MantisBT - Zandronum
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0004341Zandronum[All Projects] Bugpublic2024-07-02 03:532024-08-27 09:16
Reporterkalilinux 
Assigned ToKaminsky 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformpcOSUbuntuOS VersionUbuntu 24.04
Product Version3.1 
Target Version3.2Fixed in Version3.2 
Summary0004341: Zandronum stable and alpha crashes when user has cl_bloodtype 2 and the class defined in bloodtype doesnt exists
DescriptionIn the function P_SpawnBlood when the class in bloodtype doesnt exists and the user has cl_bloodtype 2 set (particles), it makes variable th a NULL because of course there's nothing to spawn, causing a segfault because of a missing null check.
A fix for this would be changing the function to something like this:
void P_SpawnBlood (fixed_t x, fixed_t y, fixed_t z, angle_t dir, int damage, AActor *originator)
{
...
if (!(bloodtype <= 1) && th != NULL) th->renderflags |= RF_INVISIBLE; // check if th is not null first
if (bloodtype >= 1)
    P_DrawSplash2 (40, x, y, z, dir, 2, bloodcolor);
Steps To ReproduceDownload LostSpirit.wad attached in this bug report.
Run zandronum with the wad
Go to any map
Set cl_bloodtype to two "cl_bloodtype 2"
Type in the console "summon flan"
Shoot the spawned imp
*Game crashes*
Additional InformationThe logs, if you rather (removed all the useless and verbose info):
*** Fatal Error ***
Address not mapped to object (signal 11)
Address: 0x6c

System: Linux pc 6.5.0-35-generic 0000035-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 26 11:23:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Command line: /home/kali/.local/opt/zandronum_stable/zandronum -iwad /home/kali/.local/share/doomseeker/doom2.wad -file /home/kali/doom_stuff/slade3/LostSpirit.wad

Wad 0: zandronum.pk3
Wad 1: doom2.wad
Wad 2: LostSpirit.wad

Current map: map01

viewx = -3133264
viewy = 51678130
viewz = 6665088
viewangle = 45d60000


#1 0x00005684836a84ac in ??? ()
0000002 0x0000746145642990 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
0000003 0x000056848385e572 in P_SpawnBlood(int, int, int, unsigned int, int, AActor*) ()
0000004 0x00005684838484c6 in P_LineAttack(AActor*, unsigned int, int, int, int, FName, PClass const*, int, AActor**, int*) ()
0000005 0x0000568483b9b733 in A_FireBulletsHelper(AActor*, int, int, player_t const*, int, int, int, PClass const*, unsigned int, unsigned int, int, int) ()
0000006 0x0000568483b9bc23 in A_CustomFireBullets(AActor*, unsigned int, unsigned int, int, int, PClass const*, char const*, int, int, bool) ()
0000007 0x000056848397401d in AF_A_FirePistol(AActor*, AActor*, FState*, int, StateCallData*) ()
0000008 0x0000568483866cea in P_SetPsprite(player_t*, int, FState*, bool) ()
0000009 0x0000568483868d0f in P_MovePsprites(player_t*) ()
0000010 0x00005684838a65e8 in P_PlayerThink(player_t*) ()
0000011 0x00005684838927f8 in P_Ticker() ()
0000012 0x00005684837620ac in G_Ticker() ()
0000013 0x000056848372d714 in TryRunTics() ()
0000014 0x0000568483727ce5 in D_DoomLoop() ()
0000015 0x00005684837295f5 in D_DoomMain() ()
0000016 0x0000568483688702 in main ()
Saved corefile core.2020046
[Inferior 1 (process 2020046) detached]
TagsNo tags attached.
Relationships
Attached Files? LostSpirit.wad (409) 2024-07-02 03:53
https://zandronum.com/tracker/file_download.php?file_id=3054&type=bug
Issue History
Date ModifiedUsernameFieldChange
2024-07-02 03:53kalilinuxNew Issue
2024-07-02 03:53kalilinuxFile Added: LostSpirit.wad
2024-07-02 17:09KaminskyNote Added: 0023774
2024-07-02 17:09KaminskyAssigned To => Kaminsky
2024-07-02 17:09KaminskyStatusnew => needs review
2024-07-02 17:09KaminskyTarget Version => 3.2
2024-07-02 18:03KaminskyNote Added: 0023775
2024-07-02 18:03KaminskyStatusneeds review => needs testing
2024-08-27 09:16unknownnaNote Added: 0023982
2024-08-27 09:16unknownnaStatusneeds testing => resolved
2024-08-27 09:16unknownnaFixed in Version => 3.2
2024-08-27 09:16unknownnaResolutionopen => fixed

Notes
(0023774)
Kaminsky   
2024-07-02 17:09   
For the record, this commit from GZDoom fixes the crash:'https://github.com/ZDoom/gzdoom/commit/9435cdc5c9d18100fa8a8a7cbe37cd705080220b [^]'

Transplanting this commit was relatively easy, and I created a new merge request for it:'https://foss.heptapod.net/zandronum/zandronum-stable/-/merge_requests/127 [^]'
(0023775)
Kaminsky   
2024-07-02 18:03   
This got merged in:'https://foss.heptapod.net/zandronum/zandronum-stable/-/commit/52a0b5f127a13aaa6ca85dcbc2b6c60a93c5e045 [^]'
(0023982)
unknownna   
2024-08-27 09:16   
It no longer crashes in 3.2 after the backport.