MantisBT - Zandronum |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001434 | Zandronum | [All Projects] Bug | public | 2013-07-27 21:32 | 2018-09-30 21:33 |
|
| Reporter | Watermelon | |
| Assigned To | Torr Samaho | |
| Priority | urgent | Severity | crash | Reproducibility | random |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 1.1.1 | |
| Target Version | 1.2 | Fixed in Version | 1.2 | |
|
| Summary | 0001434: Random crash with no determinable reason |
| Description | No one knows why this happens, it occurs in CTF and duel, unsure about other gamemodes.
This happened to me, and has happened to multiple other people -- multiple times. It appears to be completely random.
Happened to me while playing, not in spectator mode. Happened online.
I've attached the crash report. |
| Steps To Reproduce | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  CrashReport.zip (19,174) 2013-07-27 21:34
/tracker/file_download.php?file_id=1032&type=bug
 demoCrashFixTest.patch (5,124) 2013-08-08 18:58
/tracker/file_download.php?file_id=1045&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2013-07-27 21:32 | Watermelon | New Issue | |
| 2013-07-27 21:32 | Watermelon | File Added: CrashReport.zip | |
| 2013-07-27 21:33 | Watermelon | File Deleted: CrashReport.zip | |
| 2013-07-27 21:34 | Watermelon | File Added: CrashReport.zip | |
| 2013-07-30 16:54 | Arco | Note Added: 0006843 | |
| 2013-08-02 23:35 | Watermelon | Note Added: 0006899 | |
| 2013-08-02 23:42 | Watermelon | Note Edited: 0006899 | bug_revision_view_page.php?bugnote_id=6899#r3869 |
| 2013-08-02 23:44 | Watermelon | Priority | high => urgent |
| 2013-08-02 23:45 | Watermelon | Note Edited: 0006899 | bug_revision_view_page.php?bugnote_id=6899#r3870 |
| 2013-08-03 05:41 | Watermelon | Note Edited: 0006899 | bug_revision_view_page.php?bugnote_id=6899#r3873 |
| 2013-08-05 17:00 | Watermelon | Note Added: 0006911 | |
| 2013-08-05 17:10 | Watermelon | Note Edited: 0006911 | bug_revision_view_page.php?bugnote_id=6911#r3883 |
| 2013-08-06 02:51 | AlienOverlord | Note Added: 0006915 | |
| 2013-08-06 03:09 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3891 |
| 2013-08-06 03:18 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3892 |
| 2013-08-06 03:20 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3893 |
| 2013-08-06 03:27 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3894 |
| 2013-08-06 03:27 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3895 |
| 2013-08-06 03:27 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3896 |
| 2013-08-06 04:21 | Catastrophe | Note Added: 0006916 | |
| 2013-08-06 14:21 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3897 |
| 2013-08-06 14:35 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3898 |
| 2013-08-06 15:43 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3901 |
| 2013-08-06 16:43 | AlienOverlord | Note Edited: 0006915 | bug_revision_view_page.php?bugnote_id=6915#r3902 |
| 2013-08-07 18:24 | Torr Samaho | Note Added: 0006925 | |
| 2013-08-07 21:02 | AlienOverlord | Note Added: 0006931 | |
| 2013-08-08 18:58 | Torr Samaho | File Added: demoCrashFixTest.patch | |
| 2013-08-08 19:00 | Torr Samaho | Note Added: 0006946 | |
| 2013-08-10 09:22 | Torr Samaho | Assigned To | => Torr Samaho |
| 2013-08-10 09:22 | Torr Samaho | Status | new => needs testing |
| 2013-08-10 19:29 | Torr Samaho | Note Added: 0006985 | |
| 2013-08-17 20:10 | Catastrophe | Note Added: 0007042 | |
| 2013-08-17 20:13 | Arco | Note Added: 0007043 | |
| 2013-08-17 20:34 | Arco | Note Edited: 0007043 | bug_revision_view_page.php?bugnote_id=7043#r3955 |
| 2013-08-28 21:18 | Torr Samaho | Note Added: 0007079 | |
| 2013-08-28 21:19 | Torr Samaho | Status | needs testing => resolved |
| 2013-08-28 21:19 | Torr Samaho | Fixed in Version | => 1.2 |
| 2013-08-28 21:19 | Torr Samaho | Resolution | open => fixed |
| 2018-09-30 21:33 | Blzut3 | Status | resolved => closed |
|
Notes |
|
|
(0006843)
|
|
Arco
|
|
2013-07-30 16:54
|
|
While I can't say if it strictly happens in what has been said in the description, it appears that this issue apparently varies with different users, those with high performance computers appear to have this problem more frequently.
I myself had this problem back when Skulltag 97D was out. However, it differs from this issue as rapidly switching weapons caused Skulltag to crash. Is it possible that there's a relation with this or if it is an different issue entirely. |
|
|
|
(0006899)
|
|
Watermelon
|
2013-08-02 23:35
(edited on: 2013-08-03 05:41) |
|
As a note, this is happening very frequently to players. It is not connected to anything I notice, but it may be connected to picking up weapons since I saw Jenova lag out and crash right after he moved over an SSG.
EDIT: Confirmed crash on ssg pickup, also confirmed crash when people spawn on a weapon and move I think, so I was wrong about it being spawn related.
Changed to 'urgent' because it's extremely prevalent in populated games like pub CTF when a lot of people play.
EDIT2: I appear to have crashed randomly without walking over a weapon.
|
|
|
|
(0006911)
|
|
Watermelon
|
2013-08-05 17:00
(edited on: 2013-08-05 17:10) |
|
Today I got this with no known reason, I was just running around.
Execution could not continue.
Failed to allocate -23592946 bytes from process heap
EDIT: It appears it happened right as I spawned and moved, after I picked up the ssg from the spawn, I crashed
This happened with PWO on
Furthermore is interesting because this is the same problem that happened before.
Have we changed anything in our weapon code at all?
|
|
|
|
(0006915)
|
|
AlienOverlord
|
2013-08-06 02:51
(edited on: 2013-08-06 16:43) |
|
<Jenova> i dont think its pwo
<Jenova> because i had it off and i was still crashing
<Jenova> if that matters
Update:
006c03a9 BOOM
006C045D call 006C0389 <-- fastcopy
00423D6F call 006AF970 <-- memcpy
00430295 call 00423D20 <-- CLIENTDEMO_InsertPacket
0043039C call 00430240 <-- CLIENT_ParsePacket
... (I think everything below this is normal game loop)
The bad thing here is that it's still unknown what causes the bug (unless someone with more experience on crash dump analysis will find it out).
I suggest people to turn demo recording off and see if the crash still happens that often.
Update #2: just curious, who was the first person that made absolutely wonderful assumption of that it's related to my PWO code?
Update #3: Zandronum 1.0 doesnt seem to have CLIENTDEMO_InsertPacket in it at all, instead it uses CLIENTDEMO_WritePacket (in really different place, in addition to that). What was the reason behind adding CLIENTDEMO_InsertPacket in the first place?
Anyway this line causes the crash:
./src/cl_demo.cpp:415: const int bytesToCopy = CLIENTDEMO_GetDemoStream()->pbStream - pPosition;
./src/cl_demo.cpp:416: BYTE *copyBuffer = new BYTE[bytesToCopy];
./src/cl_demo.cpp:417: memcpy( copyBuffer, pPosition, bytesToCopy ); // <-- BOOM
Further meditation upon this piece of code gave me some idea of what's going on, but I'm not sure still.
Consider the following:
First, current position (read that as: current demo buffer pointer) gets saved.
Then, if the position is different from actual position, clientdemo_CheckDemoBuffer is called. Now what does it do if our buffer isn't enough to store the data? It calls M_Realloc. M_Realloc does not guarantee that pointer returned by it will be the same as it was previously, but wait, the pPosition variable still stores pointer to the old buffer!
Suggestion to fix this: storing position as int relatively to beginning of the buffer.
Update #4:'https://bitbucket.org/CircuneiZ/zandronum-zource/commits/deb6844efb8fd91dee79cc2264be13c497b13f58 [^]'
|
|
|
|
|
|
Confirmed, happened to me when I was testing a duel map online and walked over a SSG |
|
|
|
|
|
Thanks a lot! I added your patch. You are completely right that the clientdemo_CheckDemoBuffer may invalidate the pPosition pointer. |
|
|
|
|
|
My patch seems incomplete/invalid, I just crashed with patched Zandronum. Though it's still the same address (located in CLIENTDEMO_InsertPacket). |
|
|
|
|
|
Thinking more about the patch, I also think it's incomplete, every call of clientdemo_CheckDemoBuffer has to make sure that the position is preserved. I revised the text and added an updated patch. Please test if this fixes the issues. |
|
|
|
|
|
This contains the updated fix. |
|
|
|
|
|
|
|
(0007043)
|
|
Arco
|
2013-08-17 20:13
(edited on: 2013-08-17 20:34) |
|
Per 2,000 deaths in each build, it appears that v1.2 indeed fixes this problem. With v1.1.1, the bug surfaced in a few minutes.
On map change, type
Demo_skiptics 7730
to get to the crashing part. And just to note, this demo causes bad eyestain.
|
|
|
|
|
Quote from Arco
Per 2,000 deaths in each build, it appears that v1.2 indeed fixes this problem.
Ok, I'm marking this as resolved then. |
|