search

Warzone2100 / old-trac-import

Archived Import of (old) Warzone 2100 Trac
0 stars 0 forks source link

Invalid pVertices in pie_Draw3DShape2() #2041

Closed wzdev-ci closed 12 years ago

wzdev-ci commented 14 years ago

resolution_fixed type_bug | by vexed

>   Warzone2100-Dbg.exe!pie_Draw3DShape2(_iIMDShape * shape=0x065860c0, int frame=0x00000000, PIELIGHT colour={...}, PIELIGHT specular={...}, int pieFlag=0x00000002, int pieFlagData=0x00000078)  Line 196 + 0x3 bytes C
    Warzone2100-Dbg.exe!pie_Draw3DShape(_iIMDShape * shape=0x065860c0, int frame=0x00000000, int team=0x00000000, PIELIGHT colour={...}, PIELIGHT specular={...}, int pieFlag=0x00000002, int pieFlagData=0x00000078)  Line 532 + 0x1d bytes    C
    Warzone2100-Dbg.exe!renderDeliveryPoint(_flag_position * psPosition=0x0013f534, int blueprint=0x00000001)  Line 2756 + 0x35 bytes   C
    Warzone2100-Dbg.exe!displayBlueprints()  Line 1717 + 0xb bytes  C
    Warzone2100-Dbg.exe!drawTiles(iView * player=0x011fac80)  Line 1075 C
    Warzone2100-Dbg.exe!displayTerrain()  Line 691 + 0xa bytes  C
    Warzone2100-Dbg.exe!draw3DScene()  Line 465 C
    Warzone2100-Dbg.exe!displayWorld()  Line 1409   C
    Warzone2100-Dbg.exe!gameLoop()  Line 607    C

-       pPixels 0x0013ce80 {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 } Vector3f *
        x   -1.0737418e+008 float
        y   -1.0737418e+008 float
        z   -1.0737418e+008 float
-       pVertices   0x00000084 {x=??? y=??? z=??? } Vector3f *
        x   CXX0030: Error: expression cannot be evaluated  
        y   CXX0030: Error: expression cannot be evaluated  
        z   CXX0030: Error: expression cannot be evaluated  
-       scrPoints   0x0013ce80 {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 } Vector3f [768]
+       [0x0]   {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f
+       [0x1]   {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f
+       [0x2]   {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f
+       [0x3]   {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f

...
...
+       [0x2fe] {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f
+       [0x2ff] {x=-1.0737418e+008 y=-1.0737418e+008 z=-1.0737418e+008 }    Vector3f
-       shape   0x065860c0 {texpage=0x00000003 sradius=0x00000532 radius=0x064e47b8 ...}    _iIMDShape *
        texpage 0x00000003  int
        sradius 0x00000532  int
        radius  0x064e47b8  int
+       min {x=0.00000000 y=5.605e-045#DEN z=0.00000000 }   Vector3f
+       max {x=0.00000000 y=-4.2201683e+037 z=8.266e-040#DEN }  Vector3f
+       ocen    {x=1.5987320e-036 y=7.0691019e-037 z=3.2820284e-035 }   Vector3f
        numFrames   0x3390  unsigned short
        animInterval    0x0075  unsigned short
        npoints 0x00000187  unsigned int
+       points  0x00000084 {x=??? y=??? z=??? } Vector3f *
        npolys  0x00000001  unsigned int
+       polys   0x016923ba {flags=0x00000000 zcentre=0x00030000 npnts=0x0100000c ...}   iIMDPoly *
        nconnectors 0xfdfdfdfd  unsigned int
+       connectors  0x065450e0 {x=0.00000000 y=2.476e-040#DEN z=1.1396089e-033 }    Vector3f *
        nShadowEdges    0x0661b9e8  unsigned int
+       shadowEdgeList  0x00000000 {from=??? to=??? }   edge_ *
+       next    0x00000000 {texpage=??? sradius=??? radius=??? ...} _iIMDShape *
        shape->npoints  0x00000187  unsigned int
-       shape->points   0x00000084 {x=??? y=??? z=??? } Vector3f *
        x   CXX0030: Error: expression cannot be evaluated  
        y   CXX0030: Error: expression cannot be evaluated  
        z   CXX0030: Error: expression cannot be evaluated  
        tempY   -1.0737418e+008 float

I think it was trying to move the delivery point while the building got blown up.

Issue migrated from trac:2041 at 2022-04-15 22:10:57 -0700

wzdev-ci commented 12 years ago

Safety0ff commented

I haven't managed to reproduce this, the closest I've gotten was tripping the following assert:

info    |01:04:33: [displayBlueprints:1711] Expected a delivery point.
info    |01:04:33: [displayBlueprints:1711] Assert in Warzone: display3d.cpp:1711 (deliveryPointToMove != __null), last script event: 'N/A'
wzdev-ci commented 12 years ago

Safety0ff changed _comment1 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff changed _comment0 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff changed _comment3 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff changed _comment2 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff commented

Maybe related:

info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: '29 (CALL_RESEARCHCOMPLETED)'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: '29 (CALL_RESEARCHCOMPLETED)'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: 'N/A'
info    |01:30:58: [renderDeliveryPoint:2583] Invalid assembly point
info    |01:30:58: [renderDeliveryPoint:2583] Assert in Warzone: display3d.cpp:2583 (psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS), last script event: 'N/A'
info    |01:30:58: [pie_MatBegin:93] pie_MatBegin past top of the stack
info    |01:30:58: [pie_MatBegin:93] Assert in Warzone: piematrix.cpp:93 (_MATRIX_INDEX < 8), last script event: 'N/A'
info    |01:30:58: [pie_MatBegin:93] pie_MatBegin past top of the stack
info    |01:30:58: [pie_MatBegin:93] Assert in Warzone: piematrix.cpp:93 (_MATRIX_INDEX < 8), last script event: 'N/A'

Steps:

  1. open struct spawning debug menu
  2. click on borg factory and hold shift (don't let go of shift for the remainder of procedure.)
  3. borg factories(in a place where one will get destroyed)
  4. click the delivery point of the first borg factory, then the delivery point of the second.
  5. move your mouse around until the first factory gets destroyed. (May require ctrl+shift clicking)
  6. crash.
wzdev-ci commented 12 years ago

Safety0ff _uploaded file wz2100-20120610_133559-Sk-Rush.jpg (193.2 KiB)_

my setup for above post wz2100-20120610_133559-Sk-Rush.jpg

wzdev-ci commented 12 years ago

Safety0ff commented

If that assert is invalid ((psPosition->factoryType < NUM_FLAG_TYPES && psPosition->factoryInc < MAX_FACTORY_FLAG_IMDS)'

Then you can overflow an array and likely get your invalid psVerts.

wzdev-ci commented 12 years ago

Safety0ff _uploaded file 0001-Make-sure-we-pop-our-matrix-when-triggering-ASSERT_O.patch (1.6 KiB)_

wzdev-ci commented 12 years ago

Safety0ff commented

Looks like "deliveryPointToMove" can become dangling and cause all kinds of issues. Just need to figure out a good solution to this.

wzdev-ci commented 12 years ago

Safety0ff changed _comment1 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff changed _comment2 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff commented

Bah, found more gerard hacks. The delivery points are treated as buildings as a hack to render them...

I suspect it causes more issues in the mouse handling code too.

wzdev-ci commented 12 years ago

Safety0ff changed _comment0 which not transferred by tractive

wzdev-ci commented 12 years ago

Safety0ff changed priority from normal to major

wzdev-ci commented 12 years ago

Safety0ff uploaded file 0001-Fix-dangling-pointer-when-structures-are-destroyed-a.patch (18.3 KiB)

wzdev-ci commented 12 years ago

Safety0ff commented

As a side effect, you can no longer "quick queue" cheat yourself units.

wzdev-ci commented 12 years ago

safety0ff changed status from new to closed

wzdev-ci commented 12 years ago

safety0ff changed resolution from ` tofixed`

wzdev-ci commented 12 years ago

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code. You can no longer "quick queue" units from the debug menu.

Fixes #2041.

wzdev-ci commented 12 years ago

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code. You can no longer "quick queue" units from the debug menu.

Fixes #2041.

wzdev-ci commented 12 years ago

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code. You can no longer "quick queue" units from the debug menu.

Fixes #2041.

wzdev-ci commented 12 years ago

safety0ff commented

Fix dangling pointer when structures are destroyed and you are repositioning the delivery point.

Untangles delivery points code from building placement code. You can no longer "quick queue" units from the debug menu.

Fixes #2041.

wzdev-ci commented 8 years ago

Cyp commented

Marked #3295 as duplicate of this.