search

GPSnoopy / BelgianChocolateDuke3D

Chocolate Duke Nukem 3D
35 stars 9 forks source link

Using DNCLIP can crash when going outside the map #4

Open GPSnoopy opened 4 years ago

GPSnoopy commented 4 years ago

Easy way to reproduce is at the start of E1L2, right at the start position in the lift: type DNCLIP, u-turn and move forward. Instant crash.

Confirmed on Ubuntu x64 in both Debug and Release mode. But unable to reproduce on Windows and Visual Studio.

Hello again, the crash still occurs, this is GDB's backtrace on E1L2 whenever I turn around 180 degrees, use DNCLIP and clip through the wall, it appears that the issue is at mvlineasm4() at line 460 of draw.c (I am using Ubuntu 20.04 64 bits if that is relevant):

Thread 1 "ChocoDuke3D.64d" received signal SIGSEGV, Segmentation fault.
mvlineasm4 (columnIndex=129,
framebuffer=0x55555cc61d62 '\004' <repeats 14 times>, "\005\005\003\003\003\003\002\002\003\003", '\002' <repeats 12 times>, "\001\001\002\002\001\001\001\001\001\030\001\001") at /home/user/BelgianChocolateDuke3D/Engine/src/draw.c:460
460                      framebuffer[index+i] = palookupoffse[i][temp];
(gdb) bt
#0  mvlineasm4
(columnIndex=129, framebuffer=0x55555cc61d62 '\004' <repeats 14 times>, "\005\005\003\003\003\003\002\002\003\003", '\002' <repeats 12 times>, "\001\001\002\002\001\001\001\001\001\030\001\001")
at /home/user/BelgianChocolateDuke3D/Engine/src/draw.c:460
#1  0x0000555555618b2a in dorotatesprite
(sx=24281088, sy=23612594, z=157286, a=0, picnum=2524, dashade=14 '\016', dapalnum=85 'U', dastat=2 '\002', cx1=0, cy1=0, cx2=639, cy2=397)
at /home/user/BelgianChocolateDuke3D/Engine/src/engine.c:4088
#2  0x000055555562aa3c in rotatesprite
(sx=12124160, sy=10944512, z=65536, a=0, picnum=2524, dashade=14 '\016', dapalnum=85 'U', dastat=2 '\002', cx1=0, cy1=0, cx2=639, cy2=397)
at /home/user/BelgianChocolateDuke3D/Engine/src/engine.c:8043
#3  0x00005555555904c5 in myospal
(x=185, y=167, tilenum=2524, shade=14 '\016', orientation=2 '\002', p=85 'U') at /home/user/BelgianChocolateDuke3D/Game/src/game.c:1421
#4  0x00005555555daded in displayweapon (snum=0)
at /home/user/BelgianChocolateDuke3D/Game/src/player.c:1593
#5  0x0000555555597020 in displayrest (smoothratio=32768)
at /home/user/BelgianChocolateDuke3D/Game/src/game.c:2735
#6  0x00005555555aca9c in main (argc=2, argv=0x7fffffffdfb8)
at /home/user/BelgianChocolateDuke3D/Game/src/game.c:8510

Hello, not sure if this will help but the issue seems to be the variable palookupoffse, for some reason memory is not being allocated to any of the 4 entries it provides (it is of type uint8_t**). It is declared at line 196 in the file Engine/src/engine.c.

uint8_t* palookupoffse[4];

It seems to be assigned only in the file engine.c, here are a couple lines where the assignment occurs (not sure if this will help), keep in mind that the crash occurs when mvlineasm4() is called at line 4088:

1279 1334 1335 1339 1340 1344 1345 1394 1468 1515 1516 1520 1521 1525 1526 1560 3111 3112 4001