Zandronum Chat @ irc.zandronum.com
#zandronum
Get the latest version: 3.0
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003726Zandronum[All Projects] Bugpublic2019-10-20 07:482020-05-05 22:47
Reportereagle 
Assigned ToTorr Samaho 
PriorityhighSeveritycrashReproducibilityalways
Statusneeds testingResolutionopen 
PlatformWindowsOSWindows Server 2012 R2OS VersionXP/Vista/7
Product Version3.0 
Target VersionFixed in Version 
Summary0003726: Zandronum 3.0.1 - crash - Integer Overflow
DescriptionZandronum 3.0.1 - crash - Integer Overflow, due to the calculation of decal coordinates in assembler assest.
Additional InformationI have my own correction of this error, if you notice my existence at all and react to this ticket in the next six years.
Attached Fileszip file icon CrashReport028.zip [^] (21,893 bytes) 2019-10-20 07:48
png file icon fix1.png [^] (12,005 bytes) 2020-01-14 07:08


png file icon overflow.png [^] (46,434 bytes) 2020-05-05 06:46


? file icon DEMO2.wad [^] (927,778 bytes) 2020-05-05 22:37

- Relationships

-  Notes
User avatar (0021080)
Torr Samaho (administrator)
2019-12-22 14:34

Quote from eagle

I have my own correction of this error, if you notice my existence at all and react to this ticket in the next six years.

I'm all ears.
User avatar (0021081)
eagle (reporter)
2019-12-26 17:09

Remove the assembler insert in the function on which the crash occurred, the problem is because of it.
User avatar (0021082)
Torr Samaho (administrator)
2020-01-12 20:53

Unfortunately, I can't get anything out of the crash log. Which function are you referring to?
User avatar (0021083)
eagle (reporter)
2020-01-14 07:09

I uploaded a screenshot with the fix
User avatar (0021295)
Torr Samaho (administrator)
2020-04-30 20:03

Thanks, I added your patch!
User avatar (0021309)
eagle (reporter)
2020-05-05 06:45

this correction was not enough, so we went further... I attached a screenshot.
User avatar (0021310)
Edward-san (developer)
2020-05-05 21:22
edited on: 2020-05-05 21:31

Can you attach a crash log obtained with the new build?

Also, the new patch seems to change the scale code in the c code instead of the intended assembler code, contradicting the statement in the description that the assembler code was the culprit here. How did you discover this? Also, just to ask: is zandronum compiled by yourself, by any chance?

User avatar (0021312)
eagle (reporter)
2020-05-05 21:58

I checked it on my own compilation, so my logs won't help here. and the problem there is huge values in variables obtained before division. Only the Assembly insert was replaced, and it is still called in many places in the render.
User avatar (0021313)
eagle (reporter)
2020-05-05 21:59

This overflow error appears on huge maps when drawing decals.
User avatar (0021315)
Edward-san (developer)
2020-05-05 22:29
edited on: 2020-05-05 22:34

Quote
This overflow error appears on huge maps when drawing decals.


Indeed, from the code it looks like it is sufficient to have a decal on a very large wall. Can you attach an example wad reproducing the crash with this, which is also compatible with gzdoom?

User avatar (0021316)
eagle (reporter)
2020-05-05 22:36

Yes, of course.
User avatar (0021317)
Edward-san (developer)
2020-05-05 22:45
edited on: 2020-05-05 22:47

In any case, I'm personally not inclined to change the Scale function to accommodate this specific case. I have a suggestion: does it work if you replace the current multiplication and division in the decal code with the following:


(fixed_t)((r * (SQWORD)ldx) / wallsize)


and similar for the y case? Moreover, the Scale call in DBaseDecal::SpreadLeft should be replaced in the same way.


Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: eagle
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2019-10-20 07:48 eagle New Issue
2019-10-20 07:48 eagle File Added: CrashReport028.zip
2019-12-22 14:34 Torr Samaho Note Added: 0021080
2019-12-26 17:09 eagle Note Added: 0021081
2020-01-12 20:53 Torr Samaho Note Added: 0021082
2020-01-14 07:08 eagle File Added: fix1.png
2020-01-14 07:09 eagle Note Added: 0021083
2020-04-30 20:03 Torr Samaho Note Added: 0021295
2020-04-30 20:03 Torr Samaho Assigned To => Torr Samaho
2020-04-30 20:03 Torr Samaho Status new => needs testing
2020-05-05 06:45 eagle Note Added: 0021309
2020-05-05 06:46 eagle File Added: overflow.png
2020-05-05 21:22 Edward-san Note Added: 0021310
2020-05-05 21:30 Edward-san Note Edited: 0021310 View Revisions
2020-05-05 21:31 Edward-san Note Edited: 0021310 View Revisions
2020-05-05 21:58 eagle Note Added: 0021312
2020-05-05 21:59 eagle Note Added: 0021313
2020-05-05 22:29 Edward-san Note Added: 0021315
2020-05-05 22:34 Edward-san Note Edited: 0021315 View Revisions
2020-05-05 22:36 eagle Note Added: 0021316
2020-05-05 22:37 eagle File Added: DEMO2.wad
2020-05-05 22:45 Edward-san Note Added: 0021317
2020-05-05 22:46 Edward-san Note Edited: 0021317 View Revisions
2020-05-05 22:47 Edward-san Note Edited: 0021317 View Revisions
2020-05-05 22:47 Edward-san Note Edited: 0021317 View Revisions






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker