accelerator74
commented
3 years ago (gdb) bt
#0 0xed380b40 in CSoundControllerImp::SoundChangePitch(CSoundPatch*, float, float) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#1 0xed3f6c2f in CChainsaw::ItemPostFrame() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#2 0xed2dbb8f in CBasePlayer::ItemPostFrame() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#3 0xed3b98c5 in CTerrorPlayer::ItemPostFrame() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#4 0xed6787e9 in CBasePlayer::PostThink() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#5 0xed5217cb in CCSPlayer::PostThink() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#6 0xed8a26b6 in CTerrorPlayer::PostThink() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#7 0xed68aefe in CPlayerMove::RunPostThink(CBasePlayer*) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#8 0xed68b6e0 in CPlayerMove::RunCommand(CBasePlayer*, CUserCmd*, IMoveHelper*) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#9 0xed669eb3 in CBasePlayer::PlayerRunCommand(CUserCmd*, IMoveHelper*) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#10 0xed520537 in CCSPlayer::PlayerRunCommand(CUserCmd*, IMoveHelper*) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
#11 0xed891300 in CTerrorPlayer::PlayerRunCommand(CUserCmd*, IMoveHelper*) () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
[...]CSoundControllerImp::SoundChangePitch(CSoundPatch*, float, float)
(gdb) info registers
eax 0x0 0
ecx 0x0 0
edx 0xedadc048 -307380152
ebx 0xfffeeca0 -70496
esp 0xfffeebd8 0xfffeebd8
ebp 0xfffeebd8 0xfffeebd8
esi 0x16355de0 372596192
edi 0xdd46a20 232024608
eip 0xed380b40 0xed380b40 <CSoundControllerImp::SoundChangePitch(CSoundPatch*, float, float)+16>
eflags 0x210202 [ IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
k0 0x0 0
k1 0x0 0
k2 0x0 0
k3 0x0 0
k4 0x0 0
k5 0x0 0
k6 0x0 0
k7 0x0 0
(gdb) disassemble
Dump of assembler code for function _ZN19CSoundControllerImp16SoundChangePitchEP11CSoundPatchff:
0xed380b30 <+0>: push %ebp
0xed380b31 <+1>: mov %esp,%ebp
0xed380b33 <+3>: mov 0xc(%ebp),%eax
0xed380b36 <+6>: movss 0x10(%ebp),%xmm1
0xed380b3b <+11>: movss 0x14(%ebp),%xmm0
=> 0xed380b40 <+16>: orl $0x2,0x50(%eax)
0xed380b44 <+20>: movss %xmm0,0x10(%ebp)
0xed380b49 <+25>: movss %xmm1,0xc(%ebp)
0xed380b4e <+30>: mov %eax,0x8(%ebp)
0xed380b51 <+33>: pop %ebp
0xed380b52 <+34>: jmp 0xed380aa0 <_ZN14CSoundEnvelope9SetTargetEff>
End of assembler dump.CChainsaw::ItemPostFrame()
(gdb) frame 1
#1 0xed3f6c2f in CChainsaw::ItemPostFrame() () from /home/user/l4d2_coop/left4dead2/bin/server_srv.so
0xed3f6bb2 <+2578>: call 0xed38aea0 <_Z16ClearMultiDamagev>
0xed3f6bb7 <+2583>: lea -0xcc(%ebp),%eax
0xed3f6bbd <+2589>: mov %esi,(%esp)
0xed3f6bc0 <+2592>: mov %eax,0xc(%esp)
0xed3f6bc4 <+2596>: lea -0x158(%ebp),%eax
0xed3f6bca <+2602>: mov %eax,0x8(%esp)
0xed3f6bce <+2606>: lea -0x78(%ebp),%eax
0xed3f6bd1 <+2609>: mov %eax,0x4(%esp)
0xed3f6bd5 <+2613>: call 0xed2d18f0 <_ZN11CBaseEntity19DispatchTraceAttackERK15CTakeDamageInfoRK6VectorP10CGameTrace>
0xed3f6bda <+2618>: call 0xed38af10 <_Z16ApplyMultiDamagev>
0xed3f6bdf <+2623>: mov 0x180c(%edi),%eax
0xed3f6be5 <+2629>: cmp $0x64,%eax
0xed3f6be8 <+2632>: je 0xed3f7115 <_ZN9CChainsaw13ItemPostFrameEv+3957>
0xed3f6bee <+2638>: sub $0xa,%eax
0xed3f6bf1 <+2641>: mov $0x32,%edx
0xed3f6bf6 <+2646>: cmp $0x31,%eax
0xed3f6bf9 <+2649>: cmovg %eax,%edx
0xed3f6bfc <+2652>: mov %edx,0x180c(%edi)
0xed3f6c02 <+2658>: call 0xed381370 <_ZN24CSoundEnvelopeController13GetControllerEv>
0xed3f6c07 <+2663>: mov (%eax),%edx
0xed3f6c09 <+2665>: movl $0x3e4ccccd,0xc(%esp)
0xed3f6c11 <+2673>: cvtsi2ssl 0x180c(%edi),%xmm0
0xed3f6c19 <+2681>: movss %xmm0,0x8(%esp)
0xed3f6c1f <+2687>: mov 0x17fc(%edi),%ecx
0xed3f6c25 <+2693>: mov %eax,(%esp)
0xed3f6c28 <+2696>: mov %ecx,0x4(%esp)
0xed3f6c2c <+2700>: call *0x30(%edx)
=> 0xed3f6c2f <+2703>: mov -0x180(%ebp),%eax
0xed3f6c35 <+2709>: mov %eax,(%esp)
0xed3f6c38 <+2712>: call 0xed444bf0 <_ZNK14CountdownTimer3NowEv>
0xed3f6c3d <+2717>: fstps -0x17c(%ebp)
0xed3f6c43 <+2723>: movss -0x17c(%ebp),%xmm6
0xed3f6c4b <+2731>: addss 0xedac83d8,%xmm6
0xed3f6c53 <+2739>: comiss 0x1818(%edi),%xmm6
0xed3f6c5a <+2746>: movss %xmm6,-0x17c(%ebp)
0xed3f6c62 <+2754>: jne 0xed3f703e <_ZN9CChainsaw13ItemPostFrameEv+3742>
0xed3f6c68 <+2760>: movss 0x1814(%edi),%xmm0
0xed3f6c70 <+2768>: comiss 0xedac83d8,%xmm0
0xed3f6c77 <+2775>: jne 0xed3f7013 <_ZN9CChainsaw13ItemPostFrameEv+3699>
0xed3f6c7d <+2781>: mov (%esi),%eax
0xed3f6c7f <+2783>: mov %esi,(%esp)
0xed3f6c82 <+2786>: call *0x144(%eax)
0xed3f6c88 <+2792>: test %eax,%eax
0xed3f6c8a <+2794>: je 0xed3f6814 <_ZN9CChainsaw13ItemPostFrameEv+1652>
0xed3f6c90 <+2800>: mov 0xede9ecac,%eax
0xed3f6c95 <+2805>: movss 0xc(%eax),%xmm0
0xed3f6c9a <+2810>: comiss 0x181c(%edi),%xmm0
0xed3f6ca1 <+2817>: jbe 0xed3f6d07 <_ZN9CChainsaw13ItemPostFrameEv+2919>
(gdb) info registers
eax 0x0 0
ecx 0x0 0
edx 0xedadc048 -307380152
ebx 0xfffeeca0 -70496
esp 0xfffeebe0 0xfffeebe0
ebp 0xfffeed98 0xfffeed98
esi 0x16355de0 372596192
edi 0xdd46a20 232024608
eip 0xed3f6c2f 0xed3f6c2f <CChainsaw::ItemPostFrame()+2703>
eflags 0x210202 [ IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
k0 0x0 0
k1 0x0 0
k2 0x0 0
k3 0x0 0
k4 0x0 0
k5 0x0 0
k6 0x0 0
k7 0x0 0
lunatixxx
fbef0102
Hawkins93
In continuation of the issue https://github.com/ValveSoftware/Source-1-Games/issues/2526.
After the update (2.2.1.3) from June 15, 2021, the function on which the crash occurs has changed. Now the crash happens on the
CSoundControllerImp::SoundChangePitch(CSoundPatch *, float, float)function. The reason is the same as it was, as described by @ProdigySim in previous issue. Need to check forCSoundPachvalue is notNULL.