id,summary,reporter,owner,description,type,status,priority,component,version,resolution,keywords,cc,game 9844,SCI: PQ4: kIsOnMe out of bounds read,bgK,csnover,"Game: Police Quest 4 DOS / French ScummVM: eedbb7df4e256e752c861b1828cd4b1ac55d59bc At the beginning of the game, at Katherine's place, clicking on Katerine with the Speech icon sometimes triggers an assertion failure. I'm not sure what exactly triggers the assertion failure. Most of the time speaking with Katherine works fine. Maybe the mouse pointer position? To reproduce, load the attached save game (which is for the French version..) or go to Katherine's place, make her upset, leave, and enter her house again. Use the speech icon on Katherine. Multiple attempts may be needed. Backtrace: {{{ scummvm: ../engines/sci/graphics/celobj32.cpp:325: const byte* Sci::READER_Compressed::getRow(int16): Assertion `y >= 0 && y < _sourceHeight' failed. Thread 1 ""scummvm"" received signal SIGABRT, Aborted. 0x00007ffff495b670 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff495b670 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff495cd00 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff495445a in __assert_fail_base () from /usr/lib/libc.so.6 #3 0x00007ffff49544d2 in __assert_fail () from /usr/lib/libc.so.6 #4 0x00000000005a2389 in Sci::READER_Compressed::getRow (this=0x7ffffffb60f0, y=27) at ../engines/sci/graphics/celobj32.cpp:325 #5 0x000000000059f25a in Sci::CelObj::readPixel (this=0x33f6f50, x=20, y=27, mirrorX=false) at ../engines/sci/graphics/celobj32.cpp:599 #6 0x00000000005b3273 in Sci::GfxFrameout::isOnMe (this=0x340c840, screenItem=..., plane=..., position=..., checkPixel=true) at ../engines/sci/graphics/frameout.cpp:1232 #7 0x00000000005b304b in Sci::GfxFrameout::kernelIsOnMe (this=0x340c840, object=..., position=..., checkPixel=true) at ../engines/sci/graphics/frameout.cpp:1203 #8 0x000000000059a851 in Sci::kIsOnMe (s=0x33c82c0, argc=4, argv=0x33fd888) at ../engines/sci/engine/kgraphics32.cpp:259 #9 0x000000000053fe95 in Sci::callKernelFunc (s=0x33c82c0, kernelCallNr=18, argc=4) at ../engines/sci/engine/vm.cpp:377 #10 0x0000000000541fe4 in Sci::run_vm (s=0x33c82c0) at ../engines/sci/engine/vm.cpp:897 #11 0x0000000000532ea2 in Sci::invokeSelector (s=0x33c82c0, object=..., selectorId=106, k_argc=4, k_argp=0x33fd840, argc=2, argv=0x33fd848) at ../engines/sci/engine/selector.cpp:291 #12 0x00000000004fe6a3 in Sci::kListEachElementDo (s=0x33c82c0, argc=4, argv=0x33fd840) at ../engines/sci/engine/klists.cpp:620 #13 0x000000000053fe95 in Sci::callKernelFunc (s=0x33c82c0, kernelCallNr=90, argc=4) at ../engines/sci/engine/vm.cpp:377 #14 0x0000000000541fe4 in Sci::run_vm (s=0x33c82c0) at ../engines/sci/engine/vm.cpp:897 #15 0x00000000004e2fa8 in Sci::SciEngine::runGame (this=0x308b500) at ../engines/sci/sci.cpp:682 #16 0x00000000004e1c3d in Sci::SciEngine::run (this=0x308b500) at ../engines/sci/sci.cpp:453 #17 0x000000000040de2e in runGame (plugin=0xd695f0, system=..., edebuglevels="""") at ../base/main.cpp:263 #18 0x000000000040f026 in scummvm_main (argc=1, argv=0x7fffffffe878) at ../base/main.cpp:529 #19 0x000000000040c151 in main (argc=1, argv=0x7fffffffe878) at ../backends/platform/sdl/posix/posix-main.cpp:45}}}",defect,closed,normal,Engine: SCI,,fixed,sci32,,Police Quest 4