#25 Possible segfault due to fixed size of contention array

open
nobody
None
5
2007-04-10
2004-10-30
No

If an RZX file contains a frame which we play much
slower than the recording emulator, it may be possible
that the tstate count for that frame goes over 80000.
At this point, Fuse will likely segfault as the
ula.c:ula_contention array contains 'only' 80000 entries.

I can't instantly see any ways around this without
introducing a performance penalty, so opening this bug.

Discussion

  • Philip Kendall

    Philip Kendall - 2007-04-10
     
  • Philip Kendall

    Philip Kendall - 2007-04-10
    • summary: Possible segfault when playing RZX file --> Possible segfault due to fixed size of contention array
     
  • Philip Kendall

    Philip Kendall - 2007-04-10

    Logged In: YES
    user_id=29214
    Originator: YES

    An equivalent problem is produced by filling all of memory with 0xdd (only possible on eg +2A/+3), at which point we never exit the main z80_do_opcodes() loop. Attached is a test case for this, with thanks to Woody. I'm not intending to fix this for 0.8.
    File Added: DDPlus3.tap

     
  • Philip Kendall

    Philip Kendall - 2007-05-20

    RZX file containing a >100000 tstate frame

     
  • Philip Kendall

    Philip Kendall - 2007-05-20

    Logged In: YES
    user_id=29214
    Originator: YES

    Despite my previous comment, these aren't really equivalent cases: in the RZX case, we are running off the end of the contention array because we keep going around the main Z80 loop without a frame event happening to reduce the tstate count. In the second case, we are never running round the main Z80 loop, which is a different problem.

    I think the RZX case can be solved by having a "sentinel" event (at say 79000 tstates) which, if hit, simply reduces the tstate count and continues. The "all of memory is DD" case is a bit harder.

    Attached is a (hand-crafted) RZX file which contains ~100000 tstates in a frame. This doesn't actually cause Fuse to crash on my machine, but that's slightly irrelevant.
    File Added: verylongframe.rzx

     
  • Philip Kendall

    Philip Kendall - 2007-06-10

    Logged In: YES
    user_id=29214
    Originator: YES

    Code committed to add the sentinel event: if tstates is ever >= 79000 when the main opcode loop is entered, it is reduced by 8000.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks