Segfault when trying to load a savegame

[fdelapena]

Game: Doaemon: Nobita's Resident Evil (English translation)
Download: http://nobihaza.wordpress.com/2014/02/21/doraemon-nobitas-resident-evil-english-release/

Looks like some data is uninitialized when trying to load the attached Save15.lsd file.
As the backtrace reports, it shows garbage on integers and "error reading variable" on strings.

Note: This game requires:

[EasyRPG]
Encoding=932

in RPG_RT.ini because filenames and RTP dependent names aren't untranslated (encoding detection will detect English as this game is). RTP table will help with this 👍.

Program received signal SIGSEGV, Segmentation fault.
std::string::assign (this=0x2718468, 
    __str=<error reading variable: Cannot access memory at address 0xffffffffffffffe8>)
    at /usr/src/debug/gcc-4.8.3-20140624/obj-x86_64-redhat-linux/x86_64-redhat-linux/libstdc++-v3/include/bits/basic_string.tcc:249
249       _CharT* __tmp = __str._M_rep()->_M_grab(__a, __str.get_allocator());
(gdb) backtrace full
#0  std::string::assign (this=0x2718468, 
    __str=<error reading variable: Cannot access memory at address 0xffffffffffffffe8>)
    at /usr/src/debug/gcc-4.8.3-20140624/obj-x86_64-redhat-linux/x86_64-redhat-linux/libstdc++-v3/include/bits/basic_string.tcc:249
        __a = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}
#1  0x0000003cf3ccaf88 in RPG::SaveActor::Fixup (this=0x2718450) at rpg_fixup.cpp:25
        actor = @0x2660298: {ID = 0, 
          name = <error reading variable: Cannot access memory at address 0x100010000bd08>, 
          title = <error reading variable: Cannot access memory at address 0x7f7fff3f0000d7e7>, 
          character_name = <error reading variable: Cannot access memory at address 0xffffffffffffffe8>, 
          character_index = 0, transparent = false, initial_level = 0, final_level = 0, critical_hit = 176, 
          critical_hit_chance = 59, 
          face_name = <error reading variable: Cannot access memory at address 0xffffffffffffffe8>, face_index = 97, 
          two_swords_style = false, fix_equipment = false, auto_battle = false, super_guard = false, parameters = {
            maxhp = std::vector of length 123459252680, capacity 123459252920 = {1, -32768, 59, 0, 0, 0, 0, 0, 0, 0, 
              0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 
              0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 
              0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 
              0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 
              0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 
              0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -32768, 0, 0, 0, 0, 0, 0, 0, 0, 
              0, 0, 1, -32768, 0, 0, 0, 0, 0, 0...}, maxsp = std::vector of length 0, capacity 0, 
            attack = std::vector of length -2192580804354, capacity -2192052322305 = {<error reading variable>, 
          exp_base = 1056, exp_inflation = 0, exp_correction = 33, initial_equipment = {weapon_id = 0, shield_id = 0, 
            armor_id = -30792, helmet_id = -10661, accessory_id = 59}, unarmed_animation = -698644552, class_id = 59, 
          battle_x = 32, battle_y = 0, battler_animation = 65, 
          skills = std::vector of length 0, capacity 595236331044820307, rename_skill = 227, 
          skill_name = <error reading variable: Cannot access memory at address 0xe5b6b5e78e81e381>, 
          state_ranks = std::vector of length -7308498519795678583, capacity -7308498519795678580 = {
            <error reading variable>
#2  0x00000000004f4b06 in Game_Actor::Fixup (this=0x2706980) at game_actor.cpp:52
No locals.
#3  0x00000000004fd0a7 in Game_Actors::Fixup () at game_actors.cpp:38
        i = 3
#4  0x000000000055aaec in Player::LoadSavegame (save_name="./Save15.lsd") at player.cpp:441
        save = {_M_ptr = 0x2858cb0}
        system = {screen = 0, frame_count = 0, graphics_name = "システム", unknown_16 = 0, unknown_17 = 0, 
          switches_size = 1000, switches = std::vector<bool> of length 1000, capacity 1024 = {0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0...}, variables_size = 284, 
          variables = std::vector of length 284, capacity 284 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
            0, 0, 0, 0, 0, 0, 0, 0...}, message_transparent = 0, message_position = 2, message_prevent_overlap = 1, 
          message_continue_events = 0, face_name = "", face_id = -1, face_right = false, face_flip = false, 
          transparent = false, unknown_3d = -1, title_music = {name = "(OFF)", fadein = 0, volume = 100, tempo = 100, 
            balance = 50}, battle_music = {name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, 
          battle_end_music = {name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, inn_music = {
            name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, current_music = {name = "(OFF)", 
            fadein = 0, volume = 100, tempo = 100, balance = 50}, before_vehicle_music = {name = "", fadein = 0, 
            volume = 100, tempo = 100, balance = 50}, before_battle_music = {name = "", fadein = 0, volume = 100, 
            tempo = 100, balance = 50}, stored_music = {name = "", fadein = 0, volume = 100, tempo = 100, 
            balance = 50}, boat_music = {name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, 
          ship_music = {name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, airship_music = {
            name = "(OFF)", fadein = 0, volume = 100, tempo = 100, balance = 50}, gameover_music = {name = "(OFF)", 
            fadein = 0, volume = 100, tempo = 100, balance = 50}, cursor_se = {name = "mカーソル", volume = 100, 
            tempo = 100, balance = 50}, decision_se = {name = "REvoice", volume = 100, tempo = 100, balance = 50}, 
          cancel_se = {name = "mキャンセル", volume = 100, tempo = 100, balance = 50}, buzzer_se = {
            name = "mエラー", volume = 100, tempo = 100, balance = 50}, battle_se = {name = "(OFF)", volume = 100, 
            tempo = 100, balance = 50}, escape_se = {name = "(OFF)", volume = 100, tempo = 100, balance = 50}, 
          enemy_attack_se = {name = "(OFF)", volume = 100, tempo = 100, balance = 50}, enemy_damaged_se = {
            name = "(OFF)", volume = 100, tempo = 100, balance = 50}, actor_damaged_se = {name = "(OFF)", 
            volume = 100, tempo = 100, balance = 50}, dodge_se = {name = "(OFF)", volume = 100, tempo = 100, 
            balance = 50}, enemy_death_se = {name = "(OFF)", volume = 100, tempo = 100, balance = 50}, item_se = {
            name = "(OFF)", volume = 100, tempo = 100, balance = 50}, transition_out = 0 '\000', 
          transition_in = 0 '\000', battle_start_fadeout = 5 '\005', battle_start_fadein = 0 '\000', 
          battle_end_fadeout = 0 '\000', battle_end_fadein = 0 '\000', teleport_allowed = true, 
          escape_allowed = true, save_allowed = true, menu_allowed = true, background = "", save_count = 0, 
          save_slot = -1, unknown_8c = 0}
        current_music = {name = "\270", fadein = -9232, volume = 32767, tempo = 42366736, balance = 0}
#5  0x000000000058191b in Scene_Load::Action (this=0x276ecf0, index=14) at scene_load.cpp:39
        ss = {<std::basic_iostream<char, std::char_traits<char> >> = {
    <std::basic_istream<char, std::char_traits<char> >> = {<std::basic_ios<char, std::char_traits<char> >> = {
    <std::ios_base> = {
                  _vptr.ios_base = 0x397b0ee308 <vtable for std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >+104>, static boolalpha = std::_S_boolalpha, static dec = std::_S_dec, static fixed = std::_S_fixed, 
                  static hex = std::_S_hex, static internal = std::_S_internal, static left = std::_S_left, 
                  static oct = std::_S_oct, static right = std::_S_right, static scientific = std::_S_scientific, 
                  static showbase = std::_S_showbase, static showpoint = std::_S_showpoint, 
                  static showpos = std::_S_showpos, static skipws = std::_S_skipws, static unitbuf = std::_S_unitbuf, 
                  static uppercase = std::_S_uppercase, static adjustfield = std::_S_adjustfield, 
                  static basefield = std::_S_basefield, static floatfield = std::_S_floatfield, 
                  static badbit = std::_S_badbit, static eofbit = std::_S_eofbit, static failbit = std::_S_failbit, 
                  static goodbit = std::_S_goodbit, static app = std::_S_app, static ate = std::_S_ate, 
                  static binary = std::_S_bin, static in = std::_S_in, static out = std::_S_out, 
                  static trunc = std::_S_trunc, static beg = std::_S_beg, static cur = std::_S_cur, 
                  static end = std::_S_end, _M_precision = 6, _M_width = 0, _M_flags = 4098, 
                  _M_exception = std::_S_goodbit, _M_streambuf_state = std::_S_goodbit, _M_callbacks = 0x0, 
                  _M_word_zero = {_M_pword = 0x0, _M_iword = 0}, _M_local_word = {{_M_pword = 0x0, _M_iword = 0}, {
                      _M_pword = 0x0, _M_iword = 0}, {_M_pword = 0x0, _M_iword = 0}, {_M_pword = 0x0, _M_iword = 0}, {
                      _M_pword = 0x0, _M_iword = 0}, {_M_pword = 0x0, _M_iword = 0}, {_M_pword = 0x0, _M_iword = 0}, {
                      _M_pword = 0x0, _M_iword = 0}}, _M_word_size = 8, _M_word = 0x7fffffffdb28, _M_ios_locale = {
                    static none = 0, static ctype = 1, static numeric = 2, static collate = 4, static time = 8, 
                    static monetary = 16, static messages = 32, static all = 63, 
                    _M_impl = 0x397b106e00 <(anonymous namespace)::c_locale_impl>, static _S_classic = 
    0x397b106e00 <(anonymous namespace)::c_locale_impl>, 
                    static _S_global = 0x397b106e00 <(anonymous namespace)::c_locale_impl>, static _S_categories = 
    0x397b0ea720 <__gnu_cxx::category_names>, static _S_once = 2}}, _M_tie = 0x0, _M_fill = 32 ' ', 
                _M_fill_init = true, _M_streambuf = 0x7fffffffda98, _M_ctype = 
    0x397b106960 <(anonymous namespace)::ctype_c>, _M_num_put = 0x397b1068f0 <(anonymous namespace)::num_put_c>, 
                _M_num_get = 0x397b106900 <(anonymous namespace)::num_get_c>}, 
              _vptr.basic_istream = 0x397b0ee2b8 <vtable for std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >+24>, _M_gcount = 0}, <std::basic_ostream<char, std::char_traits<char> >> = {
              _vptr.basic_ostream = 0x397b0ee2e0 <vtable for std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >+64>}, <No data fields>}, _M_stringbuf = {<std::basic_streambuf<char, std::char_traits<char> >> = {
              _vptr.basic_streambuf = 0x397b0eded0 <vtable for std::basic_stringbuf<char, std::char_traits<char>, std::allocator<char> >+16>, _M_in_beg = 0x28582f8 "Save15.lsd", _M_in_cur = 0x28582f8 "Save15.lsd", 
              _M_in_end = 0x28582f9 "ave15.lsd", _M_out_beg = 0x28582f8 "Save15.lsd", _M_out_cur = 0x2858302 "", 
              _M_out_end = 0x28584f8 "\001", _M_buf_locale = {static none = 0, static ctype = 1, static numeric = 2, 
                static collate = 4, static time = 8, static monetary = 16, static messages = 32, static all = 63, 
                _M_impl = 0x397b106e00 <(anonymous namespace)::c_locale_impl>, 
                static _S_classic = 0x397b106e00 <(anonymous namespace)::c_locale_impl>, 
                static _S_global = 0x397b106e00 <(anonymous namespace)::c_locale_impl>, 
                static _S_categories = 0x397b0ea720 <__gnu_cxx::category_names>, static _S_once = 2}}, 
            _M_mode = (std::_S_in | std::_S_out), _M_string = "S"}}
        save_name = "./Save15.lsd"
#6  0x000000000057e6d4 in Scene_File::Update (this=0x276ecf0) at scene_file.cpp:131
        old_top_index = 9850816
        old_index = 1
#7  0x000000000057839b in Scene::MainFunction (this=0x276ecf0) at scene.cpp:87
        __PRETTY_FUNCTION__ = "virtual void Scene::MainFunction()"
#8  0x000000000055909d in Player::Run () at player.cpp:142
No locals.
#9  0x000000000054f1b3 in main (argc=2, argv=0x7fffffffde28) at platform/sdl_main.cpp:32
No locals.

[Zegeri]

actor = @0x2660298: {ID = 0, 

There's the problem, an invalid ID. I'll take a look.

[fdelapena]

By the way, looks like current_music has unitialized values there except volume and balance, too.

[Zegeri]

It's a liblcf issue. For some reason, an int16_t vector in that save file has an odd number of elements (at 0x2be). The reader always supposes it has an even number, so it gets confused. I wasn't able to generate a save file with that bug from a clean new RPG project, so I don't know how did it happen. This patch ( Zegeri/liblcf@665842f) should fix it, but there seems to be another problems with the items.

[fdelapena]

Thanks for the find, now it loads without crashing.
Weird odd size fact, this might affect to
LcfReader::Read<uint32_t>(std::vector<uint32_t> &buffer, size_t size) for non % 4 too, but not sure if really used.