Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TH07/TH08/?????: Don't crash on score.dat corruptions #19

Open
nmlgc opened this issue Apr 16, 2018 · 2 comments
Open

TH07/TH08/?????: Don't crash on score.dat corruptions #19

nmlgc opened this issue Apr 16, 2018 · 2 comments
Labels
ZUN bug

Comments

@nmlgc
Copy link
Contributor

nmlgc commented Apr 16, 2018
edited

Here's a score.dat for TH08 that crashes the game on startup:

===
Exception c0000005 at 0x004A5CFF (Rxa5cff) (\th08.exe)

Registers:
EAX: 0x00000000 ECX: 0x00000005 EDX: 0x06B60DB8 EBX: 0x00000005
ESP: 0x0019FCD8 EBP: 0x0019FCE4 ESI: 0x00000001 EDI: 0x0A245EA8

Stack trace:
[09] 0x00448651 (Rx48651) (\th08.exe)
[08] 0x0045A881 (Rx5a881) (\th08.exe)
[07] 0x00459BC4 (Rx59bc4) (\th08.exe)
[06] 0x00458375 (Rx58375) (\th08.exe)
[05] 0x00441B9A (Rx41b9a) (\th08.exe)
[04] 0x004A631F (Rxa631f) (\th08.exe)
[03] 0x74FC8654 (Rx18654) (\KERNEL32.DLL)
[02] 0x77234B17 (Rx64b17) (\ntdll.dll)
[01] 0x77234AE7 (Rx64ae7) (\ntdll.dll)
===

Other games might be affected by similar ZUN bugs.

We probably can't restore those in case of a corruption, but it would be nice to print a more specific error, with the option of creating a new score file, rather than just crashing and forcing players to debug the issue themselves.

Bonus points for actually preventing the root cause.
DankRank pushed a commit that referenced this issue Jun 7, 2018
@nmlgc
th06: Maximize sprite boundaries where possible without changing the …
104a12a 
…images.

We'll probably end up rearranging all those sprites anyway though, to
make sure that translators can make them as large as they can possibly
appear in-game, despite breaking compatibility to the retexture patch
and other existing translations…

Sprites enlarged
----------------

front.png:
• #19 – MAX
• #20 – 点

replay00.png:
• #9 – 処理落ち率

result01.png:
• #4 – Extra

title01.png / title01s.png:
• #11 – Extra Start

title04.png / title04s.png:
• #00 – Shot (決定)
• #1 – Bomb (キャンセル)
• #11 – Off
• #16 – Midi
• #18 – Skip
@DankRank
Copy link
Member

crash is at strncmp, presumably because of second argument (ESI: 0x00000001).

one level up the stack is 44858D (which I dubbed versioncmp). Looks like it's compares it's arguments against contents of th08_0100d.ver from the dat. The check always succeeds if pointer to file contents is NULL, but here it seems that the pointer is 0x00000001 in this case. That pointer is located at this + 0x360. Additionally, size of the file is stored at this + 0x35C.

another level up is 45A5E0 (score_load), which checks the score file and recreates it, if it has errors. The object used as this in versioncmp call is 17CE758.

Conclusion: pointer to th08_0100d.ver contents is at 17CEAB8. Something corrupts that memory.

Will do further investigation with a debugger later.

@32th-System
Copy link
Member

The scorefile has a sort of checksum in it that is used to validate which version the scorefile was made in. The game will loop through th08_0100d.ver until it finds a line that matches the checksum in the scorefile. That's it, the game reaching the end of the file will not stop it from continuing to loop, then reading past the file and reaching invalid memory. cc8f8db will even write a valid checksum if the one in the scorefile is invalid

@32th-System 32th-System changed the title TH08/???: Don't crash on score.dat corruptions TH07/TH08/?????: Don't crash on score.dat corruptions Jun 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ZUN bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nmlgc @DankRank @32th-System