segfault read overflow while rendering a texture, just after character selection and before entering a race

[fabienr]

OpenBSD malloc is more strict and the game segfault like this:

Core was generated by `Spaghettify'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000d91aab1c142 in Fast::Interpreter::ImportTextureIA16 (this=0xd93df088888, tile=0, importReplacement=false)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:629
629                 uint8_t intensity = addr[2 * clrIdx];
[Current thread is 1 (process 538572)]
(gdb) bt
#0  0x00000d91aab1c142 in Fast::Interpreter::ImportTextureIA16 (this=0xd93df088888, tile=0, importReplacement=false)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:629
#1  0x00000d91aab1e1b0 in Fast::Interpreter::ImportTexture (this=0xd93df088888, i=0, tile=0, importReplacement=false)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:940
#2  0x00000d91aab21acb in Fast::Interpreter::GfxSpTri1 (this=0xd93df088888, vtx1_idx=64 '@', vtx2_idx=65 'A', vtx3_idx=67 'C', is_rect=true)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:1522
#3  0x00000d91aab2564e in Fast::Interpreter::GfxDrawRectangle (this=0xd93df088888, ulx=100, uly=456, lrx=-32768, lry=-32768)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:2311
#4  0x00000d91aab259f9 in Fast::Interpreter::GfxDpTextureRectangle (this=0xd93df088888, ulx=100, uly=456, lrx=-32768, lry=-32768, tile=0 '\000', uls=0, ult=0, dsdx=1024, dtdy=1024, 
    flip=false) at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:2380
#5  0x00000d91aab37b4e in Fast::gfx_tex_rect_wide_handler_custom (cmd0=0xd93f76de000)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:3776
#6  0x00000d91aab3ac0d in Fast::gfx_step ()
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:4155
#7  0x00000d91aab3a921 in Fast::Interpreter::Run (this=0xd93df088888, commands=0xd91bb122620 <gGfxPools+182464>, mtx_replacements=...)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/interpreter.cpp:4395
#8  0x00000d91aab0b37a in Fast::Fast3dWindow::DrawAndRunGraphicsCommands (this=0xd94380e8b58, commands=0xd91bb122620 <gGfxPools+182464>, mtxReplacements=...)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/libultraship/src/fast/Fast3dWindow.cpp:199
#9  0x00000d91aa818a7a in GameEngine::RunCommands (pool=0xd91bb122620 <gGfxPools+182464>, mtx_replacements=...)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/port/Engine.cpp:410
#10 0x00000d91aa819190 in GameEngine::ProcessGfxCommands (pool=0xd91bb122620 <gGfxPools+182464>)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/port/Engine.cpp:468
#11 0x00000d91aa822744 in Graphics_PushFrame (pool=0xd91bb122620 <gGfxPools+182464>)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/port/Game.cpp:54
#12 0x00000d91aaa8a3b0 in create_gfx_task_structure () at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/main.c:310
#13 0x00000d91aaa8a2a2 in end_master_display_list () at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/main.c:460
#14 0x00000d91aaa8b3a1 in thread5_iteration () at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/main.c:1181
#15 0x00000d91aa835237 in push_frame () at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/port/Game.cpp:901
#16 0x00000d91aa8354c2 in main (argc=1, argv=0x746363d32258)
    at /mnt/ext/_ports/pobj/spaghettikart-0.9.9.1pl20251231/SpaghettiKart-186ea294aedd05efc9ab799507dd96040a05741c/src/port/Game.cpp:973
(gdb) print mRdp->texture_tile[tile].tmem_index
$1 = 0 '\000'
(gdb) print mRdp->loaded_texture[0]
$2 = {addr = 0xd93e9689022 "", orig_size_bytes = 8192, size_bytes = 8192, full_image_line_size_bytes = 8192, line_size_bytes = 8192, tex_flags = 0, raw_tex_metadata = {width = 0, 
    height = 0, h_byte_scale = 1, v_pixel_scale = 1, resource = {__ptr_ = 0x0, __cntrl_ = 0x0}, type = Fast::Error}, masked = false, blended = false}
(gdb) print mRdp->texture_tile[tile]
$3 = {fmt = 3 '\003', siz = 2 '\002', cms = 2 '\002', cmt = 2 '\002', shifts = 0 '\000', shiftt = 0 '\000', uls = 0, ult = 0, lrs = 492, lrt = 292, tmem = 0, line_size_bytes = 248, 
  palette = 0 '\000', tmem_index = 0 '\000'}
(gdb) print clrIdx
$5 = 4079
(gdb) x/16xb addr+8156
0xd93e968affe:  0xdb    0xdb    Cannot access memory at address 0xd93e968b000
(gdb) x/16xb addr-35
0xd93e9688fff:  Cannot access memory at address 0xd93e9688fff
(gdb) x/16xb addr-34
0xd93e9689000:  0x00    0x01    0x00    0x03    0x00    0x03    0x00    0x03
0xd93e9689008:  0x00    0x03    0x00    0x03    0x00    0x03    0x00    0x03
(gdb) print x
$8 = 111
(gdb) print y
$9 = 32
(gdb) print height
$10 = 33
(gdb) print width
$11 = 124

So the addr buffer have 8158 bytes available but there is also room for 34 bytes before the pointer address. I'm trying to understand if the extra room before addr came from malloc internals or it there is a padding on addr at some places.

Also, 0xDB is malloc JUNK, which mean part of the data wasn't initialized as I doubt 0xdb in a while represent any texture.
0xd93e968a3a8: 0x6b 0x9f 0x6b 0x9f 0x6b 0x9f 0x73 0x9d
0xd93e968a3b0: 0xdb 0xdb 0xdb 0xdb 0xdb 0xdb 0xdb 0xdb

So it looks like the actuel buffer is starting at addr-34 (0xd93e9689000) and its size is 5040.

The texture to render is (124332 / widthheight2) 8184 bytes but size_bytes is 8192 . I tried to understand where this buffer came from without sucess. At least it looks like there is an error:
raw_tex_metadata = {width = 0, height = 0, h_byte_scale = 1, v_pixel_scale = 1, resource = {__ptr_ = 0x0, __cntrl_ = 0x0}, type = Fast::Error},

I can play in debug mode, the issue is only when entering a race after character selection.
The file .local/share/spaghettify/logs/Spaghetti\ Kart.log doesn't help much.
Please, how can I get more logs (traces, debug ...) ?

There is mRdp dump from gdb:

$14 = {
  palettes = {0x0, 0x0},
  texture_to_load = {
    addr = 0xd93e9689022 "",
    siz = 2 '\002',
    width = 1,
    tex_flags = 0,
    raw_tex_metadata = {
      width = 0,
      height = 0,
      h_byte_scale = 1,
      v_pixel_scale = 1,
      resource = {
        __ptr_ = 0x0,
        __cntrl_ = 0x0
      },
      type = Fast::Error
    }
  },
  loaded_texture = {{
      addr = 0xd93e9689022 "",
      orig_size_bytes = 8192,
      size_bytes = 8192,
      full_image_line_size_bytes = 8192,
      line_size_bytes = 8192,
      tex_flags = 0,
      raw_tex_metadata = {
        width = 0,
        height = 0,
        h_byte_scale = 1,
        v_pixel_scale = 1,
        resource = {
          __ptr_ = 0x0,
          __cntrl_ = 0x0
        },
        type = Fast::Error
      },
      masked = false,
      blended = false
    }, {
      addr = 0x0,
      orig_size_bytes = 0,
      size_bytes = 0,
      full_image_line_size_bytes = 0,
      line_size_bytes = 0,
      tex_flags = 0,
      raw_tex_metadata = {
        width = 0,
        height = 0,
        h_byte_scale = 1,
        v_pixel_scale = 1,
        resource = {
          __ptr_ = 0x0,
          __cntrl_ = 0x0
        },
        type = Fast::Error
      },
      masked = false,
      blended = false
    }},
  texture_tile = {{
      fmt = 3 '\003',
      siz = 2 '\002',
      cms = 2 '\002',
      cmt = 2 '\002',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 492,
      lrt = 292,
      tmem = 0,
      line_size_bytes = 248,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 0 '\000',
      siz = 0 '\000',
      cms = 0 '\000',
      cmt = 0 '\000',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 0,
      lrt = 0,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }, {
      fmt = 3 '\003',
      siz = 2 '\002',
      cms = 2 '\002',
      cmt = 2 '\002',
      shifts = 0 '\000',
      shiftt = 0 '\000',
      uls = 0,
      ult = 0,
      lrs = 508,
      lrt = 308,
      tmem = 0,
      line_size_bytes = 0,
      palette = 0 '\000',
      tmem_index = 0 '\000'
    }},
  textures_changed = {true, true},
  first_tile_index = 0 '\000',
  other_mode_l = 5259844,
  other_mode_h = 3312,
  combine_mode = 67446513373668337,
  grayscale = false,
  current_shader = {
    enabled = false,
    id = 0,
    type = 0 '\000'
  },
  prim_lod_fraction = 0 '\000',
  env_color = {
    r = 247 '\367',
    g = 247 '\367',
    b = 247 '\367',
    a = 0 '\000'
  },
  prim_color = {
    type = 0 '\000'
  },
  prim_lod_fraction = 0 '\000',
  env_color = {
    r = 247 '\367',
    g = 247 '\367',
    b = 247 '\367',
    a = 0 '\000'
  },
  prim_color = {
--Type <RET> for more, q to quit, c to continue without paging--
    r = 170 '\252',
    g = 170 '\252',
    b = 170 '\252',
    a = 170 '\252'
  },
  fog_color = {
    r = 0 '\000',
    g = 0 '\000',
    b = 0 '\000',
    a = 0 '\000'
  },
  fill_color = {
    r = 0 '\000',
    g = 0 '\000',
    b = 0 '\000',
    a = 255 '\377'
  },
  grayscale_color = {
    r = 175 '\257',
    g = 175 '\257',
    b = 255 '\377',
    a = 255 '\377'
  },
  viewport = {
    x = 0,
    y = 0,
    width = 640,
    height = 480
  },
  scissor = {
    x = 0,
    y = 0,
    width = 640,
    height = 480
  },
  viewport_or_scissor_changed = false,
  z_buf_address = 0xd91bb0d0550 <gZBuffer>,
  color_image_address = 0x0
}

[coco875]

didn't see the issue, for debug use usual tool no ? so gdb and valgrind ?

[coco875]

we have mess with texture not in a really correct way... so not really surprise by that I think it's because of texture in menu if you use the hd pack does it fix it ? because texture have a different behavior

[fabienr]

didn't see the issue, for debug use usual tool no ? so gdb and valgrind ?

I was expecting an error like:
SPDLOG_TRACE("Failed to load resource file at path {}", identifier.Path);

But how can I tweek SDPLOG level ?

we have mess with texture not in a really correct way... so not really surprise by that I think it's because of texture in menu if you use the hd pack does it fix it ? because texture have a different behavior

Found some link on the net (https://github.com/GhostlyDark/MK64-Reloaded). I put the plain zip in mods folder, it complain there is no mods.toml. I also remake the zip going down one level into MARIOKART64 to match what we have in mk64.o2r. There isn't a mods.toml also. Shoud I use retro or fast64 to make this works ?

[coco875]

If you go in release there is an o2r

[coco875]

Here https://github.com/GhostlyDark/MK64-Reloaded/releases

[fabienr]

Here https://github.com/GhostlyDark/MK64-Reloaded/releases

Please clarify, I tried different assets, they all have a missing json.toml warning and texture didn't changed.

To enable SPDLOG_TRACE I had to manually tweek spaghettify.cfg.json:

{
    "CVars": {
        "gDeveloperTools": {
            "LogLevel": 0
        },
...

There is the last message from traces:

[09:42:41.108] [ResourceManager.cpp:75] [trace] Loaded File textures/player_selection/gTextureCoursePreviewLuigiRaceway on ResourceManager                                                    
[09:42:41.108] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.meta in ResourceManager                                       
[09:42:41.108] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.png in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.PNG in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.jpg in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.JPG in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.jpeg in ResourceManager                                       
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.JPEG in ResourceManager                                       
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.bmp in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:77] [trace] Could not load File textures/player_selection/gTextureCoursePreviewLuigiRaceway.BMP in ResourceManager                                        
[09:42:41.109] [ResourceManager.cpp:173] [trace] Loaded Resource textures/player_selection/gTextureCoursePreviewLuigiRaceway on ResourceManager

The same pattern apply to those files (which are loaded just after I press "OK" and just before the crash):

textures/texture_tkmk00/gTextureMenuFlowerCup
textures/texture_tkmk00/gTextureMenuStarCup
textures/texture_tkmk00/gTextureMenuSpecialCup
textures/texture_tkmk00/gTextureTitleChocoMountain
textures/texture_tkmk00/gTextureMenuMushroomCup
textures/texture_tkmk00/gTextureMapSelect
textures/texture_tkmk00/gTextureTitleLuigiRaceway
textures/texture_tkmk00/gTextureTitleMooMooFarm
textures/texture_tkmk00/gTextureTitleKoopaTroopaBeach
textures/texture_tkmk00/gTextureTitleKalimariDesert
textures/player_selection/gTextureCoursePreviewLuigiRaceway

But none of them seems to fail. I guess more debug in libultraship/src/fast/interpreter.cpp is needed to identify from which texture the issue come from.