Issue 695: ASAN crash in -b loadship, dialog and mapgen - FreedroidRPG issues

Title	ASAN crash in -b loadship, dialog and mapgen
Priority	release-blocker	Status	resolved
Assigned To	fluzz	Keywords
Linked issues		Watchers	fluzz

Submitted on 2013-09-29 08h07 by matthiaskrgr, last changed by fluzz.

Messages
Author: matthiaskrgr	Date: 2013-09-29 08h07
I think they might be related so I only made one ticket for all 3 crashes. To get the crashes I had this while true ; do ; make check ; done >& make_check.log running for around 8 hours, there were 11 crashes found in total (many dublicates). These were the 3 different types of crashes I found: xvfb-run -a ./src/freedroidRPG -nb mapgen \|\| exit 5 Hello, this is FreedroidRPG, version 0.15-763-g2c85c17. Video system type: x11. Using screen resolution 640 x 480. INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ASAN:SIGSEGV ================================================================= ==16944== ERROR: AddressSanitizer: SEGV on unknown address 0x6078000e2f00 (pc 0x000000542923 sp 0x7fff6bd7ce50 bp 0x7fff6bd7d260 T0) AddressSanitizer can not provide additional info. #0 0x542922 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x542922) #1 0x546447 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x546447) #2 0x4eee3e (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4eee3e) #3 0x4ef950 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ef950) #4 0x4176a5 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4176a5) #5 0x7fd1e8ae1bc4 (/usr/lib/libc-2.18.so+0x21bc4) #6 0x417f1c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x417f1c) ==16944== ABORTING addr2line -e ./src/freedroidRPG 0x542922 0x546447 0x4eee3e 0x4ef950 0x4176a5 0x417f1c /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:367 /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:1015 /home/matthias/vcs/git/freedroid/src/benchmark.c:195 /home/matthias/vcs/git/freedroid/src/benchmark.c:247 /home/matthias/vcs/git/freedroid/src/main.c:153 ??:? xvfb-run -a ./src/freedroidRPG -nb dialog \|\| exit 2 Hello, this is FreedroidRPG, version 0.15-763-g2c85c17. Video system type: x11. Using screen resolution 640 x 480. INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ASAN:SIGSEGV ================================================================= ==19326== ERROR: AddressSanitizer: SEGV on unknown address 0x60471d641000 (pc 0x000000542923 sp 0x7fff90431950 bp 0x7fff90431d70 T0) AddressSanitizer can not provide additional info. #0 0x542922 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x542922) #1 0x546447 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x546447) #2 0x460919 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x460919) #3 0x4d5c10 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4d5c10) #4 0x4ef268 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ef268) #5 0x4ef950 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ef950) #6 0x4176a5 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4176a5) #7 0x7f23696f6bc4 (/usr/lib/libc-2.18.so+0x21bc4) #8 0x417f1c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x417f1c) ==19326== ABORTING addr2line -e ./src/freedroidRPG 0x542922 0x546447 0x460919 0x4d5c10 0x4ef268 0x4ef950 0x4176a5 0x417f1c /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:367 /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:1015 /home/matthias/vcs/git/freedroid/src/map.c:1076 /home/matthias/vcs/git/freedroid/src/chat.c:941 /home/matthias/vcs/git/freedroid/src/benchmark.c:76 /home/matthias/vcs/git/freedroid/src/benchmark.c:247 /home/matthias/vcs/git/freedroid/src/main.c:153 ??:? xvfb-run -a ./src/freedroidRPG -nb loadship \|\| exit 3 Hello, this is FreedroidRPG, version 0.15-763-g2c85c17. Video system type: x11. Using screen resolution 640 x 480. INFO: AddressSanitizer ignores mlock/mlockall/munlock/munlockall ALSA lib pcm.c:7843:(snd_pcm_recover) underrun occurred ASAN:SIGSEGV ================================================================= ==27185== ERROR: AddressSanitizer: SEGV on unknown address 0x608844d1cf00 (pc 0x000000542923 sp 0x7fff252f8de0 bp 0x7fff252f9200 T0) AddressSanitizer can not provide additional info. #0 0x542922 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x542922) #1 0x546447 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x546447) #2 0x460919 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x460919) #3 0x4eebed (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4eebed) #4 0x4ef950 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4ef950) #5 0x4176a5 (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x4176a5) #6 0x7ff60339dbc4 (/usr/lib/libc-2.18.so+0x21bc4) #7 0x417f1c (/home/matthias/vcs/git/freedroid/src/freedroidRPG+0x417f1c) ==27185== ABORTING addr2line -e ./src/freedroidRPG 0x542922 0x546447 0x460919 0x4eebed 0x4ef950 0x4176a5 0x417f1c /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:367 /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:1015 /home/matthias/vcs/git/freedroid/src/map.c:1076 /home/matthias/vcs/git/freedroid/src/benchmark.c:94 /home/matthias/vcs/git/freedroid/src/benchmark.c:247 /home/matthias/vcs/git/freedroid/src/main.c:153 ??:? Maybe it's all because of the same code, I don't know. @ 2c85c170344c830068f626e635e05502db37382a
Author: fluzz	Date: 2013-09-29 15h45
Please re-run same test with the following patch, and see if the assertion is failing : diff --git a/src/mapgen/mapgen.c b/src/mapgen/mapgen.c index bab7f38..abc7d67 100644 --- a/src/mapgen/mapgen.c +++ b/src/mapgen/mapgen.c @@ -467,6 +467,7 @@ void mapgen_convert(struct dungeon_info *di, int w, int h, u i = 0; while(tries && n) { + assert(i < di->num_rooms); if (idx[i] != di->enter && idx[i] != di->exit) { if (make_corridor(idx[i])) n--;
Author: matthiaskrgr	Date: 2013-09-29 16h12
Please attach the (next version of) the patch as .patch to the ticket (of you use mail, attaching the .patch to the mail might work as well). I applied this manually but build failed: ... mv -f lvledit/.deps/freedroidRPG-lvledit_widgets.Tpo lvledit/.deps/freedroidRPG-lvledit_widgets.Po gcc -DHAVE_CONFIG_H -I. -I.. -I../lua -g -O2 -Wall -Wno-format-zero-length -DFD_DATADIR='"/usr/local/share/freedroidrpg"' -fsanitize=address -fno-omit-frame-pointer -ffast-math -I/usr/include/SDL -D_GNU_SOURCE=1 -D_REENTRANT -MT mapgen/freedroidRPG-mapgen.o -MD -MP -MF mapgen/.deps/freedroidRPG-mapgen.Tpo -c -o mapgen/freedroidRPG-mapgen.o `test -f 'mapgen/mapgen.c' \|\| echo './'`mapgen/mapgen.c mapgen/mapgen.c: In function ‘mapgen_convert’: mapgen/mapgen.c:470:3: warning: implicit declaration of function ‘assert’ [-Wimplicit-function-declaration] assert(i < di->num_rooms); ^ mv -f mapgen/.deps/freedroidRPG-mapgen.Tpo mapgen/.deps/freedroidRPG-mapgen.Po ... uct_internal.o freedroidRPG-string.o freedroidRPG-pathfinder.o freedroidRPG-benchmark.o freedroidRPG-npc.o freedroidRPG-obstacle_extension.o freedroidRPG-quest_browser_ui.o freedroidRPG-map_label.o freedroidRPG-faction.o freedroidRPG-waypoint.o freedroidRPG-obstacle.o widgets/freedroidRPG-widgets.o widgets/freedroidRPG-widget_button.o widgets/freedroidRPG-widget_group.o widgets/freedroidRPG-widget_text.o widgets/freedroidRPG-widget_background.o widgets/freedroidRPG-widget_text_list.o freedroidRPG-game_ui.o freedroidRPG-pngfuncs.o lvledit/freedroidRPG-lvledit.o lvledit/freedroidRPG-lvledit_actions.o lvledit/freedroidRPG-lvledit_display.o lvledit/freedroidRPG-lvledit_beautify_actions.o lvledit/freedroidRPG-lvledit_input.o lvledit/freedroidRPG-lvledit_enemy.o lvledit/freedroidRPG-lvledit_map.o lvledit/freedroidRPG-lvledit_menu.o lvledit/freedroidRPG-lvledit_validator.o lvledit/freedroidRPG-lvledit_object_lists.o lvledit/freedroidRPG-lvledit_tools.o lvledit/freedroidRPG-lvledit_tool_move.o lvledit/freedroidRPG-lvledit_tool_place.o lvledit/freedroidRPG-lvledit_tool_select.o lvledit/freedroidRPG-lvledit_widget_map.o lvledit/freedroidRPG-lvledit_widget_toolbar.o lvledit/freedroidRPG-lvledit_widget_categoryselect.o lvledit/freedroidRPG-lvledit_widget_minimap.o lvledit/freedroidRPG-lvledit_widgets.o mapgen/freedroidRPG-mapgen.o mapgen/freedroidRPG-gram_simple.o freedroidRPG-animate.o mapgen/freedroidRPG-themes.o ../lua/liblua.a -lvorbis -logg -lSDL_mixer -lSDL_gfx -lSDL_image -lpng -lz -ljpeg -lm -L/usr/lib -lSDL -lpthread -lGL -lm mapgen/freedroidRPG-mapgen.o: In function `mapgen_convert': /home/matthias/vcs/git/freedroid/src/mapgen/mapgen.c:470: undefined reference to `assert' collect2: error: ld returned 1 exit status make[2]: * [freedroidRPG] Error 1 make[2]: Leaving directory `/home/matthias/vcs/git/freedroid/src' make[1]: * [all-recursive] Error 1 make[1]: Leaving directory `/home/matthias/vcs/git/freedroid' make: *** [all] Error 2
Author: fluzz	Date: 2013-09-29 16h57
Sorry. You need to add the following line at the beginning of mapgen.c (along with the other #include lines): #include <assert.h>
Author: matthiaskrgr	Date: 2013-09-29 17h16
Yep, works now. Test is running.. :)
Author: matthiaskrgr	Date: 2013-09-30 08h26
freedroidRPG: mapgen/mapgen.c:472: mapgen_convert: Assertion `i < di->num_rooms' failed. /usr/bin/xvfb-run: line 170: 8432 Aborted (core dumped) DISPLAY=:$SERVERNUM XAUTHORITY=$AUTHFILE "$@" 2>&1 make: *** [check] Error 5
Author: fluzz	Date: 2013-09-30 12h14
Great. So we caught the bug. Now I have to read the code to find the best fix.
Author: fluzz	Date: 2014-09-04 19h17
Fixed in commit bcde243

History
Date	User	Action	Args
2014-09-04 19:17:55	fluzz	set	status: open -> resolved messages: + msg2883
2014-08-29 15:20:31	Xenux	set	priority: important -> release-blocker assignedto: fluzz nosy: + fluzz
2013-09-30 12:14:01	fluzz	set	messages: + msg2587
2013-09-30 08:26:37	matthiaskrgr	set	messages: + msg2586
2013-09-29 17:16:50	matthiaskrgr	set	messages: + msg2584
2013-09-29 16:57:04	fluzz	set	messages: + msg2583
2013-09-29 16:12:43	matthiaskrgr	set	messages: + msg2582
2013-09-29 15:45:29	fluzz	set	messages: + msg2581
2013-09-29 08:08:25	matthiaskrgr	link	issue694 linked
2013-09-29 08:07:46	matthiaskrgr	create