bugFreeciv - Bugs: bug #20626, Crash when undisbandable unit dies...

 
 
Show feedback again

bug #20626: Crash when undisbandable unit dies after teleporting "safety" from drowning

Submitted by:  Martin Schröder <oneiros>
Submitted on:  Sat 16 Mar 2013 05:11:58 PM UTC  
 
Category: generalSeverity: 4 - Important
Priority: 5 - NormalStatus: Fixed
Assigned to: Marko Lindqvist <cazfi>Open/Closed: Closed
Release: 2.3.4Operating System: GNU/Linux
Planned Release: 2.3.5, 2.4.0, 2.5.0, 2.6.0

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

(Jump to the original submission Jump to the original submission)

Tue 06 Aug 2013 10:02:30 PM UTC, SVN revision 23165:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23165)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue 06 Aug 2013 10:02:26 PM UTC, SVN revision 23164:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23164)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue 06 Aug 2013 10:02:20 PM UTC, SVN revision 23163:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23163)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue 06 Aug 2013 10:02:14 PM UTC, SVN revision 23162:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23162)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 04 Aug 2013 11:52:23 PM UTC, comment #8:

Barbarian Leader gets killed (by autoattack) when it teleports away. No-longer-valid pointer to (died) unit is being used afterwards.

Fixes attached

(file #18635, file #18636)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 04 Aug 2013 10:14:29 PM UTC, comment #7:

I cannot reproduce with S2_3 head, but that doesn't mean the bug has been fixed. After some testing I found out that it's reproducible with r23001 but not r23002. The change between the two revisions is totally unrelated bug #20932. It just seems to change autogame (AI behavior, maybe consequently amount of rand() calls) slightly so that the crash situation does not occur.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed 10 Apr 2013 07:01:34 AM UTC, comment #6:

So there's one Undisbandable unit, Barbarian Leader. According to -d3 log, it's teleported away. Yet the crash happens when code is unit_lost_with_transport() for undisbandable (or gameloss) unit on line 1618.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed 10 Apr 2013 12:51:14 AM UTC, comment #5:

Still not sure what's going on, but some facts

  • Sunk boat is a Caravel belonging to Blackbeard (Pirate)
    • Was sunk by Dravya Shah (Nepali)
  • At [l tgt="tile" x=209 y=103 /]
  • Three ex-cargo at time of crash (IDs 1785, 1786, 1787 -- looking at pre-crash state, probably Barbarian Leader, Marines, and Dragoons)

Oddly, pcargo seems corrupted (first few entries, e.g. utype, seem garbage)

Jacob Nevins <jtn>
Project Administrator
Tue 09 Apr 2013 11:02:16 PM UTC, comment #4:

Here's a backtrace with head-of-S2_3 (r22707) compiled with -O0 -g.

Jacob Nevins <jtn>
Project Administrator
Tue 09 Apr 2013 11:01:32 PM UTC, comment #3:

Being about transport destruction and Barbarian Leader teleporting away, this sounds exactly like bug #20699 - except that that was introduced to S2_4 / TRUNK only and never existed in S2_3. Maybe there is something a bit alike in S2_3 implementation of wipe_unit()?

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue 09 Apr 2013 10:48:13 PM UTC, comment #2:

When I run with -d 3 the server's last words are

(I vaguely wondered if this could be an instance of bug #20728, but it appears not -- applying the patch doesn't stop the segfault.)

Jacob Nevins <jtn>
Project Administrator
Mon 01 Apr 2013 01:45:47 PM UTC, comment #1:

I can confirm serious trouble with this savegame, although not the exact symptom of the title.

Loading game into 2.3.4 client and following instructions, I got what looks like a client segfault:

(no backtrace, sorry). Repeating the experiment just got "Lost connection to server: read error", suggesting the server died.

Loading game into separate server and connecting with client, I got a segfault on the server (no assertion failure). Backtrace:

Jacob Nevins <jtn>
Project Administrator
Sat 16 Mar 2013 05:11:58 PM UTC, original submission:

Load the attached save, finish the move and see the client crash.

OS is OpenSUSE 12.2
Installed is

> rpm -qi freeciv

Name : freeciv
Version : 2.3.4
Release : 1.1
Architecture: x86_64
Install Date: Mo 18 Feb 2013 18:42:20 CET
Group : Amusements/Games/Strategy/Turn Based
Size : 34831560
License : GPL-2.0+
Signature : DSA/SHA1, Mo 18 Feb 2013 14:46:03 CET, Key ID 8f91b0e6c862b42c
Source RPM : freeciv-2.3.4-1.1.src.rpm
Build Date : Mo 18 Feb 2013 14:44:32 CET
Build Host : build09
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/games
URL : http://www.freeciv.org
Summary : Free Civilization Clone
Description :
A clone of the well known game Civilization by Microprose.

Every player is the leader of an imaginary nation. The aim of the game
can be to create a prospering civilization with commerce and knowledge
exchange or (more often) the extinction of all other civilizations.

To start a new game, first start the server 'civserver,' then start the
client 'civclient'. Have fun!

Authors:
--------
Allan Ove Kjeldbjerg <allan@daimi.aau.dk>
Claus Leth Gregersen <leth@daimi.aau.dk>
Peter Joachim Unold <pjunold@daimi.aau.dk>
Distribution: games / openSUSE_12.2

> ldd /usr/bin/freeciv-gtk2

linux-vdso.so.1 (0x00007fff0f6d9000)
libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x00007f82e9dd9000)
libz.so.1 => /lib64/libz.so.1 (0x00007f82e9bc3000)
libm.so.6 => /lib64/libm.so.6 (0x00007f82e98cc000)
libSDL_mixer-1.2.so.0 => /usr/lib64/libSDL_mixer-1.2.so.0 (0x00007f82e967b000)
libSDL-1.2.so.0 => /usr/lib64/libSDL-1.2.so.0 (0x00007f82e93e0000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f82e91c4000)
libgtk-x11-2.0.so.0 => /usr/lib64/libgtk-x11-2.0.so.0 (0x00007f82e8b8d000)
libgdk-x11-2.0.so.0 => /usr/lib64/libgdk-x11-2.0.so.0 (0x00007f82e88d9000)
libgdk_pixbuf-2.0.so.0 => /usr/lib64/libgdk_pixbuf-2.0.so.0 (0x00007f82e86b8000)
libpango-1.0.so.0 => /usr/lib64/libpango-1.0.so.0 (0x00007f82e846c000)
libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f82e821e000)
libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f82e7f27000)
libc.so.6 => /lib64/libc.so.6 (0x00007f82e7b82000)
libasound.so.2 => /usr/lib64/libasound.so.2 (0x00007f82e78a6000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f82e76a2000)
/lib64/ld-linux-x86-64.so.2 (0x00007f82e9fe8000)
libpangocairo-1.0.so.0 => /usr/lib64/libpangocairo-1.0.so.0 (0x00007f82e7495000)
libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f82e7159000)
libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f82e6f53000)
libatk-1.0.so.0 => /usr/lib64/libatk-1.0.so.0 (0x00007f82e6d30000)
libcairo.so.2 => /usr/lib64/libcairo.so.2 (0x00007f82e6a38000)
libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f82e66e6000)
libpangoft2-1.0.so.0 => /usr/lib64/libpangoft2-1.0.so.0 (0x00007f82e64ba000)
libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f82e6283000)
libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f82e6071000)
libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f82e5e67000)
libXinerama.so.1 => /usr/lib64/libXinerama.so.1 (0x00007f82e5c64000)
libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f82e5a53000)
libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f82e584a000)
libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f82e563f000)
libXcomposite.so.1 => /usr/lib64/libXcomposite.so.1 (0x00007f82e543c000)
libXdamage.so.1 => /usr/lib64/libXdamage.so.1 (0x00007f82e5239000)
libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f82e5035000)
libffi.so.4 => /usr/lib64/libffi.so.4 (0x00007f82e4e2d000)
libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f82e4bd3000)
librt.so.1 => /lib64/librt.so.1 (0x00007f82e49cb000)
libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f82e473e000)
libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f82e451e000)
libpixman-1.so.0 => /usr/lib64/libpixman-1.so.0 (0x00007f82e4296000)
libpng14.so.14 => /usr/lib64/libpng14.so.14 (0x00007f82e406d000)
libxcb-shm.so.0 => /usr/lib64/libxcb-shm.so.0 (0x00007f82e3e6a000)
libxcb-render.so.0 => /usr/lib64/libxcb-render.so.0 (0x00007f82e3c5f000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f82e3a41000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f82e382a000)
libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f82e3600000)
libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f82e33fc000)

Martin Schröder <oneiros>

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

Attached Files
file #18635:  TeleportedDeath.patch added by cazfi (3kB - text/x-diff)
file #17441:  freeciv-T0240-Y01700-manual.sav.bz2 added by oneiros (154kB - application/x-bzip)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by cazfi (Posted a comment)
  • -unavailable- added by jtn (Posted a comment)
  • -unavailable- added by oneiros (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 12 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Tue 06 Aug 2013 10:02:49 PM UTCcazfiCategoryclient-gtk-2.0=>general
      StatusReady For Test=>Fixed
      Assigned toNone=>cazfi
      Open/ClosedOpen=>Closed
    Sun 04 Aug 2013 11:52:23 PM UTCcazfiAttached File-=>Added TeleportedDeath.patch, #18635
      Attached File-=>Added TeleportedDeath-S2_3.patch, #18636
      StatusConfirmed=>Ready For Test
      Planned Release2.3.5,2.4.0,2.5.0=>2.3.5, 2.4.0, 2.5.0, 2.6.0
      SummaryClient crashes with GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)\' failed=>Crash when undisbandable unit dies after teleporting "safety" from drowning
    Mon 01 Apr 2013 01:45:47 PM UTCjtnStatusNone=>Confirmed
      Planned Release=>2.3.5,2.4.0,2.5.0
    Sat 16 Mar 2013 05:11:58 PM UTConeirosAttached File-=>Added freeciv-T0240-Y01700-manual.sav.bz2, #17441
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup