Issue685

Issues
Show Not Resolved
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title sanitize address crash in tutorial
Priority critical Status resolved
Assigned To fluzz Keywords
Linked issues editor: sanitize address crash after saving map
View: 684 		Watchers fluzz

Submitted on 2013-09-11 12h50 by matthiaskrgr, last changed by matthiaskrgr.

Messages
Author: matthiaskrgr Date: 2013-09-11   12h50 
I played through the tutorial ( @ 1c9b5c9200342b2ec5047e54648205fa9eff99bd with
some dialog/map changes applied) and the game crashed as I was about to leave
the melee unit.

A few commits ago I think I got a double free corruption at this very place
(fixed by 7e2884fccae10589bb205c3f16afa74456566644 ) so if sanitize addresse
crashes there now (under some circumstances which I don't understand) maybe
there are still some problems?

Also note #684 which might be related.


    INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall
    ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred
    ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred
    ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred
    ASAN:SIGSEGV
    =================================================================
    ==3372== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7f089baeb47e sp 0x7fff2921d410 bp 0x603a00121140 T0)
    AddressSanitizer can not provide additional info.
        #0 0x7f089baeb47d (/usr/lib/liblua.so.5.2.1+0x947d)
        #1 0x7f089bafcd4b (/usr/lib/liblua.so.5.2.1+0x1ad4b)
        #2 0x448252 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x448252)
        #3 0x4cffe1 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4cffe1)
        #4 0x444694 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x444694)
        #5 0x7f089baeed94 (/usr/lib/liblua.so.5.2.1+0xcd94)
        #6 0x7f089bafa083 (/usr/lib/liblua.so.5.2.1+0x18083)
        #7 0x7f089baee6bb (/usr/lib/liblua.so.5.2.1+0xc6bb)
        #8 0x7f089baef0d3 (/usr/lib/liblua.so.5.2.1+0xd0d3)
        #9 0x4480fa (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4480fa)
        #10 0x4d373e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d373e)
        #11 0x4834f7 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4834f7)
        #12 0x484efe (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x484efe)
        #13 0x4ae71e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ae71e)
        #14 0x415c99 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x415c99)
        #15 0x7f089b045bc4 (/usr/lib/libc-2.18.so+0x21bc4)
        #16 0x41644c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x41644c)
    ==3372== ABORTING
     
     
    addr2line -e ./src/freedroidRPG 0x448252 0x4cffe1 0x444694 0x4480fa 0x4d373e
0x4834f7 0x484efe 0x4ae71e 0x415c99 0x41644c
    /home/matthias/vcs/git/freedroid/src/lua.c:1815
    /home/matthias/vcs/git/freedroid/src/mission.c:180
    /home/matthias/vcs/git/freedroid/src/lua.c:479
    /home/matthias/vcs/git/freedroid/src/lua.c:1786
    /home/matthias/vcs/git/freedroid/src/chat.c:829
    /home/matthias/vcs/git/freedroid/src/influ.c:1556
    /home/matthias/vcs/git/freedroid/src/influ.c:1647
    /home/matthias/vcs/git/freedroid/src/main.c:106
    /home/matthias/vcs/git/freedroid/src/main.c:182
    ??:?


@ 1c9b5c9200342b2ec5047e54648205fa9eff99bd + soft-code changes
Author: matthiaskrgr Date: 2013-09-19   13h45 
Still occures.
Game freezes there without ASAN:
*** Error in `./src': double free or corruption (!prev): 0x0000000002674740 ***

Setting to critical.

c6c1c71f24d429e55afec847f59a177f179656d4
Author: infrared Date: 2013-09-20   00h31 
To summarize what we know:
Reproduction:
* Start tutorial
* Talk to TuTom, select "No thanks, I still remember how to walk..." node.
* Pick up the 3 items from the first section, proceed, loot the chest and pick
up the items therein.
* Talk to TuTom. Repeatedly select the first node and click through the dialog;
eventually the trade screen will appear. Trade as instructed.
* Proceed to the melee training. Talk to TuTom, select the first node repeatedly
as before until the dialog ends.
* Kill the 123 and bring its drop as instructed; proceed to the next bot and repeat.
* Select the "I'm ready to move on." node; the game will freeze (or crash with
ASAN).

The actual freeze occurs when the game calls end_quest(); in there, it fails in
complete_quest(); in that function, defined in mission.c, it fails to execute
this line:
run_lua(LUA_DIALOG, Me.AllMissions[MissNum].completion_lua_code);
In turn, the completion code for the melee mission only involved
display_big_message(). This is as far as testing got.
Author: matthiaskrgr Date: 2013-09-21   11h20 
Stupid me!

Instead of debugging all this with debug prinf()s etc, we could also have looked
at the BACKTRACE that gcc gives.


    /home/matthias/vcs/git/freedroid/src/lua.c:1815
    /home/matthias/vcs/git/freedroid/src/mission.c:180
    /home/matthias/vcs/git/freedroid/src/lua.c:479
    /home/matthias/vcs/git/freedroid/src/lua.c:1786
    /home/matthias/vcs/git/freedroid/src/chat.c:829
    /home/matthias/vcs/git/freedroid/src/influ.c:1556
    /home/matthias/vcs/git/freedroid/src/influ.c:1647
    /home/matthias/vcs/git/freedroid/src/main.c:106
    /home/matthias/vcs/git/freedroid/src/main.c:182

=>      /home/matthias/vcs/git/freedroid/src/mission.c:180

is 

179 	if (Me.AllMissions[MissNum].completion_lua_code)
180		run_lua(LUA_DIALOG, Me.AllMissions[MissNum].completion_lua_code);
181
182	Me.quest_browser_changed = 1;

:D
Author: matthiaskrgr Date: 2013-09-26   20h13 
updated trace, in case something changed in code related..

/home/matthias/vcs/git/freedroid/src/lua.c:1815
/home/matthias/vcs/git/freedroid/src/mission.c:180
/home/matthias/vcs/git/freedroid/src/lua.c:479
/home/matthias/vcs/git/freedroid/src/lua.c:1786
/home/matthias/vcs/git/freedroid/src/chat.c:829
/home/matthias/vcs/git/freedroid/src/influ.c:1556
/home/matthias/vcs/git/freedroid/src/influ.c:1647
/home/matthias/vcs/git/freedroid/src/main.c:106
/home/matthias/vcs/git/freedroid/src/main.c:182

@ 8bbb6734cf73fedf5700178592b65aa244fd1a1e
Author: matthiaskrgr Date: 2013-09-26   21h13 
Update as of d1f66b1d9b35c8e6f309590a6d3606ea4b838a7f :

INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall
ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred
ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred
ASAN:SIGSEGV
=================================================================
==4990== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x00000055111a sp 0x7fff77a7a8a0 bp 0x603a000aeec0 T0)
AddressSanitizer can not provide additional info.
    #0 0x551119 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x551119)
    #1 0x55f972 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x55f972)
    #2 0x449d42 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x449d42)
    #3 0x4d1ad1 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d1ad1)
    #4 0x446184 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x446184)
    #5 0x552ee9 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x552ee9)
    #6 0x55cf23 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x55cf23)
    #7 0x552878 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x552878)
    #8 0x553231 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x553231)
    #9 0x449bea (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x449bea)
    #10 0x4d522e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d522e)
    #11 0x484fe7 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x484fe7)
    #12 0x4869ee (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4869ee)
    #13 0x4b020e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4b020e)
    #14 0x417769 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x417769)
    #15 0x7f29ff54dbc4 (/usr/lib/libc-2.18.so+0x21bc4)
    #16 0x417f1c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x417f1c)
==4990== ABORTING
 23:09~/vcs/git/freedroid[master]% addr2line -e ./src/freedroidRPG 0x551119
0x55f972 0x449d42 0x4d1ad1 0x446184 0x552ee9 0x55cf23 0x552878 0x553231 0x449bea
0x4d522e 0x484fe7 0x4869ee 0x4b020e 0x417769 0x417f1c                          
                              matthias@t400 00
/home/matthias/vcs/git/freedroid/lua/lapi.c:979
/home/matthias/vcs/git/freedroid/lua/lauxlib.c:686
/home/matthias/vcs/git/freedroid/src/lua.c:1815
/home/matthias/vcs/git/freedroid/src/mission.c:180
/home/matthias/vcs/git/freedroid/src/lua.c:479
/home/matthias/vcs/git/freedroid/lua/ldo.c:317
/home/matthias/vcs/git/freedroid/lua/lvm.c:710 (discriminator 2)
/home/matthias/vcs/git/freedroid/lua/ldo.c:131 (discriminator 1)
/home/matthias/vcs/git/freedroid/lua/ldo.c:530 (discriminator 3)
/home/matthias/vcs/git/freedroid/src/lua.c:1786
/home/matthias/vcs/git/freedroid/src/chat.c:829
/home/matthias/vcs/git/freedroid/src/influ.c:1556
/home/matthias/vcs/git/freedroid/src/influ.c:1647
/home/matthias/vcs/git/freedroid/src/main.c:106
/home/matthias/vcs/git/freedroid/src/main.c:182
??:?
Author: matthiaskrgr Date: 2013-09-27   15h45 
Fixed in 67c63833b9da889983b3f94e57fb4125f44aba9e. Thanks!
History
Date User Action Args
2013-09-27 15:45:03matthiaskrgrsetstatus: open -> resolved
assignedto: fluzz
messages: + msg2576
nosy: + fluzz
2013-09-26 21:13:35matthiaskrgrsetmessages: + msg2572
2013-09-26 20:13:25matthiaskrgrsetmessages: + msg2571
2013-09-21 11:20:42matthiaskrgrsetmessages: + msg2565
2013-09-20 00:31:45infraredsetmessages: + msg2564
2013-09-19 13:45:42matthiaskrgrsetpriority: important -> critical
messages: + msg2561
2013-09-11 12:50:28matthiaskrgrcreate