mGBA will crash on macOS when inspecting an invalid map tile

[velipso]

Here is the test ROM:

test.gba.zip

The code is essentially:

  ldr   r0, =REG_DISPCNT
  ldr   r1, =0x0100
  strh  r1, [r0]

  ldr   r0, =REG_BG0CNT
  ldr   r1, =0x008c
  strh  r1, [r0]

  ldr   r0, =0x06000000
  ldr   r1, =0xffff
  strh  r1, [r0]

1. Load the ROM
2. Go to Tools -> Game state views -> View Map
3. Click on the upper-left corner of the Background 0 map
4. mGBA 0.10.1 will crash on macOS

Truncated crash report below, which has a stacktrace:

Process:               mGBA [19889]
Path:                  /Applications/mGBA.app/Contents/MacOS/mGBA
Identifier:            com.endrift.mgba-qt
Version:               0.10.1 (0.10.1)
Code Type:             X86-64 (Native)

Date/Time:             2023-02-13 18:28:11.0684 -0500
OS Version:            macOS 13.2 (22D49)
Report Version:        12
Bridge OS Version:     7.2 (20P3045)

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x00000001209553fc
Exception Codes:       0x0000000000000002, 0x00000001209553fc

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [19889]

VM Region Info: 0x1209553fc is not in any region.  Bytes after previous region: 1021  Bytes before following region: 76804
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      shared memory               120954000-120955000    [    4K] r--/r-- SM=SHM  
--->  GAP OF 0x13000 BYTES
      CoreImage                   120968000-120969000    [    4K] rw-/rwx SM=PRV  

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   mGBA                          	       0x10da715f1 mTileCacheGetTile + 241
1   mGBA                          	       0x10d7fb30d QGBA::AssetTile::selectIndex(int) + 157
2   mGBA                          	       0x10d87e2f6 QGBA::MapView::selectTile(int, int) + 1366
3   mGBA                          	       0x10d87ed39 QGBA::MapView::eventFilter(QObject*, QEvent*) + 249
4   mGBA                          	       0x10edac784 QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) + 154
5   mGBA                          	       0x10db94b3c QApplicationPrivate::notify_helper(QObject*, QEvent*) + 192
6   mGBA                          	       0x10db96e38 QApplication::notify(QObject*, QEvent*) + 5788
7   mGBA                          	       0x10edac524 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 138
8   mGBA                          	       0x10db95228 QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) + 684
9   mGBA                          	       0x10dbcda8c QWidgetWindow::handleMouseEvent(QMouseEvent*) + 1058
10  mGBA                          	       0x10dbccf13 QWidgetWindow::event(QEvent*) + 323
11  mGBA                          	       0x10db94b50 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 212
12  mGBA                          	       0x10db9596a QApplication::notify(QObject*, QEvent*) + 462
13  mGBA                          	       0x10edac524 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 138
14  mGBA                          	       0x10ea85360 QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) + 1516
15  mGBA                          	       0x10ea84eea QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) + 374
16  mGBA                          	       0x10ea7831f QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 91
17  mGBA                          	       0x10de76f06 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 40
18  CoreFoundation                	    0x7ff818a8fb78 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
19  CoreFoundation                	    0x7ff818a8fb27 __CFRunLoopDoSource0 + 157
20  CoreFoundation                	    0x7ff818a8f901 __CFRunLoopDoSources0 + 212
21  CoreFoundation                	    0x7ff818a8e57b __CFRunLoopRun + 929
22  CoreFoundation                	    0x7ff818a8db60 CFRunLoopRunSpecific + 560
23  HIToolbox                     	    0x7ff8223db766 RunCurrentEventLoopInMode + 292
24  HIToolbox                     	    0x7ff8223db396 ReceiveNextEventCommon + 199
25  HIToolbox                     	    0x7ff8223db2b3 _BlockUntilNextEventMatchingListInModeWithFilter + 70
26  AppKit                        	    0x7ff81bbde293 _DPSNextEvent + 909
27  AppKit                        	    0x7ff81bbdd114 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1219
28  AppKit                        	    0x7ff81bbcf757 -[NSApplication run] + 586
29  mGBA                          	       0x10de761e3 QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 1263
30  mGBA                          	       0x10edaa096 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 282
31  mGBA                          	       0x10edac993 QCoreApplication::exec() + 123
32  mGBA                          	       0x10d7eef8e main + 1774
33  dyld                          	    0x7ff818681310 start + 2432

[endrift]

How do these keep popping up? I found another crash while looking into this.