KEMBAR78
NUVIE: Fix Ultima 6 crash on FM-Towns sound load by PushmePullyu · Pull Request #4931 · scummvm/scummvm · GitHub
Skip to content

NUVIE: Fix Ultima 6 crash on FM-Towns sound load #4931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2023
Merged

NUVIE: Fix Ultima 6 crash on FM-Towns sound load #4931

merged 1 commit into from
Apr 29, 2023

Conversation

@PushmePullyu
Copy link
Contributor

@PushmePullyu PushmePullyu commented Apr 23, 2023
edited
Loading

U6Lib_n::close(): Do not call close() on NuvieIO buffers passed to us
via U6Lib_n::open(). Let the caller handle this instead.

Prevents a crash caused by the following events:

  • The game detects the files of the FM-Towns version
    ("townsu6" in the game directory) and eventually attempts to load
    "sounds1.dat" in TownsSfxManager::loadSound1Dat()

  • Here, it creates local objects U6Lib_n "lib" and NuvieIOBuffer "iobuf"

  • File data is loaded into "iobuf", which is then passed to "lib" via
    pointer. This pointer is stored by "lib"

  • When TownsSfxManager::loadSound1Dat() returns, "iobuf" goes out of
    scope and is destroyed before "lib"

  • The destructor of "lib" tries to call close() via the stale pointer,
    thus causing the crash

Fixes #14429

@antoniou79
Copy link
Contributor

Could you provide a bit more info on what execution path causes the crash, and potential explain why this does not occur on debug builds but occurs on release/optimizations-enabled builds?

Also, personally I'd suggest that this is fixed in a less obscure way. Perhaps by explicitly calling close() or whatever clears up allocated memory so that there won't be rogue access to it and/or adding checks for null and (maybe) updating the relevant destructors to avoid such access.

@PushmePullyu PushmePullyu force-pushed the fix-u6-fmtowns-crash branch from 02674ff to 0fcf08c Compare April 24, 2023 06:10
@PushmePullyu
NUVIE: Fix Ultima 6 crash on FM-Towns sound load
5df68c9 
U6Lib_n::close(): Do not call close() on NuvieIO buffers passed to us
via U6Lib_n::open(). Let the caller handle this instead.

Prevents a crash caused by the following events:

- The game detects the files of the FM-Towns version
   ("townsu6" in the game directory) and eventually attempts to load
   "sounds1.dat" in TownsSfxManager::loadSound1Dat()

- Here, it creates local objects U6Lib_n "lib" and NuvieIOBuffer "iobuf"

- File data is loaded into "iobuf", which is then passed to "lib" via
   pointer. This pointer is stored by "lib"

- When TownsSfxManager::loadSound1Dat() returns, "iobuf" goes out of
   scope and is destroyed before "lib"

- The destructor of "lib" tries to call close() via the stale pointer,
   thus causing the crash

Fixes #14429
@PushmePullyu PushmePullyu force-pushed the fix-u6-fmtowns-crash branch from 0fcf08c to 5df68c9 Compare April 24, 2023 06:19
@PushmePullyu
Copy link
Contributor Author

Thanks for the feedback. I have updated the PR with a more robust approach and a better description of the problem. I did not have time to investigate why the crash only happens with certain build configurations yet. Please excuse the force push.

@sev-
Copy link
Member

sev- commented Apr 29, 2023

I think, we saw this same crash on Android too

@sev- sev- merged commit c808ad4 into scummvm:master Apr 29, 2023
@PushmePullyu PushmePullyu deleted the fix-u6-fmtowns-crash branch May 16, 2023 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PushmePullyu @antoniou79 @sev-