bugFreeciv - Bugs: bug #20626, Crash when undisbandable unit dies...

 
 
Show feedback again

bug #20626: Crash when undisbandable unit dies after teleporting "safety" from drowning

Submitted by:  Martin Schröder <oneiros>
Submitted on:  Sat Mar 16 17:11:58 2013  
 
Category: generalSeverity: 4 - Important
Priority: 5 - NormalStatus: Fixed
Assigned to: Marko Lindqvist <cazfi>Open/Closed: Closed
Release: 2.3.4Operating System: GNU/Linux
Planned Release: 2.3.5, 2.4.0, 2.5.0, 2.6.0Contains string changes: None

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

(Jump to the original submission Jump to the original submission)

Tue Aug 6 22:02:30 2013, SVN revision 23165:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23165)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue Aug 6 22:02:26 2013, SVN revision 23164:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23164)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue Aug 6 22:02:20 2013, SVN revision 23163:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23163)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue Aug 6 22:02:14 2013, SVN revision 23162:

Do not use invalid pointer after undisbandable unit teleported away
from drowning has died upon arrival to its destination.

Reported by Martin Schr?\195?\182der

See bug #20626

(Browse SVN revision 23162)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun Aug 4 23:52:23 2013, comment #8:

Barbarian Leader gets killed (by autoattack) when it teleports away. No-longer-valid pointer to (died) unit is being used afterwards.

Fixes attached

(file #18635, file #18636)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun Aug 4 22:14:29 2013, comment #7:

I cannot reproduce with S2_3 head, but that doesn't mean the bug has been fixed. After some testing I found out that it's reproducible with r23001 but not r23002. The change between the two revisions is totally unrelated bug #20932. It just seems to change autogame (AI behavior, maybe consequently amount of rand() calls) slightly so that the crash situation does not occur.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed Apr 10 07:01:34 2013, comment #6:

So there's one Undisbandable unit, Barbarian Leader. According to -d3 log, it's teleported away. Yet the crash happens when code is unit_lost_with_transport() for undisbandable (or gameloss) unit on line 1618.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed Apr 10 00:51:14 2013, comment #5:

Still not sure what's going on, but some facts

  • Sunk boat is a Caravel belonging to Blackbeard (Pirate)
    • Was sunk by Dravya Shah (Nepali)
  • At [l tgt="tile" x=209 y=103 /]
  • Three ex-cargo at time of crash (IDs 1785, 1786, 1787 -- looking at pre-crash state, probably Barbarian Leader, Marines, and Dragoons)

Oddly, pcargo seems corrupted (first few entries, e.g. utype, seem garbage)

Jacob Nevins <jtn>
Project Administrator
Tue Apr 9 23:02:16 2013, comment #4:

Here's a backtrace with head-of-S2_3 (r22707) compiled with -O0 -g.

Jacob Nevins <jtn>
Project Administrator
Tue Apr 9 23:01:32 2013, comment #3:

Being about transport destruction and Barbarian Leader teleporting away, this sounds exactly like bug #20699 - except that that was introduced to S2_4 / TRUNK only and never existed in S2_3. Maybe there is something a bit alike in S2_3 implementation of wipe_unit()?

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue Apr 9 22:48:13 2013, comment #2:

When I run with -d 3 the server's last words are

(I vaguely wondered if this could be an instance of bug #20728, but it appears not -- applying the patch doesn't stop the segfault.)

Jacob Nevins <jtn>
Project Administrator
Mon Apr 1 13:45:47 2013, comment #1:

I can confirm serious trouble with this savegame, although not the exact symptom of the title.

Loading game into 2.3.4 client and following instructions, I got what looks like a client segfault:

(no backtrace, sorry). Repeating the experiment just got "Lost connection to server: read error", suggesting the server died.

Loading game into separate server and connecting with client, I got a segfault on the server (no assertion failure). Backtrace:

Jacob Nevins <jtn>
Project Administrator
Sat Mar 16 17:11:58 2013, original submission:

Load the attached save, finish the move and see the client crash.

OS is OpenSUSE 12.2
Installed is

> rpm -qi freeciv

Name : freeciv
Version : 2.3.4
Release : 1.1
Architecture: x86_64
Install Date: Mo 18 Feb 2013 18:42:20 CET
Group : Amusements/Games/Strategy/Turn Based
Size : 34831560
License : GPL-2.0+
Signature : DSA/SHA1, Mo 18 Feb 2013 14:46:03 CET, Key ID 8f91b0e6c862b42c
Source RPM : freeciv-2.3.4-1.1.src.rpm
Build Date : Mo 18 Feb 2013 14:44:32 CET
Build Host : build09
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/games
URL : http://www.freeciv.org
Summary : Free Civilization Clone
Description :
A clone of the well known game Civilization by Microprose.

Every player is the leader of an imaginary nation. The aim of the game
can be to create a prospering civilization with commerce and knowledge
exchange or (more often) the extinction of all other civilizations.

To start a new game, first start the server 'civserver,' then start the
client 'civclient'. Have fun!

Authors:
--------
Allan Ove Kjeldbjerg <allan@daimi.aau.dk>
Claus Leth Gregersen <leth@daimi.aau.dk>
Peter Joachim Unold <pjunold@daimi.aau.dk>
Distribution: games / openSUSE_12.2

> ldd /usr/bin/freeciv-gtk2

linux-vdso.so.1 (0x00007fff0f6d9000)
libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x00007f82e9dd9000)
libz.so.1 => /lib64/libz.so.1 (0x00007f82e9bc3000)
libm.so.6 => /lib64/libm.so.6 (0x00007f82e98cc000)
libSDL_mixer-1.2.so.0 => /usr/lib64/libSDL_mixer-1.2.so.0 (0x00007f82e967b000)
libSDL-1.2.so.0 => /usr/lib64/libSDL-1.2.so.0 (0x00007f82e93e0000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f82e91c4000)
libgtk-x11-2.0.so.0 => /usr/lib64/libgtk-x11-2.0.so.0 (0x00007f82e8b8d000)
libgdk-x11-2.0.so.0 => /usr/lib64/libgdk-x11-2.0.so.0 (0x00007f82e88d9000)
libgdk_pixbuf-2.0.so.0 => /usr/lib64/libgdk_pixbuf-2.0.so.0 (0x00007f82e86b8000)
libpango-1.0.so.0 => /usr/lib64/libpango-1.0.so.0 (0x00007f82e846c000)
libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f82e821e000)
libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f82e7f27000)
libc.so.6 => /lib64/libc.so.6 (0x00007f82e7b82000)
libasound.so.2 => /usr/lib64/libasound.so.2 (0x00007f82e78a6000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f82e76a2000)
/lib64/ld-linux-x86-64.so.2 (0x00007f82e9fe8000)
libpangocairo-1.0.so.0 => /usr/lib64/libpangocairo-1.0.so.0 (0x00007f82e7495000)
libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f82e7159000)
libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f82e6f53000)
libatk-1.0.so.0 => /usr/lib64/libatk-1.0.so.0 (0x00007f82e6d30000)
libcairo.so.2 => /usr/lib64/libcairo.so.2 (0x00007f82e6a38000)
libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f82e66e6000)
libpangoft2-1.0.so.0 => /usr/lib64/libpangoft2-1.0.so.0 (0x00007f82e64ba000)
libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f82e6283000)
libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f82e6071000)
libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f82e5e67000)
libXinerama.so.1 => /usr/lib64/libXinerama.so.1 (0x00007f82e5c64000)
libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f82e5a53000)
libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f82e584a000)
libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f82e563f000)
libXcomposite.so.1 => /usr/lib64/libXcomposite.so.1 (0x00007f82e543c000)
libXdamage.so.1 => /usr/lib64/libXdamage.so.1 (0x00007f82e5239000)
libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f82e5035000)
libffi.so.4 => /usr/lib64/libffi.so.4 (0x00007f82e4e2d000)
libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007f82e4bd3000)
librt.so.1 => /lib64/librt.so.1 (0x00007f82e49cb000)
libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f82e473e000)
libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f82e451e000)
libpixman-1.so.0 => /usr/lib64/libpixman-1.so.0 (0x00007f82e4296000)
libpng14.so.14 => /usr/lib64/libpng14.so.14 (0x00007f82e406d000)
libxcb-shm.so.0 => /usr/lib64/libxcb-shm.so.0 (0x00007f82e3e6a000)
libxcb-render.so.0 => /usr/lib64/libxcb-render.so.0 (0x00007f82e3c5f000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f82e3a41000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f82e382a000)
libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f82e3600000)
libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f82e33fc000)

Martin Schröder <oneiros>

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

Attached Files
file #18635:  TeleportedDeath.patch added by cazfi (3kB - text/x-diff)
file #17441:  freeciv-T0240-Y01700-manual.sav.bz2 added by oneiros (154kB - application/x-bzip)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by cazfi (Posted a comment)
  • -unavailable- added by jtn (Posted a comment)
  • -unavailable- added by oneiros (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Error: not logged in

     

     

    Follow 12 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Tue Aug 6 22:02:49 2013cazfiCategoryclient-gtk-2.0=>general
      StatusReady For Test=>Fixed
      Assigned toNone=>cazfi
      Open/ClosedOpen=>Closed
    Sun Aug 4 23:52:23 2013cazfiAttached File-=>Added TeleportedDeath.patch, #18635
      Attached File-=>Added TeleportedDeath-S2_3.patch, #18636
      StatusConfirmed=>Ready For Test
      Planned Release2.3.5,2.4.0,2.5.0=>2.3.5, 2.4.0, 2.5.0, 2.6.0
      SummaryClient crashes with GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)\' failed=>Crash when undisbandable unit dies after teleporting "safety" from drowning
    Mon Apr 1 13:45:47 2013jtnStatusNone=>Confirmed
      Planned Release=>2.3.5,2.4.0,2.5.0
    Sat Mar 16 17:11:58 2013oneirosAttached File-=>Added freeciv-T0240-Y01700-manual.sav.bz2, #17441
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup