News:

Simutrans.com Portal
Our Simutrans site. You can find everything about Simutrans from here.

Segfault on world creation, in karte_t::enlarge_map() [r6866]

Started by ArthurDenture, October 27, 2013, 07:30:56 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

ArthurDenture

October 27, 2013, 07:30:56 PM
I get the following backtrace when creating a new world.

Code Select

*** Error in `/home/jacob/simutrans/sim-sdl-head': munmap_chunk(): invalid pointer: 0x000000001901e4a0 ***
#0  0x00007ffff6b6d037 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6b70698 in __GI_abort () at abort.c:90
#2  0x00007ffff6baa5ab in __libc_message (do_abort=do_abort@entry=2,
    fmt=fmt@entry=0x7ffff6cbd860 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
#3  0x00007ffff6bb5576 in malloc_printerr (action=3,
    str=0x7ffff6cbdbd8 "munmap_chunk(): invalid pointer", ptr=<optimized out>)
    at malloc.c:4902
#4  0x00000000006add98 in exit_perlin_map () at simtools.cc:184
#5  0x00000000006d818c in karte_t::enlarge_map (this=0x11514e0,
    sets=0x11514e0, h_field=0x0) at simworld.cc:2030
#6  0x00000000006d5fce in karte_t::init (this=0x11514e0,
    sets=0xa35e00 <env_t::default_settings>, h_field=0x0) at simworld.cc:1513
#7  0x000000000058a179 in welt_gui_t::action_triggered (this=0x18fe9a20,
    komp=0x18fead70, v=...) at gui/welt.cc:567
#8  0x00000000004ce4fb in gui_action_creator_t::call_listeners (
    this=0x18fead70, v=...) at gui/components/gui_action_creator.h:36
#9  0x00000000004ccc16 in button_t::infowin_event (this=0x18fead58,
    ev=0x7fffffffb7a0) at gui/components/gui_button.cc:428
#10 0x00000000004d3146 in gui_container_t::infowin_event (this=0x18fe9a28,
    ev=0x7fffffffb810) at gui/components/gui_container.cc:197
#11 0x0000000000519bbe in gui_frame_t::infowin_event (this=0x18fe9a20,
#12 0x000000000058a38d in welt_gui_t::infowin_event (this=0x18fe9a20,
    ev=0x7fffffffb8c0) at gui/welt.cc:597
#13 0x000000000057bcb7 in check_pos_win (ev=0x7fffffffb960)
    at gui/simwin.cc:1398
#14 0x0000000000699772 in modal_dialogue (gui=0x18fe9a20, magic=4,
    welt=0x11514e0, quit=0x699a7d <never_quit()>) at simmain.cc:242
#15 0x000000000069c7bb in simu_main (argc=1, argv=0x7fffffffe058)
    at simmain.cc:1234
#16 0x00000000006ac9a1 in sysmain (argc=1, argv=0x7fffffffe058)
    at simsys.cc:703
#17 0x00000000007177e3 in main (argc=1, argv=0x7fffffffe058) at simsys_s.cc:713


It looks to me that the problematic code is in karte_t::enlarge_map(): there are code paths that call exit_perlin_map() without having called init_perlin_map(). I don't understand the code well enough to know whether it's better to ensure that exit_perlin_map() is only called in appropriate situations or to just have exit_perlin_map() check for map != 0.

Dwachs

#1
October 28, 2013, 11:25:57 AM
The init/exit perlin-map should be fine: Even if map==NULL no segfault should occur. Something else seems to write out-of-bounds and modify the map pointer.
Parsley, sage, rosemary, and maggikraut.

prissi

#2
October 28, 2013, 11:30:08 AM
I get this error too, although only on this window8 machine here. I suspect something does this earlier and not to the map pointer. The perlin map is not accessible outside, so it seems something rather subtle. The macro which is the only place where the map is accessed was changed to (map[...]+0) to find any writing access after init and there was (unsurprinsingly) nothing

ArthurDenture

#3
October 29, 2013, 01:22:39 AM
I think r6868 (the water_hgt fix) might have fixed this -- it no longer repros for me at HEAD.
Print
Go Up Pages1
User actions