Crashes when opening stats

[Snus8bit]

Crashes when opening stats (shift+2) if the scaling factor = x2

To Reproduce

1. Download any 0.D game with tiles
2. Set Main menu -> settings -> options -> graphics -> scaling factor = x2.
3. Restart application to apply video settings
4. Start any game
5. Press shift + 2 (open player stats)

0.D-947-g980ca05, Windows 10 x64 (tested on XP)

crash.log
CRASH LOG FILE: config/crash.log
VERSION: 0.D-947-g980ca05
TYPE: Signal
MESSAGE: SIGSEGV: Segmentation fault
STACK TRACE:
@0x555705[cataclysm-tiles.exe+0x155705]
@0x5562B2[cataclysm-tiles.exe+0x1562B2]
SMPEG_error+0x4B034@0xE2C7E0[cataclysm-tiles.exe+0xA2C7E0]
_C_specific_handler+0x8E@0x7FCF73BF7AA[ntdll.dll+0x1F7AA]
RtlLookupFunctionEntry+0x26D@0x7FCF73BEE0D[ntdll.dll+0x1EE0D]
DbgPrint+0x47C@0x7FCF73BFE38[ntdll.dll+0x1FE38]
KiUserExceptionDispatcher+0x2E@0x7FCF73A4B9A[ntdll.dll+0x4B9A]
IMG_LoadWEBP_RW+0x3E8435@0x1306A85[cataclysm-tiles.exe+0xF06A85]
@0xC61EFA[cataclysm-tiles.exe+0x861EFA]
@0xC66638[cataclysm-tiles.exe+0x866638]
@0xB9F3AE[cataclysm-tiles.exe+0x79F3AE]
@0x69FA9B[cataclysm-tiles.exe+0x29FA9B]
@0x683397[cataclysm-tiles.exe+0x283397]
IMG_LoadWEBP_RW+0x4D7EC9@0x13F6519[cataclysm-tiles.exe+0xFF6519]
@0x4013ED[cataclysm-tiles.exe+0x13ED]
@0x4014FB[cataclysm-tiles.exe+0x14FB]
BaseThreadInitThunk+0x1A@0x7FCF6D6167E[KERNEL32.DLL+0x167E]
RtlUserThreadStart+0x21@0x7FCF73BC3F1[ntdll.dll+0x1C3F1]

[ZhilkinSerg]

Doesn't crash for me.

You should provide more info on other graphical settings

[neitsa]

@ZhilkinSerg I have been able to repro on my side.

The changes I made are (my main screen is 1920 * 1080):

• Terminal Width: 240
• Terminal height: 66
• FullScreen: Windowed Borderless
• Renderer: Direct3D
• Scaling Factor: 2x

Full Stack trace:

---------------------
0:000> kb
 # RetAddr           : Call Site
00 00007ff7`dc817b6d : MSVCP140D!std::_Debug_message+0x46 [d:\agent\_work\3\s\src\vctools\crt\crtw32\stdcpp\stdthrow.cpp @ 11] 
01 00007ff7`de01bb89 : Cataclysm!std::vector<cata_cursesport::curseline,std::allocator<cata_cursesport::curseline> >::operator[]+0x3d [d:\programming\microsoft visual studio 14.0\vc\include\vector @ 1235] 
02 00007ff7`de01b5df : Cataclysm!Font::draw_window+0x599 [k:\cdda\cataclysm-dda\src\sdltiles.cpp @ 1224] 
03 00007ff7`de01a2ee : Cataclysm!Font::draw_window+0x4f [k:\cdda\cataclysm-dda\src\sdltiles.cpp @ 1135] 
04 00007ff7`dc813a47 : Cataclysm!cata_cursesport::curses_drawwindow+0xdce [k:\cdda\cataclysm-dda\src\sdltiles.cpp @ 1122] 
05 00007ff7`ddd51551 : Cataclysm!catacurses::wrefresh+0x37 [k:\cdda\cataclysm-dda\src\cursesport.cpp @ 243] 
06 00007ff7`dcc289ab : Cataclysm!player::disp_info+0x21d1 [k:\cdda\cataclysm-dda\src\player_display.cpp @ 483] 
07 00007ff7`dca4d262 : Cataclysm!game::handle_action+0x2fbb [k:\cdda\cataclysm-dda\src\handle_action.cpp @ 1799] 
08 00007ff7`dc10acfa : Cataclysm!game::do_turn+0x592 [k:\cdda\cataclysm-dda\src\game.cpp @ 1400] 
09 00007ff7`dc0716e2 : Cataclysm!SDL_main+0x16fa [k:\cdda\cataclysm-dda\src\main.cpp @ 682] 
0a 00007ff7`de3b2f9d : Cataclysm!main_getcmdline+0xf2 [c:\projects\sdl\src\main\windows\sdl_windows_main.c @ 177] 
0b 00007ff7`de3b2e67 : Cataclysm!invoke_main+0x2d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 99] 
0c 00007ff7`de3b2d2e : Cataclysm!__scrt_common_main_seh+0x127 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253] 
0d 00007ff7`de3b2fb9 : Cataclysm!__scrt_common_main+0xe [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 296] 
0e 00007ffc`a85c81f4 : Cataclysm!WinMainCRTStartup+0x9 [f:\dd\vctools\crt\vcstartup\src\startup\exe_winmain.cpp @ 17] 
0f 00007ffc`a9fca251 : KERNEL32!BaseThreadInitThunk+0x14
10 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

Bug: fby is out of bound for the framebuffer.

Source code location: src\sdltiles.cpp @ 1224

            const int fbx = win->x + i; // fbx = 0 ; (win->x = 0; i = 0)
            const int fby = win->y + j;  // fby = 0x21 ; (win->y = 0x12; j = 0x0f)

            // note: use_oversized_framebuffer = false; oversized_framebuffer.size = 0x21; terminal_framebuffer.size = 0x21
            std::vector<curseline> &framebuffer = use_oversized_framebuffer ? oversized_framebuffer :
                                                  terminal_framebuffer;

#ifdef __ANDROID__
            // [SNIP]
#endif
            cursecell &oldcell = framebuffer[fby].chars[fbx]; // fby = 0x21; out of bounds!!!

edit

Actually the code guarded by the #ifdef __ANDROID__ is in fact actively checking for this bug:

            if( fby >= ( int )framebuffer.size() || fbx >= ( int )framebuffer[fby].chars.size() ) {
                continue;
            }