Saving cartridge crashes the dev (Pro) build

[joshgoebel]

• save blah.lua works
• save or just using Meta-S always crashes

SHA1: f4688a5 (latest commit as of when bug is filed)

Process:               tic80 [90209]
Path:                  /Users/USER/*/tic80
Identifier:            tic80
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        fish [85007]
Responsible:           tic80 [90209]
User ID:               501

Date/Time:             2021-02-21 14:37:07.600 -0500
OS Version:            Mac OS X 10.14.6 (18G7016)
Report Version:        12
Anonymous UUID:        F0EA3A0C-BEB9-A668-BA6C-339F00CBA4FA

Sleep/Wake UUID:       42BC0F60-BC41-4BC5-8E5D-93A57754B3B9

Time Awake Since Boot: 2400000 seconds
Time Since Wake:       1400000 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
detected source and destination buffer overlap

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff70b1e2c2 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff70bd9bf1 pthread_kill + 284
2   libsystem_c.dylib             	0x00007fff70a886a6 abort + 127
3   libsystem_c.dylib             	0x00007fff70a88819 abort_report_np + 177
4   libsystem_c.dylib             	0x00007fff70aaccb1 __chk_fail + 48
5   libsystem_c.dylib             	0x00007fff70aaccc1 __chk_fail_overlap + 16
6   libsystem_c.dylib             	0x00007fff70aacce3 __chk_overlap + 34
7   libsystem_c.dylib             	0x00007fff70aace81 __strcpy_chk + 64
8   tic80                         	0x000000010ef16010 setCartName + 48 (console.c:604)
9   tic80                         	0x000000010ef193bd saveCartName + 381 (console.c:2025)
10  tic80                         	0x000000010ef1940d saveCartName + 461 (console.c:2035)
11  tic80                         	0x000000010ef191ad onConsoleSaveCommandConfirmed + 29 (console.c:2049)
12  tic80                         	0x000000010ef17da0 onConsoleSaveCommand + 176 (console.c:2086)
13  tic80                         	0x000000010ef175fb processCommand + 443 (console.c:2596)
14  tic80                         	0x000000010ef16ee3 processConsoleCommand + 115 (console.c:2695)
15  tic80                         	0x000000010ef16485 processKeyboard + 357 (console.c:2879)
16  tic80                         	0x000000010ef1507d tick + 45 (console.c:2927)
17  tic80                         	0x000000010ef42462 renderStudio + 354 (studio.c:1761)
18  tic80                         	0x000000010ef40ef3 studioTick + 51 (studio.c:1902)
19  tic80                         	0x000000010ef13d6e gpuTick + 78 (main.c:1480)
20  tic80                         	0x000000010ef12ecf start + 335 (main.c:1627)
21  tic80                         	0x000000010ef12d6f main + 47 (main.c:1770)
22  libdyld.dylib                 	0x00007fff709e33d5 start + 1

Perhaps a problem with setCartName or memory allocation?

[joshgoebel]

This seems to work:

static void setCartName(Console* console, const char* name, const char* path)
{
    if (name != console->rom.name)
        strcpy(console->rom.name, name);
    if (path != console->rom.path)
        strcpy(console->rom.path, path);
}

I think you're trying to copy the name back on top of itself which is a no no (at least on Mac; not sure if strcpy on other platforms has different behavior.) Also I'm not sure if this only happens in some circumstances or all.

[joshgoebel]

This may have been broken in ba56b6f.

[nesbox]

Can't reproduce it on my mac, do I need to do something special to make it crash?

[joshgoebel]

Steps: (on Mac OS Mohave)

• latest git checkout
• cmake .. -DBUILD_PRO=On
• make -j4
• ./bin/tic80
• new
• save crash.lua
• save (crashes with core dump as shown )

I gave you the fix though. Under what circumstances could/would name and console->rom.name be the same exact pointer? You previously had a check in the code for exactly this condition which you removed with ba56b6f. Why?

[joshgoebel]

Output:

% ./bin/tic80

 TIC-80 tiny computer
 version 0.90.1524-dev Pro
 http://tic80.com (C) 2021

 hello! type help for help

>new
new cart is created
>save crash.lua
cart crash.lua saved!

>savefish: './bin/tic80' terminated by signal SIGABRT (Abort)

[nesbox]

thanks, will try to reproduce it again

[nesbox]

Fixed here 7ce466c
Thank you.

[joshgoebel]

Thanks!