search

alliedmodders / amxmodx

AMX Mod X - Half-Life 1 Scripting and Administration
http://www.amxmodx.org/
494 stars 197 forks source link

CRASH on menu_display #645

Closed dystopm closed 4 years ago

dystopm commented 5 years ago

This suddenly happened while changing map. Never happened before (always reading core dumps) on 1.8.2 amxx version.

amxx version AMX Mod X 1.9.0.5234 (http://www.amxmodx.org) Authors: David "BAILOPAN" Anderson, Pavol "PM OnoTo" Marko Felix "SniperBeamer" Geyer, Jonny "Got His Gun" Bergstrom Lukasz "SidLuke" Wlasinski, Christian "Basic-Master" Hammacher Borja "faluco" Ferrer, Scott "DS" Ehlert Compiled: Nov 3 2018 14:55:29 Built from: https://github.com/alliedmodders/amxmodx/commit/9eb1f42 Build ID: 5234:9eb1f42 Core mode: JIT+ASM32

Something that's more than interesting is this... no other function called, just menu_display, a full backtrace wasn't able to show more. Plugins ported to work on 1.9 were just recompiled and not modified, so I'm giving the credits to the 1.9 version itself since this never happened before (more than 4 years using 1.8.2)

(gdb) bt full

0 0xb2c9cca1 in menu_display(tagAMX, int) () from /home/server/cstrike/addons/amxmodx/dlls/amxmodx_mm_i386.so

No symbol table info available.

At that time, no one connected to the server also. It was 32/32, last log:

L 12/15/2018 - 17:06:28: Started map "zm_area64_new[zpchile]" (CRC "896559481")

Core dump created at 17:06:32, 4 seconds later, no player connect log. Guess yourself.

If there's anything I should add here, please let me know here.

Arkshine commented 5 years ago

Is it something happening all the time? Or just one time suddenly? Looks like you're using the latest AMXX version so you should have the menu fix. Without context & log, not going to easy to figure out something.

The only way it could crash at the beginning of menu_display is if the menu handle (C pointer) is not null but invalid for some reasons. Though, I don't see how it's even possible here.

If you don't mind I can provide binaries with debug, so the next time the backtrace should hopefully show more info.

dystopm commented 5 years ago

Just one time suddenly. About context, map started and it just crashed, so I grabbed core dump and figured out this.

But, it's more than weird because menu_display is not used randomly, just on menues called by client commands, and in case of displaying a menu on an invalid player, native would throw an error, which isn't this case.

If you have binaries with debug I will hopefully use it and wait for a amxx-related crash. Thanks for answering

dystopm commented 5 years ago

@Arkshine happened again

Program terminated with signal 11, Segmentation fault.
#0  0xb2c75ca1 in menu_display(tagAMX*, int*) () from /home/server/cstrike/addons/amxmodx/dlls/amxmodx_mm_i386.so

Same as before, just after a mapchange

L 12/22/2018 - 01:21:20: Server cvars end L 12/22/2018 - 01:21:22: Server cvar "mp_maxrounds" = "0" L 12/22/2018 - 01:21:24: Started map "zm_base_plague" (CRC "-1541254610")

Arkshine commented 5 years ago

Sorry for the wait, can you try those binaries? Latest AMXX 1.9 for linux and with debug enabled.

OFanok commented 5 years ago

wherever there is a menu_display () make a check on the validity of the player’s entity, the index of which is passed to menu_display () if (pev_valid (id) == 2) {// check that the player has private data menu_display (id, ...) }

OFanok commented 5 years ago

Here is an example of the code of one of the plug-ins, after adding this check, the crashes stop.

[ public Format_BonusMenu(id,cmdId) { if(pev_valid(id) != 2) { return PLUGIN_HANDLED; }

if(isLocked)
{   // проверка возможности использования бонусов на этой карте
    client_print_color(id,0,"%L %L",id,"AES_TAG",id,"AES_ANEW_BLOCKED");

    return PLUGIN_CONTINUE;
}

new player_bonus = aes_get_player_bonus(id);

new player_bonus_str[10];
num_to_str(player_bonus,player_bonus_str,charsmax(player_bonus_str));

if(player_bonus <= 0)
{ // еще какая-то проверка
    client_print_color(id,0,"%L %L",id,"AES_TAG",id,"AES_ANEW_NOT");

    return PLUGIN_CONTINUE;
}

new ret;
ExecuteForward(iaNewForward,ret,id);

if(ret == PLUGIN_HANDLED) // блок вызова в другом плагине
    return PLUGIN_HANDLED;

new m,itemData[itemFieldsStruct];

if(cmdId == -1)
{ // строим дефолтное меню anew со списком всех предметов
    formatex(itemName,charsmax(itemName),"%L %L",id,"AES_TAG_MENU",id,"AES_BONUS_MENU",player_bonus);
    m = menu_create(itemName,"aNew_MenuHandler");

    for(new i ; i < g_PointsBonusCount ; i++)
    {
        ArrayGetArray(g_PointsBonusItems,i,itemData);

        num_to_str(i,itemInfo,charsmax(itemInfo));
        aes_get_item_name(itemData[IB_NAME],itemName,charsmax(itemName),id);

        menu_additem(m,itemName,itemInfo,.callback = items_CB);
    }
}
else
{
    new menuData[menuFieldsStruct],itemIndex;
    ArrayGetArray(g_BonusMenus,cmdId,menuData);

    new len = formatex(itemName,charsmax(itemName),"%L ",id,"AES_TAG_MENU");
    len += aes_get_item_name(menuData[MENU_TITLE],itemName[len],charsmax(itemName) - len,id);

    replace_all(itemName,charsmax(itemName),"\n","^n");
    replace_all(itemName,charsmax(itemName),"<p>",player_bonus_str);

    m = menu_create(itemName,"aNew_MenuHandler");

    for(new i,length = ArraySize(menuData[MENU_LIST]) ; i < length ; i++)
    {
        itemIndex = ArrayGetCell(menuData[MENU_LIST],i) - 1;

        if(!(0 <=itemIndex < g_PointsBonusCount)) // что ты мне подсунул, блеать
            continue;

        ArrayGetArray(g_PointsBonusItems,i,itemData);
        num_to_str(i,itemInfo,charsmax(itemInfo));
        aes_get_item_name(itemData[IB_NAME],itemName,charsmax(itemName),id);
        formatex(itemName,charsmax(itemName),"%s \r[\y%d\r]", itemName, itemData[IB_POINTS]);
        menu_additem(m,itemName,itemInfo,.callback = items_CB);
    }
}

if(m != -1)
{
    F_Format_NavButtons(id,m);
    menu_display(id,m);
}

return PLUGIN_CONTINUE;

} ](url)

twisterniq commented 5 years ago

It's fixed in 1.9.0.5240 or 1.10.0.5246.