Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003726Zandronum[All Projects] Bugpublic2019-10-20 07:482024-04-09 03:16
Reportereagle 
Assigned ToTorr Samaho 
PriorityhighSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformWindowsOSWindows Server 2012 R2OS VersionXP/Vista/7
Product Version3.0 
Target Version3.1Fixed in Version3.1 
Summary0003726: Zandronum 3.0.1 - crash - Integer Overflow
DescriptionZandronum 3.0.1 - crash - Integer Overflow, due to the calculation of decal coordinates in assembler assest.
Additional InformationI have my own correction of this error, if you notice my existence at all and react to this ticket in the next six years.
Attached Fileszip file icon CrashReport028.zip [^] (21,893 bytes) 2019-10-20 07:48
png file icon fix1.png [^] (12,005 bytes) 2020-01-14 07:08


png file icon overflow.png [^] (46,434 bytes) 2020-05-05 06:46


? file icon DEMO2.wad [^] (927,778 bytes) 2020-05-05 22:37

- Relationships

-  Notes
User avatar (0021080)
Torr Samaho (administrator)
2019-12-22 14:34
Quote from eagle

I have my own correction of this error, if you notice my existence at all and react to this ticket in the next six years.

I'm all ears.
User avatar (0021081)
eagle (reporter)
2019-12-26 17:09

 Remove the assembler insert in the function on which the crash occurred, the problem is because of it.
User avatar (0021082)
Torr Samaho (administrator)
2020-01-12 20:53

 Unfortunately, I can't get anything out of the crash log. Which function are you referring to?
User avatar (0021083)
eagle (reporter)
2020-01-14 07:09

 I uploaded a screenshot with the fix
User avatar (0021295)
Torr Samaho (administrator)
2020-04-30 20:03

 Thanks, I added your patch!
User avatar (0021309)
eagle (reporter)
2020-05-05 06:45

 this correction was not enough, so we went further... I attached a screenshot.
User avatar (0021310)
Edward-san (developer)
2020-05-05 21:22
edited on: 2020-05-05 21:31

 Can you attach a crash log obtained with the new build?

Also, the new patch seems to change the scale code in the c code instead of the intended assembler code, contradicting the statement in the description that the assembler code was the culprit here. How did you discover this? Also, just to ask: is zandronum compiled by yourself, by any chance?
User avatar (0021312)
eagle (reporter)
2020-05-05 21:58

 I checked it on my own compilation, so my logs won't help here. and the problem there is huge values in variables obtained before division. Only the Assembly insert was replaced, and it is still called in many places in the render.
User avatar (0021313)
eagle (reporter)
2020-05-05 21:59

 This overflow error appears on huge maps when drawing decals.
User avatar (0021315)
Edward-san (developer)
2020-05-05 22:29
edited on: 2020-05-05 22:34
Quote
This overflow error appears on huge maps when drawing decals.


Indeed, from the code it looks like it is sufficient to have a decal on a very large wall. Can you attach an example wad reproducing the crash with this, which is also compatible with gzdoom?
User avatar (0021316)
eagle (reporter)
2020-05-05 22:36

 Yes, of course.
User avatar (0021317)
Edward-san (developer)
2020-05-05 22:45
edited on: 2020-05-05 22:47

 In any case, I'm personally not inclined to change the Scale function to accommodate this specific case. I have a suggestion: does it work if you replace the current multiplication and division in the decal code with the following:


(fixed_t)((r * (SQWORD)ldx) / wallsize)


and similar for the y case? Moreover, the Scale call in DBaseDecal::SpreadLeft should be replaced in the same way.
User avatar (0023569)
Ru5tK1ng (updater)
2024-04-09 03:16

 Tested example wad online and offline with 3.1 and didn't encounter any crash when the rockets hit the building from across the map. If the patch author wants to improve the fix, he can make a new ticket.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: eagle
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2019-10-20 07:48 eagle New Issue
2019-10-20 07:48 eagle File Added: CrashReport028.zip
2019-12-22 14:34 Torr Samaho Note Added: 0021080
2019-12-26 17:09 eagle Note Added: 0021081
2020-01-12 20:53 Torr Samaho Note Added: 0021082
2020-01-14 07:08 eagle File Added: fix1.png
2020-01-14 07:09 eagle Note Added: 0021083
2020-04-30 20:03 Torr Samaho Note Added: 0021295
2020-04-30 20:03 Torr Samaho Assigned To => Torr Samaho
2020-04-30 20:03 Torr Samaho Status new => needs testing
2020-05-05 06:45 eagle Note Added: 0021309
2020-05-05 06:46 eagle File Added: overflow.png
2020-05-05 21:22 Edward-san Note Added: 0021310
2020-05-05 21:30 Edward-san Note Edited: 0021310 View Revisions
2020-05-05 21:31 Edward-san Note Edited: 0021310 View Revisions
2020-05-05 21:58 eagle Note Added: 0021312
2020-05-05 21:59 eagle Note Added: 0021313
2020-05-05 22:29 Edward-san Note Added: 0021315
2020-05-05 22:34 Edward-san Note Edited: 0021315 View Revisions
2020-05-05 22:36 eagle Note Added: 0021316
2020-05-05 22:37 eagle File Added: DEMO2.wad
2020-05-05 22:45 Edward-san Note Added: 0021317
2020-05-05 22:46 Edward-san Note Edited: 0021317 View Revisions
2020-05-05 22:47 Edward-san Note Edited: 0021317 View Revisions
2020-05-05 22:47 Edward-san Note Edited: 0021317 View Revisions
2024-04-09 03:16 Ru5tK1ng Note Added: 0023569
2024-04-09 03:16 Ru5tK1ng Status needs testing => resolved
2024-04-09 03:16 Ru5tK1ng Resolution open => fixed
2024-04-09 03:16 Ru5tK1ng Fixed in Version => 3.1
2024-04-09 03:16 Ru5tK1ng Target Version => 3.1




Questions or other issues? Contact Us.

Links

Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker