News:

Use the "Forum Search"
It may help you to find anything in the forum ;).

[r9702] Potential crash when sync_step runs during scenario startup

Started by ceeac, March 24, 2021, 07:39:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ceeac

Looks like the Load Scenario window is deleted before all of its events are processed.
To reproduce:

  • Run Simutrans under valgrind
  • Load the attached scenario with pak64
Output:

==7342== Invalid write of size 1
==7342==    at 0x5E7732: savegame_frame_t::action_triggered(gui_action_creator_t*, value_t) (savegame_frame.cc:535)
==7342==    by 0x50F416: gui_action_creator_t::call_listeners(value_t) (gui_action_creator.h:32)
==7342==    by 0x5106E4: button_t::infowin_event(event_t const*) (gui_button.cc:291)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x52F412: gui_scrollpane_t::infowin_event(event_t const*) (gui_scrollpane.cc:163)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x5887D8: gui_frame_t::infowin_event(event_t const*) (gui_frame.cc:132)
==7342==    by 0x5E70B6: savegame_frame_t::infowin_event(event_t const*) (savegame_frame.cc:458)
==7342==    by 0x60CEB1: check_pos_win(event_t*) (simwin.cc:1582)
==7342==    by 0x7F0035: interaction_t::process_event(event_t&) (siminteraction.cc:366)
==7342==  Address 0x2e3bbb10 is 8,336 bytes inside a block of size 10,240 free'd
==7342==    at 0x483CFBF: operator delete(void*) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==7342==    by 0x5E93DC: scenario_frame_t::~scenario_frame_t() (scenario_frame.h:14)
==7342==    by 0x60A0AE: destroy_framed_win(simwin_t*) (simwin.cc:879)
==7342==    by 0x60A844: process_kill_list() (simwin.cc:830)
==7342==    by 0x60A4EC: display_all_win() (simwin.cc:1093)
==7342==    by 0x60DBE3: win_display_flush(double) (simwin.cc:1711)
==7342==    by 0x7F060F: intr_refresh_display(bool) (simintr.cc:83)
==7342==    by 0x864485: karte_t::sync_step(unsigned int, bool, bool) (simworld.cc:3702)
==7342==    by 0x7F075D: interrupt_check(char const*) (simintr.cc:114)
==7342==    by 0x455BC7: way_builder_t::build() (wegbauer.cc:3008)
==7342==    by 0x8256D5: tool_build_way_t::do_work(player_t*, koord3d const&, koord3d const&) (simtool.cc:2529)
==7342==    by 0x8058BC: two_click_tool_t::work(player_t*, koord3d) (simmenu.cc:1185)
==7342==  Block was alloc'd at
==7342==    at 0x483BE63: operator new(unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==7342==    by 0x4F29DF: banner_t::action_triggered(gui_action_creator_t*, value_t) (banner.cc:172)
==7342==    by 0x50F416: gui_action_creator_t::call_listeners(value_t) (gui_action_creator.h:32)
==7342==    by 0x5106E4: button_t::infowin_event(event_t const*) (gui_button.cc:291)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x517176: gui_container_t::infowin_event(event_t const*) (gui_container.cc:206)
==7342==    by 0x5887D8: gui_frame_t::infowin_event(event_t const*) (gui_frame.cc:132)
==7342==    by 0x4F276D: banner_t::infowin_event(event_t const*) (banner.cc:151)
==7342==    by 0x60CEB1: check_pos_win(event_t*) (simwin.cc:1582)
==7342==    by 0x7F7905: modal_dialogue(gui_frame_t*, long, karte_t*, bool (*)()) (simmain.cc:259)
==7342==    by 0x7FD125: simu_main(int, char**) (simmain.cc:1547)
==7342==    by 0x8C0E3E: sysmain(int, char**) (simsys.cc:1125)

Dwachs

The problem is that it runs through interrupt_check, which triggers a display update. I think the check inside_event_handling==wins.gui should be also done in process_kill_list.
Parsley, sage, rosemary, and maggikraut.

Dwachs

Parsley, sage, rosemary, and maggikraut.