bugBattle for Wesnoth - Bugs: bug #20742, Segfault before main menu

Show feedback again

bug #20742: Segfault before main menu

Submitted by:  Ben Boeckel <mathstuf>
Submitted on:  Thu Apr 18 03:35:59 2013  
Category: BugSeverity: 4 - Important
Priority: 7 - HighItem Group:  None of the others
Status: FixedPrivacy: Public
Assigned to: J Tyne <jamit>Open/Closed: Closed
Release: 1.10.6Operating System: Linux

Add a New Comment (Rich MarkupRich Markup):

You are not logged in

Please log in, so followups can be emailed to you.


Sun May 12 11:22:15 2013, comment #4:

I've just cherry-picked the commit that r55857 became into the 1.10 branch.

Alexander van Gessel <ai0867>
Project Member
Sat Apr 27 20:10:19 2013, comment #3:

The change mentioned on the forum works for me when applied to Fedora's package.

Ben Boeckel <mathstuf>
Sun Apr 21 01:10:20 2013, comment #2:

That looks familiar. And it looks like I did not backport r55857 for some reason. I'll get to this once I get a git development environment set up. (Which will be after the depository stops jumping hosts.)

In the meantime, the fix given at http://forums.wesnoth.org/viewtopic.php?f=4&t=38017&p=544425#p544366 will probably get rid of the crash.

J Tyne <jamit>
Project MemberIn charge of this item.
Thu Apr 18 03:40:35 2013, comment #1:

Never mind, just occurred with RelWithDebInfo; I may have forgotten to install that build when testing.

Also, gdb finally finished printing the walker in the active gdb session:

(gdb) p w
$8 = {
string_ = "Easy\000\000\000\000\060\000\000\000\000\000\000\000\261\001\000\000\000\000\000\000\214\001\000\000\000\000\000\000\214\001\000\000\000\000\000\000\001\000\000\000lse] [standing_anim]\n start_time=0\n [if]\n", ' ' <repeats 12 times>, "direction=s,se,sw\n", ' ' <repeats 12 times>, "[frame]\n", ' ' <repeats 16 times>, "duration=150\n", ' ' <repeats 16 times>, "ima"...<Address 0x216e000 out of bounds>, begin_ = 7, end_ = 22777584,
textdomain_ = "", translatable_ = false}

Ben Boeckel <mathstuf>
Thu Apr 18 03:35:59 2013, original submission:

On Fedora Rawhide, Wesnoth crashes before the main menu. Tracking down the crash, I've determined the following:

- Only happens in release mode (RelWithDebInfo doesn't crash either)
- valgrind doesn't mention anything doing use-after-free or out-of-bounds reading

The backtrace:

#0 __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1578
#1 0x0000000000a28c70 in write_key_val_visitor::operator()(t_string const&) const ()
#2 0x0000000000a28ea1 in write_key_val(std::ostream&, std::string const&, config::attribute_value const&, unsigned int, std::string&) ()
#3 0x0000000000a291eb in write_internal(config const&, std::ostream&, std::string&, unsigned long) ()
#4 0x0000000000a29249 in write_internal(config const&, std::ostream&, std::string&, unsigned long) ()
#5 0x0000000000a29372 in write(std::ostream&, config const&, unsigned int) ()
#6 0x000000000074c2d1 in game_config::config_cache::write_file(std::string, config const&) ()
#7 0x00000000007511e9 in game_config::config_cache::read_cache(std::string const&, config&) ()
#8 0x000000000075246b in game_config::config_cache::load_configs(std::string const&, config&) ()
#9 0x000000000048399b in game_controller::load_game_cfg(bool) ()
#10 0x0000000000484ccc in game_controller::init_config(bool) ()
#11 0x00000000004491a9 in do_gameloop(int, char**) ()
#12 0x000000000042c2e4 in main ()

In write_key_val_visitor (src/serialization/parser.cpp:454), the t_string passed in is "\004\000\000Easy". Any gdb commands relating to the t_string take a while. When the walker iterates over it, the walker is first:

(gdb) p w
$5 = {string_ = "\004\000\000Easy", begin_ = 3, end_ = 7, textdomain_ = "wesnoth", translatable_ = true}

On the second iteration, in the current session of gdb (where the above line came from), it's been trying to print the walker's value for the past 20 minutes. In one core dump I have, I see its value as:

(gdb) p w
$1 = {
string_ = "\256\256\256\256\256\256\256\256\060\000\000\000\000\000\000\000 \000\000\000\000\000\000\000\240\351\363\002", '\000' <repeats 12 times>, "\017\000\000\000\000\000\000\aq\000\000\000\000\000\000\000P\366\342\002\000\000\000\000 \324\002\000\000\000\000", '\256' <repeats 80 times>, "p\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\025\000\000\000\000\000\000\000\025\000\000\000\000\000\000\000\001\000\000\000QQQQANIMATIO"...<Address 0x3acc000 out of bounds>, begin = 7, end_ = 45276816, textdomain_ = "", translatable_ = false}

The value passed in is the same in the core as the gdb session.

Moving the ~/.cache/wesnoth and ~/.config/wesnoth directories out of the way does not help. There is no ~/.wesnoth1.10 directory.

Ben Boeckel <mathstuf>


(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):

No files currently attached


Depends on the following items: None found

Items that depend on this one: None found


Carbon-Copy List
  • -unavailable- added by ai0867 (Posted a comment)
  • -unavailable- added by jamit (Posted a comment)
  • -unavailable- added by mathstuf (Submitted the item)

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.


    Error: not logged in



    Follow 5 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Sat Aug 17 21:59:46 2013jamitOpen/ClosedOpen=>Closed
    Mon Jun 24 00:18:23 2013jamitStatusIn Progress=>Fixed
    Wed Apr 24 04:15:56 2013jamitStatusNone=>In Progress
    Sun Apr 21 01:10:20 2013jamitPriority5 - Normal=>7 - High
      Assigned toNone=>jamit
    Show feedback again

    Back to the top

    Powered by Savane 3.1-cleanup