Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002232Zandronum[All Projects] Bugpublic2015-05-16 12:242018-09-30 21:57
ReporterCyberMan 
Assigned ToTorr Samaho 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformMicrosoftOSWindowsOS VersionXP/Vista/7
Product Version3.0-beta 
Target Version3.0Fixed in Version3.0 
Summary0002232: [b678038] Game crashed on the map start
DescriptionWhen i tried to load map map ENDMAP01, game crashed.
Steps To Reproduce1. Load Zandropnum wid IWAD doom2.wad and PWAD tutnt-v108.pk3
2. In console enter "map ENDMAP01"
3. Get the error
Additional InformationUsing videocard nVidia GeFirce 7025 (built in)
Attached Fileszip file icon CrashReport.zip [^] (22,290 bytes) 2015-05-16 12:24
zip file icon CrashReport-ticket2232.zip [^] (24,094 bytes) 2015-08-08 19:29

- Relationships
parent of 0002934closedTorr Samaho Crash with 'map' ccmd from client while automap is open 

-  Notes
User avatar (0012280)
CyberMan (reporter)
2015-05-16 12:26

 Used Software mode.
User avatar (0012286)
Dusk (developer)
2015-05-16 14:14
edited on: 2015-05-16 14:19

[16:12:57] <@edward-san> CyberMan, which zan 3.0 binary did you use?
[16:13:24] < CyberMan> 0748
[16:13:28] < CyberMan> latest


"0748" is b678038c51ff
User avatar (0012287)
Torr Samaho (administrator)
2015-05-16 14:44

 Doesn't crash for me. Or do I have to wait for a while? I only checked the first few seconds of the credits.
User avatar (0012288)
CyberMan (reporter)
2015-05-16 14:46

 I used Windows XP.
User avatar (0012297)
WaTaKiD (updater)
2015-05-16 18:30
edited on: 2015-05-16 19:32

 i also dont crash, but heres the build/pdb/backtrace from his report

'https://www.dropbox.com/s/kyx314jhh1764oa/zandronum-3.0-r150516-0748-b678038-windows.zip?dl=0 [^]'

'https://www.dropbox.com/s/ghuq8phsx0blxte/pdb-b678038.zip?dl=0 [^]'

> zandronum.exe!D3DFB::AllocPackedTexture(int w=400, int h=4200, bool wrapping=true, _D3DFORMAT format=D3DFMT_A8R8G8B8) Line 1993 C++
     zandronum.exe!D3DTex::Create(D3DFB * fb=0x020d1ec8, bool wrapping=false) Line 2421 C++
     zandronum.exe!D3DTex::D3DTex(FTexture * tex=0x025b7798, D3DFB * fb=0x020d1ec8, bool wrapping=false) Line 2355 C++
     zandronum.exe!D3DFB::CreateTexture(FTexture * gametex=0x025b7798, bool wrapping=false) Line 2728 + 0x2c bytes C++
     zandronum.exe!FTexture::GetNative(bool wrapping=false) Line 456 + 0x12 bytes C++
     zandronum.exe!D3DFB::DrawTextureV(FTexture * img=0x025b7798, double x=120.00000000000000, double y=549.00000000000000, unsigned int tags_first=1073746829, char * tags=0x0012f2ac) Line 2956 + 0x9 bytes C++
     zandronum.exe!DCanvas::DrawTextV(FFont * font=0x00000000, int normalcolor=1079902208, int x=0, int y=1082206208, const char * string=0x4000138d, char * taglist=0x0012f2ac) Line 266 + 0x37 bytes C++
     zandronum.exe!DCanvas::DrawTextA(FFont * font=0x09e8def8, int normalcolor=11, int x=120, int y=549, const char * string=0x08391bf4, ...) Line 280 C++
     zandronum.exe!DHUDMessage::DoDraw(int linenum=0, int x=120, int y=549, bool clean=false, int hudheight=480) Line 555 + 0x6f bytes C++
     zandronum.exe!DHUDMessage::Draw(int bottom=480, int visibility=120) Line 482 C++
     zandronum.exe!DBaseStatusBar::DrawMessages(int layer=0, int bottom=480) Line 1262 + 0x7 bytes C++
     zandronum.exe!DBaseStatusBar::DrawTopStuff(EHudState state=HUD_Fullscreen) Line 1616 C++
     zandronum.exe!D_Display() Line 1010 C++
     zandronum.exe!D_DoomLoop() Line 1359 C++

EDIT: after reading the log.rtf in his report, i was able to reproduce the crash with this method:

start server with tutnt-v108.pk3 on map tntle
connect
disconnect in console
map endmap01
crash (sometimes)
User avatar (0012299)
Edward-san (developer)
2015-05-16 19:43

 Mmm, I believe this can be reproduced without hosting. Can you try this:

- run offline with tutnt-v108.pk3;
- open for example tntle;
- 'endgame' in console;
- 'map endmap01'

?
User avatar (0012300)
DrinkyBird (developer)
2015-05-16 20:07

 edward-san's method has not crashed on me so far.
User avatar (0012319)
Torr Samaho (administrator)
2015-05-17 17:12
Quote from Edward-san
Mmm, I believe this can be reproduced without hosting

What makes you think so? Does it crash for you if you try it like this?

Can somebody try GZDoom 1.8.0?
User avatar (0013110)
Torr Samaho (administrator)
2015-08-08 18:20

 WaTaKiD, can you still reproduce this in the latest 3.0 build?
User avatar (0013120)
WaTaKiD (updater)
2015-08-08 19:32
edited on: 2015-08-08 20:15

 'https://www.dropbox.com/s/2fk5iere1bk5k3t/zandronum-3.0-r150808-1833-e8a4d2e-windows.zip?dl=0 [^]'

'https://www.dropbox.com/s/fki3ja54yji895b/pdb-e8a4d2e.zip?dl=0 [^]'

i was able to reproduce the crash using my above steps

the crash report i attached shows:

> zandronum.exe!R_AddLine(seg_t * line=0x00000000) Line 836 + 0x5 bytes C++
     zandronum.exe!R_Subsector(subsector_t * sub=0x00000000) Line 1352 C++

as this is quite different from the previous backtrace i provided, ill see if i can get another crash report with something different, just in case

edit: well i even tried using my ini from the 3.0-r150516-0748-b678038 build, 2 more crash reports gave me the same thing as this note
User avatar (0013121)
Torr Samaho (administrator)
2015-08-08 20:33

 Can you also reproduce the crash offline, i.e. without ever connecting to the server? For instance using 0002232:0012299?
User avatar (0013122)
WaTaKiD (updater)
2015-08-08 20:44
edited on: 2015-08-08 20:46

 i gave the offline steps 25 tries (going by how many more log files ive got now) and not a single crash, whereas the online steps usually crash within a dozen or so

edit: if this is insufficient, lemme know and ill keep trying
User avatar (0013124)
Edward-san (developer)
2015-08-08 22:21

 In linux, I could not reproduce this at all, until I compile zandronum with address sanitizer enabled:


=================================================================
==11783==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fffd4c61414 at pc 0x000000a3d45b bp 0x7fffffffbad0 sp 0x7fffffffbac8
READ of size 4 at 0x7fffd4c61414 thread T0
    #0 0xa3d45a in R_AddLine(seg_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:836
    #1 0xa42dc9 in R_Subsector(subsector_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1350
    0000002 0xa43080 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1390
    0000003 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000004 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000005 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000006 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000007 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000008 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000009 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000010 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000011 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000012 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
    0000013 0xa5da15 in R_RenderActorView(AActor*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/r_main.cpp:846
    0000014 0xa3047a in FSoftwareRenderer::RenderView(player_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_swrenderer.cpp:117
    0000015 0x6c25f9 in D_Display() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:961
    0000016 0x6c50de in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1358
    0000017 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
    0000018 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
    0000019 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    0000020 0x5c2f65 (/home/edward-san/zdoom/zandronum/sandbox/debug/gcc5/zandronum+0x5c2f65)

0x7fffd4c61414 is located 990228 bytes inside of 1472848-byte region [0x7fffd4b6f800,0x7fffd4cd7150)
freed by thread T0 here:
    #0 0x7ffff6f048ea in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x958ea)
    #1 0x988172 in P_FreeLevelData() /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:3783
    0000002 0x644e6a in C_FullConsole() /home/edward-san/zdoom/zandronum/sandbox/src/c_console.cpp:1522
    0000003 0x721310 in G_Ticker() /home/edward-san/zdoom/zandronum/sandbox/src/g_game.cpp:1423
    0000004 0x6d73bd in TryRunTics() /home/edward-san/zdoom/zandronum/sandbox/src/d_net.cpp:1903
    0000005 0x6c50d4 in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1354
    0000006 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
    0000007 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
    0000008 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

previously allocated by thread T0 here:
    #0 0x7ffff6f043aa in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x953aa)
    #1 0x978a6d in LoadZNodes(FileReaderBase&, int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:1089
    0000002 0x9796c1 in P_LoadZNodes(FileReader&, unsigned int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:1238
    0000003 0x989d2e in P_SetupLevel(char*, int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:4169
    0000004 0x740e0e in G_DoLoadLevel(int, bool) /home/edward-san/zdoom/zandronum/sandbox/src/g_level.cpp:1453
    0000005 0x73d040 in G_InitNew(char const*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/g_level.cpp:577
    0000006 0x66f505 in CLIENT_ProcessCommand(long, BYTESTREAM_s*) /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1455
    0000007 0x66f127 in CLIENT_ParsePacket(BYTESTREAM_s*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1368
    0000008 0x66e5ea in CLIENT_GetPackets() /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1101
    0000009 0x721572 in G_Ticker() /home/edward-san/zdoom/zandronum/sandbox/src/g_game.cpp:1472
    0000010 0x6d73bd in TryRunTics() /home/edward-san/zdoom/zandronum/sandbox/src/d_net.cpp:1903
    0000011 0x6c4df0 in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1305
    0000012 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
    0000013 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
    0000014 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

SUMMARY: AddressSanitizer: heap-use-after-free /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:836 R_AddLine(seg_t*)
Shadow bytes around the buggy address:
  0x10007a984230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a984240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a984250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a984260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a984270: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x10007a984280: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a984290: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a9842a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a9842b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a9842c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x10007a9842d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Heap right redzone: fb
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack partial redzone: f4
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
==11783==ABORTING


And nope, I can't reproduce this offline. Do you need more info?
User avatar (0013125)
Torr Samaho (administrator)
2015-08-09 06:38

 If the crashes only happen if Zandronum was connected to a server at some point, then this build could improve the situation. Please let me know if it still crashes.
User avatar (0013127)
WaTaKiD (updater)
2015-08-09 07:34

 30 tries with that build and no crash, so far so good
User avatar (0013131)
Torr Samaho (administrator)
2015-08-09 07:45

 Thanks for checking! I pushed the fix to the repository. Edward-san, can you check the fix under Linux?
User avatar (0013132)
Edward-san (developer)
2015-08-09 07:58

 I don't see the fix in the repository..
User avatar (0013134)
Torr Samaho (administrator)
2015-08-09 08:00

 Sorry, forgot to push to bitbucket. Should be there now.
User avatar (0013135)
Edward-san (developer)
2015-08-09 08:20

 It fixed the issue for me, too.
User avatar (0013137)
cobalt (updater)
2015-08-09 09:08

 Issue addressed by commit 1951844030f7: Fixed crashes related to the CCMD 'disconnect' (fixes 2232).
Committed by Benjamin Berkels [Torr Samaho] on Sunday 09 August 2015 09:43:23

Changes in files:

 src/cl_main.cpp | 12 +++---------
 1 files changed, 3 insertions(+), 9 deletions(-)
User avatar (0013142)
Torr Samaho (administrator)
2015-08-09 10:22

 Thanks! I consider the 'disconnect" related crash issues to be resolved then. Please open a new ticket if the new builds still crash.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2015-05-16 12:24 CyberMan New Issue
2015-05-16 12:24 CyberMan File Added: CrashReport.zip
2015-05-16 12:26 CyberMan Note Added: 0012280
2015-05-16 14:14 Dusk Note Added: 0012286
2015-05-16 14:14 Dusk Product Version => 3.0
2015-05-16 14:19 Dusk Note Edited: 0012286 View Revisions
2015-05-16 14:20 Dusk Summary Game crashed on the map start => [b678038] Game crashed on the map start
2015-05-16 14:44 Torr Samaho Note Added: 0012287
2015-05-16 14:46 CyberMan Note Added: 0012288
2015-05-16 18:30 WaTaKiD Note Added: 0012297
2015-05-16 19:32 WaTaKiD Note Edited: 0012297 View Revisions
2015-05-16 19:43 Edward-san Note Added: 0012299
2015-05-16 20:07 DrinkyBird Note Added: 0012300
2015-05-17 17:12 Torr Samaho Note Added: 0012319
2015-05-24 19:39 Dusk Product Version 3.0 => 3.0-beta
2015-08-08 18:20 Torr Samaho Note Added: 0013110
2015-08-08 18:20 Torr Samaho Assigned To => Torr Samaho
2015-08-08 18:20 Torr Samaho Status new => feedback
2015-08-08 19:29 WaTaKiD File Added: CrashReport-ticket2232.zip
2015-08-08 19:32 WaTaKiD Note Added: 0013120
2015-08-08 20:15 WaTaKiD Note Edited: 0013120 View Revisions
2015-08-08 20:33 Torr Samaho Note Added: 0013121
2015-08-08 20:44 WaTaKiD Note Added: 0013122
2015-08-08 20:46 WaTaKiD Note Edited: 0013122 View Revisions
2015-08-08 22:21 Edward-san Note Added: 0013124
2015-08-09 06:38 Torr Samaho Note Added: 0013125
2015-08-09 07:34 WaTaKiD Note Added: 0013127
2015-08-09 07:45 Torr Samaho Note Added: 0013131
2015-08-09 07:58 Edward-san Note Added: 0013132
2015-08-09 08:00 Torr Samaho Note Added: 0013134
2015-08-09 08:20 Edward-san Note Added: 0013135
2015-08-09 09:08 cobalt Status feedback => needs testing
2015-08-09 09:08 cobalt Target Version => 3.0
2015-08-09 09:08 cobalt Steps to Reproduce Updated View Revisions
2015-08-09 09:08 cobalt Note Added: 0013137
2015-08-09 10:22 Torr Samaho Note Added: 0013142
2015-08-09 10:22 Torr Samaho Status needs testing => resolved
2015-08-09 10:22 Torr Samaho Fixed in Version => 3.0
2015-08-09 10:22 Torr Samaho Resolution open => fixed
2016-11-25 23:53 Edward-san Relationship added parent of 0002934
2018-09-30 21:57 Blzut3 Status resolved => closed




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker