search

ElunaLuaEngine / Eluna

Eluna Lua Engine © for WoW Emulators
https://elunaluaengine.github.io
GNU General Public License v3.0
372 stars 356 forks source link

[Bug] - [CMANGOS-TBC] Event OnPlayerKilledByCreature Hook Sometimes Got Core Crash #452

Closed betayi closed 9 months ago

betayi commented 10 months ago

Here is part of the coredumpctl gdb output:

Core was generated by `./mangosd'. Program terminated with signal SIGSEGV, Segmentation fault.

0 Unit::Kill (killer=0x0, victim=0x7fd6841ddb00, damagetype=<error reading variable: Cannot access memory at address 0x7fd6e9b818ec>,

spellInfo=<error reading variable: Cannot access memory at address 0x7fd6e9b818f8>, durabilityLoss=, duel_hasEnded=) at /data/C-TBC/src/game/Entities/Object.h:484 484 Creature ToCreature() { if (GetTypeId() == TYPEID_UNIT) return reinterpret_cast<Creature>(this); else return NULL; } [Current thread is 1 (LWP 477840)]

in Unit.cpp the only place invoke ToCreature() is:

ifdef BUILD_ELUNA

    if (Creature* killerCre = killer->ToCreature())                                                                                                                                                                                                                     
    {                                                                                                                                                                                                                                                                   
            // used by eluna                                                                                                                                                                                                                                            
            if (Player* killed = victim->ToPlayer())                                                                                                                                                                                                                    
                    sEluna->OnPlayerKilledByCreature(killerCre, killed);                                                                                                                                                                                                
    }

endif

So, is this the core crash reason ? @Niam5

Niam5 commented 10 months ago

Can you provide the script you are using and the conditions that cause the crash please.

On Fri, Nov 10, 2023, 9:16 AM Beta.Yi @.***> wrote:

Here is part of the coredumpctl gdb output: Core was generated by `./mangosd'. Program terminated with signal SIGSEGV, Segmentation fault.

0 Unit::Kill (killer=0x0, victim=0x7fd6841ddb00, damagetype=<error

reading variable: Cannot access memory at address 0x7fd6e9b818ec>, spellInfo=<error reading variable: Cannot access memory at address 0x7fd6e9b818f8>, durabilityLoss=, duel_hasEnded=) at /data/C-TBC/src/game/Entities/Object.h:484 484 Creature ToCreature() { if (GetTypeId() == TYPEID_UNIT) return reinterpret_cast<Creature>(this); else return NULL; } [Current thread is 1 (LWP 477840)] in Unit.cpp the only place invoke ToCreature() is: #ifdef BUILD_ELUNA if (Creature killerCre = killer->ToCreature()) { // used by eluna if (Player killed = victim->ToPlayer()) sEluna->OnPlayerKilledByCreature(killerCre, killed); }

endif

So, is this the core crash reason ? @Niam5 https://github.com/Niam5

— Reply to this email directly, view it on GitHub https://github.com/ElunaLuaEngine/Eluna/issues/452, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD6KBL5ZVK7YFSSMSFN3UTYDZAL7AVCNFSM6AAAAAA7GJQ7Y2VHI2DSMVQWIX3LMV43ASLTON2WKOZRHE4DONZYHA4TKMI . You are receiving this because you were mentioned.Message ID: @.***>

betayi commented 10 months ago

in dumplog , the crash was triggered before hook function, so lua scripts defined registerplayerevent can not be execute here,

the condition is hard to say , cuz it should be a special killer , must not a creature.

Rochet2 commented 10 months ago

@Niam5 Looks like killer can be nullptr as seen here, but its not checked if it is null here.

I think the killer might be nullptr if player dies from a spell casted by a gameobject that has no owner. In this case the caster cannot be the gameobject or any other entity as it must be Unit and gameobject is not an Unit. I guess maybe a fireplace that damages player could cause this? Looks like some AOE or DOT spells call GetAffectiveCasterOrOwner which might result in nullptr as caster, so spell damage to player will be done by nullptr which then crashes the code as killer is nullptr.

Niam5 commented 10 months ago

So it sounds like a null check is needed before calling the check to see if the killer is a creature. I'll write up something here in a bit I'm picking up someone from the airport so I'm away from a computer to work on.

On Fri, Nov 10, 2023, 3:54 PM Rochet2 @.***> wrote:

@Niam5 https://github.com/Niam5 Looks like killer can be nullptr as seen here https://github.com/Eluna-Ports/Eluna-CMaNGOS-TBC/blob/280ba788313381618fcd0e0bb833a3ec0042d6d7/src/game/Entities/Unit.cpp#L1159, but its not checked if it is null here https://github.com/Eluna-Ports/Eluna-CMaNGOS-TBC/blob/280ba788313381618fcd0e0bb833a3ec0042d6d7/src/game/Entities/Unit.cpp#L1243 .

I think the killer might be nullptr if player dies from a spell casted by a gameobject that has no owner. In this case the caster cannot be the gameobject or any other entity as it must be Unit and gameobject is not an Unit. I guess maybe a fireplace that damages player could cause this? Looks like some AOE or DOT spells call this https://github.com/Eluna-Ports/Eluna-CMaNGOS-TBC/blob/280ba788313381618fcd0e0bb833a3ec0042d6d7/src/game/Spells/Spell.cpp#L7738-L7741 which might result in nullptr as caster, so spell damage to player will be done by nullptr which then crashes the code as killer is nullptr.

— Reply to this email directly, view it on GitHub https://github.com/ElunaLuaEngine/Eluna/issues/452#issuecomment-1806485230, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD6KBPVIQMDPSSEUCQR3UTYD2PDHAVCNFSM6AAAAAA7GJQ7Y2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBWGQ4DKMRTGA . You are receiving this because you were mentioned.Message ID: @.***>

Niam5 commented 9 months ago

Update your core to c5eb05a0e04d6638121def394e5d1b7bf1641ac5 and see if it still crashes please.

betayi commented 9 months ago

works. no more crash with this info.