592317 /usr/games/bin/scummvm 00f20000-00f21000 r--p 00920000 08:02 592317 /usr/games/bin/scummvm 00f21000-00f38000 rw-p 00921000 08:02 592317 /usr/games/bin/scummvm 00f38000-00fe5000 rw-p 00000000 00:00 0 01cd1000-01fb2000 rw-p 00000000 00:00 0 [heap] 7fd94c694000-7fd94c695000 rw-p 00000000 00:00 0 7fd94c78f000-7fd94c98a000 rw-p 00000000 00:00 0 7fd94c98a000-7fd94ca84000 rw-s 00000000 00:07 75530274 /SYSV00000000 (deleted) 7fd94ca84000-7fd94ca85000 ---p 00000000 00:00 0 7fd94ca85000-7fd94d285000 rw-p 00000000 00:00 0 7fd94d285000-7fd94d286000 ---p 00000000 00:00 0 7fd94d286000-7fd94da86000 rw-p 00000000 00:00 0 7fd94da86000-7fd951a87000 rw-s 00000000 00:0e 18955799 /dev/shm/pulse-shm-262593030 7fd951a87000-7fd951a8c000 r-xp 00000000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7fd951a8c000-7fd951c8b000 ---p 00005000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7fd951c8b000-7fd951c8c000 r--p 00004000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7fd951c8c000-7fd951c8d000 rw-p 00005000 08:02 551616 /usr/lib64/libXfixes.so.3.1.0 7fd951c8d000-7fd951c96000 r-xp 00000000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7fd951c96000-7fd951e95000 ---p 00009000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7fd951e95000-7fd951e96000 r--p 00008000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7fd951e96000-7fd951e97000 rw-p 00009000 08:02 298427 /usr/lib64/libXcursor.so.1.0.2 7fd951e97000-7fd952177000 r--p 00000000 08:02 281428 /usr/lib64/locale/locale-archive 7fd952177000-7fd95217e000 r-xp 00000000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7fd95217e000-7fd95237e000 ---p 00007000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7fd95237e000-7fd95237f000 r--p 00007000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7fd95237f000-7fd952380000 rw-p 00008000 08:02 184961 /usr/lib64/libXrandr.so.2.2.0 7fd952380000-7fd952389000 r-xp 00000000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7fd952389000-7fd952588000 ---p 00009000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7fd952588000-7fd952589000 r--p 00008000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7fd952589000-7fd95258a000 rw-p 00009000 08:02 316577 /usr/lib64/libXrender.so.1.3.0 7fd95258a000-7fd95258e000 r-xp 00000000 08:02 776963 /lib64/libattr.so.1.1.0 7fd95258e000-7fd95278d000 ---p 00004000 08:02 776963 /lib64/libattr.so.1.1.0 7fd95278d000-7fd95278e000 r--p 00003000 08:02 776963 /lib64/libattr.so.1.1.0 7fd95278e000-7fd95278f000 rw-p 00004000 08:02 776963 /lib64/libattr.so.1.1.0 7fd95278f000-7fd952793000 r-xp 00000000 08:02 488030 /lib64/libcap.so.2.17 7fd952793000-7fd952993000 ---p 00004000 08:02 488030 /lib64/libcap.so.2.17 7fd952993000-7fd952994000 r--p 00004000 08:02 488030 /lib64/libcap.so.2.17 7fd952994000-7fd952995000 rw-p 00005000 08:02 488030 /lib64/libcap.so.2.17 7fd952995000-7fd95299a000 r-xp 00000000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7fd95299a000-7fd952b99000 ---p 00005000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7fd952b99000-7fd952b9a000 r--p 00004000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7fd952b9a000-7fd952b9b000 rw-p 00005000 08:02 186865 /usr/lib64/libgdbm.so.3.0.0 7fd952b9b000-7fd952bd4000 r-xp 00000000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7fd952bd4000-7fd952dd3000 ---p 00039000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7fd952dd3000-7fd952dd4000 r--p 00038000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7fd952dd4000-7fd952dd5000 rw-p 00039000 08:02 185255 /usr/lib64/libdbus-1.so.3.4.0 7fd952dd5000-7fd952de9000 r-xp 00000000 08:02 901380 /lib64/libnsl-2.9.so 7fd952de9000-7fd952fe8000 ---p 00014000 08:02 901380 /lib64/libnsl-2.9.so 7fd952fe8000-7fd952fe9000 r--p 00013000 08:02 901380 /lib64/libnsl-2.9.so 7fd952fe9000-7fd952fea000 rw-p 00014000 08:02 901380 /lib64/libnsl-2.9.so 7fd952fea000-7fd952fec000 rw-p 00000000 00:00 0 7fd952fec000-7fd952ffe000 r-xp 00000000 08:02 901396 /lib64/libresolv-2.9.so 7fd952ffe000-7fd9531fe000 ---p 00012000 08:02 901396 /lib64/libresolv-2.9.so 7fd9531fe000-7fd9531ff000 r--p 00012000 08:02 901396 /lib64/libresolv-2.9.so 7fd9531ff000-7fd953200000 rw-p 00013000 08:02 901396 /lib64/libresolv-2.9.so 7fd953200000-7fd953202000 rw-p 00000000 00:00 0 7fd953202000-7fd953205000 r-xp 00000000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7fd953205000-7fd953405000 ---p 00003000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7fd953405000-7fd953406000 r--p 00003000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7fd953406000-7fd953407000 rw-p 00004000 08:02 184822 /usr/lib64/libasyncns.so.0.3.1 7fd953407000-7fd9535c9000 r-xp 00000000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7fd9535c9000-7fd9537c8000 ---p 001c2000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7fd9537c8000-7fd9537df000 r--p 001c1000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7fd9537df000-7fd9537e0000 rw-p 001d8000 08:02 186422 /usr/lib64/libvorbisenc.so.2.0.6 7fd9537e0000-7fd953837000 r-xp 00000000 08:02 185982 /usr/lib64/libsndfile.so.1.0.20

comment:6 by SF/yar-tour, 14 years ago

Oops, I forgot to disable stripping ;) so here is more informative valgrind log: ==2039== Memcheck, a memory error detector. ==2039== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==2039== Using LibVEX rev 1884, a library for dynamic binary translation. ==2039== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==2039== Using valgrind-3.4.1, a dynamic binary instrumentation framework. ==2039== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==2039== For more details, rerun with: -v ==2039== User picked target 'cruise' (gameid 'cruise')... Looking for a plugin supporting this gameid... Cinematique evo 2 engine Starting 'Cinematique evo.2 engine game' **2039** *** strcpy_chk: buffer overflow detected ***: program terminated ==2039== at 0x4C25651: (within /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==2039== by 0x4C257C1: __strcpy_chk (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==2039== by 0x5ACFE0: Cruise::loadBackground(char const*, int) (string3.h:106) ==2039== by 0x5B84A7: Cruise::Op_LoadBackground() (function.cpp:513) ==2039== by 0x5B649B: Cruise::opcodeType8() (function.cpp:1998) ==2039== by 0x5A8E6C: Cruise::executeScripts(Cruise::scriptInstanceStruct*) (script.cpp:620) ==2039== by 0x5A8F0B: Cruise::manageScripts(Cruise::scriptInstanceStruct*) (script.cpp:655) ==2039== by 0x5B215E: Cruise::CruiseEngine::mainLoop() (cruise_main.cpp:1847) ==2039== by 0x5AF1AB: Cruise::CruiseEngine::run() (cruise.cpp:105) ==2039== by 0x40CE57: runGame(PluginSubclass<MetaEngine> const*, OSystem&, Common::String const&) (main.cpp:212) ==2039== by 0x40D806: scummvm_main (main.cpp:377) ==2039== by 0x40A5DA: main (main.cpp:108) ==2039== ==2039== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 238 from 3) ==2039== malloc/free: in use at exit: 4,914,024 bytes in 3,092 blocks. ==2039== malloc/free: 27,660 allocs, 24,568 frees, 11,005,162 bytes allocated. ==2039== For counts of detected errors, rerun with: -v ==2039== searching for pointers to 3,092 not-freed blocks. ==2039== checked 90,838,384 bytes. ==2039== ==2039== LEAK SUMMARY: ==2039== definitely lost: 192 bytes in 5 blocks. ==2039== possibly lost: 2,224 bytes in 4 blocks. ==2039== still reachable: 4,911,608 bytes in 3,083 blocks. ==2039== suppressed: 0 bytes in 0 blocks. ==2039== Rerun with --leak-check=full to see details of leaked memory.

comment:7 by SF/yar-tour, 14 years ago

Also here is gdb output (gdb) thread apply all bt

Thread 3 (process 2205): #0 0x00007f3ed1355701 in nanosleep () from /lib/libpthread.so.0 #1 0x00007f3ed15a97d3 in SDL_Delay () from /usr/lib/libSDL-1.2.so.0 #2 0x00007f3ed15a9803 in ?? () from /usr/lib/libSDL-1.2.so.0 #3 0x00007f3ed1573a83 in ?? () from /usr/lib/libSDL-1.2.so.0 #4 0x00007f3ed15a76bb in ?? () from /usr/lib/libSDL-1.2.so.0 #5 0x00007f3ed134edee in start_thread () from /lib/libpthread.so.0 #6 0x00007f3ed0930e0d in clone () from /lib/libc.so.6 #7 0x0000000000000000 in ?? ()

Thread 2 (process 2206): #0 0x00007f3ed09294de in ppoll () from /lib/libc.so.6 #1 0x00007f3ecfb986e2 in pa_mainloop_poll () from /usr/lib/libpulse.so.0 #2 0x00007f3ecfb9994b in pa_mainloop_iterate () from /usr/lib/libpulse.so.0 #3 0x00007f3ed1596447 in ?? () from /usr/lib/libSDL-1.2.so.0 #4 0x00007f3ed156c8a5 in ?? () from /usr/lib/libSDL-1.2.so.0 #5 0x00007f3ed1573a83 in ?? () from /usr/lib/libSDL-1.2.so.0 #6 0x00007f3ed15a76bb in ?? () from /usr/lib/libSDL-1.2.so.0 #7 0x00007f3ed134edee in start_thread () from /lib/libpthread.so.0 #8 0x00007f3ed0930e0d in clone () from /lib/libc.so.6 #9 0x0000000000000000 in ?? ()

Thread 1 (process 2203): #0 0x00007f3ed089d2a6 in raise () from /lib/libc.so.6 #1 0x00007f3ed089e493 in abort () from /lib/libc.so.6 #2 0x00007f3ed08d5947 in ?? () from /lib/libc.so.6 #3 0x00007f3ed0943e1f in __fortify_fail () from /lib/libc.so.6 #4 0x00007f3ed094205c in __chk_fail () from /lib/libc.so.6 #5 0x00000000005acfe1 in Cruise::loadBackground (name=0x7fff613ee240 "HORLOFND.PI1", idx=0) at /usr/include/bits/string3.h:106 #6 0x00000000005b84a8 in Cruise::Op_LoadBackground () at engines/cruise/function.cpp:513 #7 0x00000000005b649c in Cruise::opcodeType8 () at engines/cruise/function.cpp:1998 #8 0x00000000005a8e6d in Cruise::executeScripts (ptr=<value optimized out>) at engines/cruise/script.cpp:620 #9 0x00000000005a8f0c in Cruise::manageScripts (scriptHandle=<value optimized out>) at engines/cruise/script.cpp:655 #10 0x00000000005b215f in Cruise::CruiseEngine::mainLoop (this=0x30e89d0) at engines/cruise/cruise_main.cpp:1847 #11 0x00000000005af1ac in Cruise::CruiseEngine::run (this=0x30e89d0) at engines/cruise/cruise.cpp:105 #12 0x000000000040ce58 in runGame (plugin=<value optimized out>, system=@0x2fd76d0, edebuglevels=@0x7fff613ef2f0) at base/main.cpp:212 #13 0x000000000040d807 in scummvm_main (argc=<value optimized out>, argv=<value optimized out>) at base/main.cpp:377 #14 0x000000000040a5db in main (argc=1, argv=0x7fff613ef448) at backends/platform/sdl/main.cpp:108

comment:8 by dreammaster, 14 years ago

I'm no expert on gdb profiling, but the last known method that's listed is "loadBackground". That's the method responsible for loading a background, obviously. Most of the code, though, is done in sub-methods, like "loadFileSub1".. all that loadBackground has is some palette copying code and then calls to decode the screen from the remainder of the data.

So does the fail in loadBackground mean that the error has to be in loadBackground, or could it be in one of the sub-methods? This could be caused by bad game data, since incorrect byte sequences could cause the decompressor to go beyond the size of the allocated buffers.

Has the game data been verified on any other system? You might also want to try recopying the files just to see if it makes any difference.

comment:9 by SF/yar-tour, 14 years ago

There is no crash if I didn't use -O2 optimizations. Also thers is no problems when I run game in dosbox. So I think that it's not data-related.

comment:10 by dreammaster, 14 years ago

Pity.. I was kind of hoping for a quick and obvious solution. The next thing I'd suggest is try running ScummVM with a high debug level and capture the result. That may give a better idea of the specific conditions under which the error is occurring for you.

I'm somewhat limited in how much I can assist, since I'm not running Linux.

by SF/yar-tour, 14 years ago

Attachment: cruise.log added

Debug log

comment:11 by SF/yar-tour, 14 years ago

I attached output of scummvm -d 99

comment:12 by fingolfin, 14 years ago

Maybe you could try running scummvm under valgrind? It's not difficult, you just have to install valgrind (I am sure gentoo has a package for it) and follow the instructions on <http://valgrind.org/docs/manual/quick-start.html>

comment:13 by SF/yar-tour, 14 years ago

Err, sorry, but my previous reports was from valgrind.

comment:14 by dreammaster, 14 years ago

Owner: dreammaster removed

comment:15 by dreammaster, 14 years ago

I had a look at the point where the final listed file, CFAC2.PI1, is loaded, and couldn't find any issues with the decompression or loading - on my system the decompression fits exactly into the allocated space, and none of the remaining memory copies seem to be of a size to overrun their destinations.

I can only suggest trying to put in some extra debug statements into the 'loadBackground' to try and narrow down the exact point where the memory corruption occurs. Or if all else fails, maybe someone else with a similar installation to yours can look into the problem to try and figure out the problem.

comment:16 by SF/yar-tour, 14 years ago

Are you using -O2 optimization in your CFLAGS/CXXFLAGS? Because on my system it's default, and when I recompile manually, without it, scummvm runs correclty.

comment:17 by SF/yar-tour, 14 years ago

BTW, I compile r46287 with --enable-release (It enables -O2 flag) and it also have this crasher.

comment:18 by SF/yar-tour, 14 years ago

Ok, I added debug statements to almost every line in loadBackground and here is line which crash ScummVM: if (name != backgroundTable[idx].name) strcpy(backgroundTable[idx].name, name); Also, when I skip intro, last background is HORLOFND.PI1. When I didn't skip intro, last background is CFAC2.PI1, and both crashes ScummVM.

comment:19 by SF/yar-tour, 14 years ago

PS. I compiles with gcc-4.3.4 and gcc-4.4.2. uname -a: Linux localhost 2.6.32-gentoo #1 SMP PREEMPT Fri Dec 4 19:52:36 MSK 2009 x86_64 Pentium(R) Dual-Core CPU E5200 @ 2.50GHz GenuineIntel GNU/Linux.

comment:20 by SF/yar-tour, 14 years ago

With help from my friend, I change this line to if (name != backgroundTable[idx].name) strncpy(backgroundTable[idx].name, name, sizeof(backgroundTable[idx].name)); and scummvm didn't crash! I also recompile version from portage (it's 1.0.0) with this change, and it's also works.

comment:21 by sev-, 14 years ago

Owner: set to dreammaster

comment:22 by dreammaster, 14 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.