News:

SimuTranslator
Make Simutrans speak your language.

One memory corruption error found....

Started by neroden, June 30, 2013, 05:07:24 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

neroden

So I get this crash:

Program received signal SIGSEGV, Segmentation fault.
slist_tpl<fabrik_t*>::clear (this=this@entry=0x6e697720656d6507) at bauer/../tpl/slist_tpl.h:359
359                     node_t* p = head;
(gdb) bt
#0  slist_tpl<fabrik_t*>::clear (this=this@entry=0x6e697720656d6507) at bauer/../tpl/slist_tpl.h:359
#1  0x00000000005ae1e8 in haltestelle_t::verbinde_fabriken (this=0x6e697720656d6167) at simhalt.cc:1370
#2  0x00000000005f0ef4 in karte_t::rem_fab (this=this@entry=0xc920a0, fab=fab@entry=0x13d72b90) at simworld.cc:3127
#3  0x00000000004102d7 in hausbauer_t::remove (welt=welt@entry=0xc920a0, sp=sp@entry=0x3386b60, gb=gb@entry=
     0x13d733e0) at bauer/hausbauer.cc:367
#4  0x00000000005d842a in wkz_remover_t::wkz_remover_intern (sp=sp@entry=0x3386b60, welt=welt@entry=0xc920a0,
     pos=..., msg=@0x7fffffffbed8: 0x0) at simwerkz.cc:703
#5  0x00000000005d8d6c in wkz_remover_t::work (this=this@entry=0x905810, welt=welt@entry=0xc920a0, sp=0x3386b60,
     pos=...) at simwerkz.cc:894
#6  0x00000000005f09cb in karte_t::interactive_event (this=this@entry=0xc920a0, ev=...) at simworld.cc:6707
#7  0x00000000005f99ad in karte_t::interactive (this=this@entry=0xc920a0, quit_month=quit_month@entry=2147483647)
     at simworld.cc:7234
#8  0x00000000005bf458 in simu_main (argc=argc@entry=1, argv=argv@entry=0x7fffffffe1a8) at simmain.cc:1261
#9  0x00000000005c97af in sysmain (argc=1, argv=0x7fffffffe1a8) at simsys.cc:703
#10 0x0000000000634e79 in main (argc=<optimized out>, argv=<optimized out>) at simsys_s.cc:720
(gdb) print this
$1 = (slist_tpl<fabrik_t*> * const) 0x6e697720656d6507
(gdb) print this.head
Cannot access memory at address 0x6e697720656d6507


I do a little tracing.  The haltestelle_t pointer is no good (it's inaccessible memory).  However, in rem_fab, halt.is_bound() returns true.

Hmm.  So I check halt.entry, which is 58885.  Except that halt.size is 1024.  Oops.  What's going on?...

Eventually I spot a type error.  This happened during the introduction of the nearby_halt_t structure:

    halthandle_t list[48];
    const uint8 count = plan->get_haltlist_count();
    assert(count<48);
    memcpy( list, plan->get_haltlist(), count*sizeof(nearby_halt_t) );

See the problem?  Memcpy doesn't do any type checking...

Anyway, fixed on ncn-devel and prettier-cities-2.  Unfortunately I doubt that this is the main source of memory corruption since this should be corrupting the stack, and the other problems we've seen have been heap corruption...


jamespetts

#1
Thank you very much for the fix: it is appreciated. I see that, on your NCN-Devel branch, there is included this commit:

"Except in network mode, do NOT read comfort/catering/bonus data from savefile -- allow pak to set it."

I do not think that this is a very good idea, as this creates inconsistent behaviour between games saved for online and offline mode. It is frequently the case that one will want to save an online game to be edited offline and re-uploaded to the server. There is a danger that, if in doing so settings are lost, unnecessary difficulties will be created (if the default comfort, catering, etc. settings have been changed on the server's configuration files in anticipation of the next game, or if the server is running multiple games with different settings). Also, players should generally be able to count on their saved game behaving in the same way even if they update versions, which might affect the configuration files. Since it is possible manually to edit the values in the advanced settings GUI, it is preferable that these remain saved with the saved game in all cases, I think.

Edit: Have merged and reverted the abovementioned change.
Download Simutrans-Extended.

Want to help with development? See here for things to do for coding, and here for information on how to make graphics/objects.

Follow Simutrans-Extended on Facebook.