Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002275Zandronum[All Projects] Bugpublic2015-05-30 06:232024-01-29 15:39
ReporterPresident People 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformAppleOSMac OS XOS Version10.4-10.7
Product Version2.0 
Target Version3.1Fixed in Version3.1 
Summary0002275: Crash when selecting Random class after enabling Multiplayer
DescriptionSeems to happen with any class mod. Example provided.

*** Fatal Error ***
Address not mapped to object (signal 11)
Address: 0x635b6370
Steps To Reproduce1. Enable multiplayer either by typing "Multiplayer" in console, or adding and then removing a bot.
2. Leave the game either by typing "Spectate" in console, or using Spectate in the Multiplayer menu.
3. Rejoin the game either by pressing fire and selecting the Random class, or choosing Random class in the Player preferences, and typing "Join" in console.
4. Reward yourself either by eating a Whopper, or eating a Big Mac.
Attached Files? file icon RandomClassCrash.pk3 [^] (309 bytes) 2015-05-30 06:23

- Relationships

-  Notes
User avatar (0012459)
Edward-san (developer)
2015-05-30 07:20
edited on: 2015-05-30 07:43

 I can reproduce the crash in 3.0, not in 2.0.

Anyways, valgrind reported some issues before crashing:


==2778== Invalid read of size 8
==2778== at 0x7623F3: P_SpawnPlayer(FPlayerStart*, int, int) (p_mobj.cpp:5342)
==2778== by 0x67701F: G_CooperativeSpawnPlayer(unsigned long, bool, bool) (g_game.cpp:2559)
==2778== by 0x694BBE: GAMEMODE_SpawnPlayer(unsigned long, bool) (gamemode.cpp:662)
==2778== by 0x677570: G_DoReborn(int, bool) (g_game.cpp:2704)
==2778== by 0x6741A4: G_Ticker() (g_game.cpp:1332)
==2778== by 0x652B42: TryRunTics() (d_net.cpp:1922)
==2778== by 0x648DDB: D_DoomLoop() (d_main.cpp:1353)
==2778== by 0x64CCA2: D_DoomMain() (d_main.cpp:3198)
==2778== by 0x5D0004: main (i_main.cpp:366)
==2778== Address 0x15fefb80 is 7,584 bytes inside a block of size 16,384 free'd
==2778== at 0x4C2C83C: operator delete[](void*) (vg_replace_malloc.c:538)
==2778== by 0xA1765E: FPatchTexture::Unload() (patchtexture.cpp:184)
==2778== by 0x7C3493: FSoftwareRenderer::PrecacheTexture(FTexture*, int) (r_swrenderer.cpp:104)
==2778== by 0xA2091D: FTextureManager::PrecacheLevel() (texturemanager.cpp:1247)
==2778== by 0x783429: P_SetupLevel(char*, int) (p_setup.cpp:4565)
==2778== by 0x6830C0: G_DoLoadLevel(int, bool) (g_level.cpp:1442)
==2778== by 0x681192: G_InitNew(char const*, bool) (g_level.cpp:566)
==2778== by 0x680BC9: G_DoNewGame() (g_level.cpp:332)
==2778== by 0x674251: G_Ticker() (g_game.cpp:1366)
==2778== by 0x652B42: TryRunTics() (d_net.cpp:1922)
==2778== by 0x648DDB: D_DoomLoop() (d_main.cpp:1353)
==2778== by 0x64CCA2: D_DoomMain() (d_main.cpp:3198)
==2778==
==2778== Invalid read of size 8
==2778== at 0x61BB9A: GetDefaultByType(PClass const*) (actor.h:611)
==2778== by 0x7625C4: P_SpawnPlayer(FPlayerStart*, int, int) (p_mobj.cpp:5378)
==2778== by 0x67701F: G_CooperativeSpawnPlayer(unsigned long, bool, bool) (g_game.cpp:2559)
==2778== by 0x694BBE: GAMEMODE_SpawnPlayer(unsigned long, bool) (gamemode.cpp:662)
==2778== by 0x677570: G_DoReborn(int, bool) (g_game.cpp:2704)
==2778== by 0x6741A4: G_Ticker() (g_game.cpp:1332)
==2778== by 0x652B42: TryRunTics() (d_net.cpp:1922)
==2778== by 0x648DDB: D_DoomLoop() (d_main.cpp:1353)
==2778== by 0x64CCA2: D_DoomMain() (d_main.cpp:3198)
==2778== by 0x5D0004: main (i_main.cpp:366)
==2778== Address 0x919291869167679f is not stack'd, malloc'd or (recently) free'd
==2778==


Analyzing that I found out that in p_mobj.cpp, line 5322, 'type' becomes -1, leading to 'p->CurrentPlayerClass' = -1 in line 5336, and hence 'PlayerClasses' is accessed with index -1 at line 5342, giving 'p->cls' a very random value, leading to the crash later in line 5378 while trying to access to 'p->cls' inside GetDefaultByType call.

[edit] 'SinglePlayerClass[consoleplayer]' is -1 in the function PLAYER_JoinGameFromSpectators in p_user.cpp, line 3060+:


    // [BB] In single player, allow the player to switch its class when changing from spectator to player.
    if ( ( NETWORK_GetState( ) == NETSTATE_SINGLE ) || ( NETWORK_GetState( ) == NETSTATE_SINGLE_MULTIPLAYER ) )
        SinglePlayerClass[consoleplayer] = players[consoleplayer].userinfo.GetPlayerClassNum();
User avatar (0012465)
Edward-san (developer)
2015-05-30 12:12
edited on: 2015-05-30 12:12

 Nevermind, it happens also in 2.0, same thing.
User avatar (0023032)
Ru5tK1ng (updater)
2024-01-29 15:39

 This was fixed in 3.1.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2015-05-30 06:23 President People New Issue
2015-05-30 06:23 President People File Added: RandomClassCrash.pk3
2015-05-30 07:20 Edward-san Note Added: 0012459
2015-05-30 07:43 Edward-san Note Edited: 0012459 View Revisions
2015-05-30 07:44 Edward-san Status new => confirmed
2015-05-30 12:12 Edward-san Note Added: 0012465
2015-05-30 12:12 Edward-san Note Edited: 0012465 View Revisions
2024-01-29 15:39 Ru5tK1ng Note Added: 0023032
2024-01-29 15:39 Ru5tK1ng Status confirmed => resolved
2024-01-29 15:39 Ru5tK1ng Resolution open => fixed
2024-01-29 15:39 Ru5tK1ng Fixed in Version => 3.1
2024-01-29 15:39 Ru5tK1ng Target Version => 3.1




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker