search

TheAssemblyArmada / Vanilla-Conquer

Vanilla Conquer provides clean, cross-platform builds of the C&C Remastered Collection and the standalone legacy games.
Other
349 stars 52 forks source link

[RA] Game crashes when removing (destroying or selling) a building with a bib #212

Closed hazelnot closed 3 years ago

hazelnot commented 3 years ago

I think the explosion of the oil derrick might be causing it, cause that's about when the crash happens, but I can't get in there to properly test it without getting zapped by the Tesla Coils or getting a grenade thrown by an enemy onto the barrels.

image

This is the gdb log:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff737d640 (LWP 19756)]
[Thread 0x7ffff737d640 (LWP 19756) exited]
[New Thread 0x7ffff6cbb640 (LWP 19757)]
[ALSOFT] (EE) Failed to set real-time priority for thread: Operation not permitted (1)
[New Thread 0x7ffff64ba640 (LWP 19758)]
[ALSOFT] (EE) Failed to set real-time priority for thread: Operation not permitted (1)
[New Thread 0x7ffff5cb9640 (LWP 19759)]
[New Thread 0x7fffd3362640 (LWP 19760)]
[New Thread 0x7fffd2b61640 (LWP 19761)]
[New Thread 0x7fffd2360640 (LWP 19762)]
[New Thread 0x7fffd1b5f640 (LWP 19763)]
[New Thread 0x7fffd135e640 (LWP 19764)]
[New Thread 0x7fffd0b5d640 (LWP 19765)]
[New Thread 0x7fffbbfff640 (LWP 19766)]
[New Thread 0x7fffbb7fe640 (LWP 19767)]
[New Thread 0x7fffbaffd640 (LWP 19768)]
[New Thread 0x7fffba7fc640 (LWP 19769)]
[New Thread 0x7fffb9ffb640 (LWP 19770)]
[New Thread 0x7fffb97fa640 (LWP 19771)]
[New Thread 0x7fffb8ff9640 (LWP 19772)]
[New Thread 0x7fff97fff640 (LWP 19773)]
[New Thread 0x7fff977fe640 (LWP 19774)]
[New Thread 0x7fff96ffd640 (LWP 19775)]
[New Thread 0x7fff967fc640 (LWP 19776)]
[New Thread 0x7fff95ffb640 (LWP 19777)]
[New Thread 0x7fff957fa640 (LWP 19778)]
[New Thread 0x7fff94ff9640 (LWP 19779)]
[New Thread 0x7fff77fff640 (LWP 19780)]
[New Thread 0x7fff777fe640 (LWP 19781)]
[New Thread 0x7fff76ffd640 (LWP 19782)]
[Thread 0x7fff76ffd640 (LWP 19782) exited]
[New Thread 0x7fff76ffd640 (LWP 19783)]
[Thread 0x7fff76ffd640 (LWP 19783) exited]
[New Thread 0x7fff76ffd640 (LWP 19785)]
[Thread 0x7fff76ffd640 (LWP 19785) exited]
[New Thread 0x7fff76ffd640 (LWP 19786)]
Loaded scenario fileSCG01EA.INIassert 'IsActive' failed at line 249 in module /home/hazelnot/git/Vanilla-Conquer/redalert/smudge.cpp.
Prog_End()assert 'IsActive' failed at line 249 in module /home/hazelnot/git/Vanilla-Conquer/redalert/smudge.cpp.
[Thread 0x7ffff5cb9640 (LWP 19759) exited]
[Thread 0x7ffff64ba640 (LWP 19758) exited]

Thread 1 "vanillara" received signal SIGSEGV, Segmentation fault.
SmudgeClass::Disown (this=0x5555569a4a40, cell=7485) at /home/hazelnot/git/Vanilla-Conquer/redalert/smudge.cpp:251
--Type <RET> for more, q to quit, c to continue without paging--
251    if (Class->IsBib) {
(gdb) bt
#0  SmudgeClass::Disown (this=0x5555569a4a40, cell=7485) at /home/hazelnot/git/Vanilla-Conquer/redalert/smudge.cpp:251
#1  0x000055555559eebd in BuildingClass::Mark (this=0x55555772dad0, mark=MARK_UP) at /home/hazelnot/git/Vanilla-Conquer/redalert/building.cpp:761
#2  0x00005555556411f4 in ObjectClass::Limbo (this=0x55555772dad0) at /home/hazelnot/git/Vanilla-Conquer/redalert/object.cpp:1429
#3  0x00005555556536d5 in RadioClass::Limbo (this=0x55555772dad0) at /home/hazelnot/git/Vanilla-Conquer/redalert/radio.cpp:260
#4  0x00005555555a3e38 in BuildingClass::Limbo (this=0x55555772dad0) at /home/hazelnot/git/Vanilla-Conquer/redalert/building.cpp:2506
#5  0x000055555559f742 in BuildingClass::AI (this=0x55555772dad0) at /home/hazelnot/git/Vanilla-Conquer/redalert/building.cpp:966
#6  0x000055555562eeb3 in LogicClass::AI (this=0x55555579d780 <Logic>) at /home/hazelnot/git/Vanilla-Conquer/redalert/logic.cpp:350
#7  0x00005555555c890e in Main_Loop () at /home/hazelnot/git/Vanilla-Conquer/redalert/conquer.cpp:1958
#8  0x00005555555c5557 in Main_Game (argc=2, argv=0x7fffffffe0a8) at /home/hazelnot/git/Vanilla-Conquer/redalert/conquer.cpp:323
#9  0x0000555555677923 in main (argc=2, argv=0x7fffffffe0a8) at /home/hazelnot/git/Vanilla-Conquer/redalert/startup.cpp:578
hifi commented 3 years ago

Can't repro this by blowing up the barrels immediately after starting the map. Does your game crash in Soviet 1 as well when you blow up the barrels in the map?

hazelnot commented 3 years ago

Nope, barrels seem to be fine in every mission other than this one, and like I said, I suspect it might have to do with the oil derrick's explosion, or a smudge that it's supposed to create after the explosion.

hazelnot commented 3 years ago

Hmm, looking at smudge.cpp, the section that causes the crash is used for removing building bibs after they've been destroyed, and that makes sense since in Soviets 1 none of the enemy buildings on the map have bibs. I'll continue to investigate.

Edit: YUP, I get a crash whenever a building with a bib is removed, even selling causes it.

hifi commented 3 years ago

I actually reproduced this by selling the radar.

hifi commented 3 years ago

Here's a backtrace of the crash with a backtrace of the previous free (that sets IsActive = false):


Thread 1 "vanillara" hit Breakpoint 1, SmudgeClass::operator delete (ptr=0xcc7d028d72d26800) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:87
87      {
#0  SmudgeClass::operator delete (ptr=0xcc7d028d72d26800) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:87
#1  0x000055555567749e in SmudgeClass::~SmudgeClass (this=0x555557022020, __in_chrg=<optimized out>) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.h:77
#2  0x00005555556779de in SmudgeClass::Mark (this=0x555557022020, mark=MARK_DOWN) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:223
#3  0x0000555555642ebc in ObjectClass::Unlimbo (this=0x555557022020, coord=4294967295) at /home/hifi/work/Vanilla-Conquer/redalert/object.cpp:1480
#4  0x0000555555677603 in SmudgeClass::SmudgeClass (this=0x555557022020, type=SMUDGE_BIB3, pos=4294967295, house=HOUSE_NONE) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:120
#5  0x000055555559de7b in BuildingClass::Mark (this=0x555557cad5e0, mark=MARK_UP) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:759
#6  0x0000555555642ca2 in ObjectClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/object.cpp:1429
#7  0x00005555556554ef in RadioClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/radio.cpp:260
#8  0x00005555555a2ed2 in BuildingClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:2506
#9  0x000055555559e748 in BuildingClass::AI (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:966
#10 0x0000555555630549 in LogicClass::AI (this=0x5555557a1420 <Logic>) at /home/hifi/work/Vanilla-Conquer/redalert/logic.cpp:350
#11 0x00005555555c81f2 in Main_Loop () at /home/hifi/work/Vanilla-Conquer/redalert/conquer.cpp:1958
#12 0x00005555555c4e07 in Main_Game (argc=2, argv=0x7fffffffddf8) at /home/hifi/work/Vanilla-Conquer/redalert/conquer.cpp:323
#13 0x000055555567a007 in main (argc=2, argv=0x7fffffffddf8) at /home/hifi/work/Vanilla-Conquer/redalert/startup.cpp:578
assert 'IsActive' failed at line 249 in module /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp.
Prog_End()assert 'IsActive' failed at line 249 in module /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp.
[Thread 0x7ffff5cfb640 (LWP 303732) exited]
[Thread 0x7ffff5efc640 (LWP 303731) exited]
[Thread 0x7ffff66fd640 (LWP 303730) exited]

Thread 1 "vanillara" received signal SIGSEGV, Segmentation fault.
SmudgeClass::Disown (this=0x555557022020, cell=7485) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:251
251         if (Class->IsBib) {
(gdb) bt
#0  SmudgeClass::Disown (this=0x555557022020, cell=7485) at /home/hifi/work/Vanilla-Conquer/redalert/smudge.cpp:251
#1  0x000055555559de9f in BuildingClass::Mark (this=0x555557cad5e0, mark=MARK_UP) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:761
#2  0x0000555555642ca2 in ObjectClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/object.cpp:1429
#3  0x00005555556554ef in RadioClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/radio.cpp:260
#4  0x00005555555a2ed2 in BuildingClass::Limbo (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:2506
#5  0x000055555559e748 in BuildingClass::AI (this=0x555557cad5e0) at /home/hifi/work/Vanilla-Conquer/redalert/building.cpp:966
#6  0x0000555555630549 in LogicClass::AI (this=0x5555557a1420 <Logic>) at /home/hifi/work/Vanilla-Conquer/redalert/logic.cpp:350
#7  0x00005555555c81f2 in Main_Loop () at /home/hifi/work/Vanilla-Conquer/redalert/conquer.cpp:1958
#8  0x00005555555c4e07 in Main_Game (argc=2, argv=0x7fffffffddf8) at /home/hifi/work/Vanilla-Conquer/redalert/conquer.cpp:323
#9  0x000055555567a007 in main (argc=2, argv=0x7fffffffddf8) at /home/hifi/work/Vanilla-Conquer/redalert/startup.cpp:578

EDIT: Updated backtraces from a recent vanilla branch build so the line numbers line up.

OmniBlade commented 3 years ago

I'm betting is due to line 118 in smudge.cpp. It compares an unsigned 64bit long (on linux) against -1, but the ctor default value is actually 0xFFFFFFFF which is a 32bit -1. Both the default value and the comparison need to be against the same value to prevent it deleting itself before the bib code has a chance to fire.

OmniBlade commented 3 years ago

PR #229 should fix this crash though it needs confirming as I coded it blind on windows.