ZDoom

[quote="randy"][quote="Enjay"]there isn't an additional debug option on the MS crash dialogue when running outside the debugger.[/quote]
Maybe you need to do something else to get the Just In Time debugger with the Express edition. Don't know, since that's not the one I'm using.[/quote]Well, according to [url=http://forums.msdn.microsoft.com/en-US/vsdebug/thread/ab8606b4-8c7f-410b-a397-6d9130f46f83/]this[/url], you can't do JIT debugging with the Express edition.

So: download WinDbg and use it, Enjay.

[quote="Enjay"]there isn't an additional debug option on the MS crash dialogue when running outside the debugger.[/quote]
Maybe you need to do something else to get the Just In Time debugger with the Express edition. Don't know, since that's not the one I'm using.

Thank Randy for that very full explanation. I had tried to run the debugger already but I had no idea how to set up command line options and parameters. I just did and, interestingly, I can't get it to crash whilst running via the debugger (I've tried loading a few different test files).

I'm still running XP but there isn't an additional debug option on the MS crash dialogue when running outside the debugger. It's just a standard send/don't send Microsoft dialogue. :?

Anyway, I'm glad the problem has been identified and fixed.

[quote="Blzut3"]Also you forgot to copy the fix over to doom_sbar.cpp which also had the problem (since the code is almost identical).[/quote]
Indeed. I had completely forgotten about that.
[quote="Blzut3"]Was there something wrong with this?[/quote]
It was just a long single-line for loop that I ran across while smattering _heapchk asserts through the code, so I rewrote it to what seemed a more readable while loop.

for(level = 0;CPlayer->health < (accuracy-level-1)*(CPlayer->mo->GetMaxHealth()/accuracy);level++);

Was there something wrong with this?
[code]for(level = 0;CPlayer->health < (accuracy-level-1)*(CPlayer->mo->GetMaxHealth()/accuracy);level++);[/code]
Also you forgot to copy the fix over to doom_sbar.cpp which also had the problem (since the code is almost identical).

sprintf(fullStateName, "%s.%s", stateName, (const char*) CPlayer->LastDamageType);   

I could tell you how I narrowed it down to this line, but that's more specialized, and I don't expect you to bother with all that work since you're only compiling for the convenience of having something up-to-date:
[code=php]sprintf(fullStateName, "%s.%s", stateName, (const char*) CPlayer->LastDamageType);   [/code]
The code that allocates the buffer uses sizeof where it should use strlen, so fullStateName is not large enough to hold everything it receives. There are three of these, and they all need to be replaced. (Also, this is a memory leak because the memory is allocated and never freed, but that's not relevant to the crash.)

[quote="Enjay"]I could get the game to crash then screenshot the contents of the microsoft crash report window[/quote]
You're compiling your own builds. That means you have access to the debugger, so you should run the program from inside there, and it will break on the exact line where the error occurred. No need to guess where it's happening. (In this case, it's memory corruption that is caught while freeing memory.)

To set up the arguments for debugging, right click on the zdoom project from Solution Explorer and edit its Properties:[attachment=6]step1.png[/attachment]
Then make sure the Working Directory is set to $(TargetDir) and set whatever Command Arguments you want to test with.[attachment=0]step2.png[/attachment]After you hit OK, you can then debug it by pressing F5 (or choosing Start Debugging from the Debug menu).

Alternatively, you can also run the debug build outside the debugger and then attach the debugger after it crashes. In this case, running inside the debugger caused it to crash at exit rather than right away (probably because Windows adds extra info to the memory blocks when it sees that it's being run inside a debugger, so the corruption is in a different place), so I can run it outside the debugger and then choose to debug it once it crashes:[attachment=5]step3.png[/attachment]
This pops up a list of possible Visual Studio instances you can attach to it. Since I already have the ZDoom project open, I choose that one:[attachment=4]step4.png[/attachment]
After you break into it with the program, it tells you the error that occurred and marks the line as close to the error point as it has source code for:[attachment=3]step5.png[/attachment]
You can use the Call Stack pane to see what path it followed through the program to reach the point where it crashed. Clicking on each entry will take you to the corresponding line, and you can examine variables and such in the functions by holding your mouse over them. The yellow error is the exact point where the crash occurred, and the curly green arrow is the closest point for which source code is available. In this case, since the error is memory corruption and not caught until after the fact, this window is mostly useful to identify that something went wrong while it tried to free a block of memory.[attachment=2]step6.png[/attachment]
Depending on what went wrong, the Output pane may or may not provide useful information. (Be sure to set the Show output from option to Debug.) In this case, it's just a repeat of the popup that you got when you broke into the debugger, but in other cases, it might be more informative.[attachment=1]step7.png[/attachment]

It's maybe also worth mentioning that whilst the crash happens with disintegrate damage, it doesn't happen with at least one other specific damage type (fire). I have the Strife phosphorus grenades imported into Doom and they can kill the player, give a burning death animation (with a custom player class) and the game does not crash. I don't know if it's relevant or not, but I did notice that the burning death uses the mugshot extreme death animation (which is something else specified in my mod).

[edit] I just tested with a little file. In Doom2 with standard everything (eg no SBARINFO), I loaded up a simple decorate that changed zombiemen to use a high damage bullet attack with disintegrate damage, changed the shotgunners to a clone of these enemies but doing ice damage instead and changed the imp fireballs to do loads of damage of the fire type. When any of those enemies hit me, it was an instant kill situation but only the disintegrate damage caused a crash.[/edit]

MAP01 - entryway

ACS scripts unloaded.
]summon irailgunner
Player was shot through by an inca railgunner.

Execution could not continue.

Could not realloc zu bytes

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="zdoomd.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="fmod.dll" SIZE="162816" CHECKSUM="0x69378F38" BIN_FILE_VERSION="3.7.5.0" BIN_PRODUCT_VERSION="3.7.5.0" PRODUCT_VERSION="3.75" FILE_DESCRIPTION="FMOD" COMPANY_NAME="Firelight Technologies Pty, Ltd" PRODUCT_NAME="FMOD" FILE_VERSION="3.75" ORIGINAL_FILENAME="fmod.dll" INTERNAL_NAME="FMOD" LEGAL_COPYRIGHT="Copyright © 1994-2005, Firelight Technologies Pty, Ltd." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.7.5.0" UPTO_BIN_PRODUCT_VERSION="3.7.5.0" LINK_DATE="12/28/2005 04:44:30" UPTO_LINK_DATE="12/28/2005 04:44:30" VER_LANGUAGE="English (Australia) [0xc09]" />
    <MATCHING_FILE NAME="fmodex.dll" SIZE="334336" CHECKSUM="0xBF733E5B" BIN_FILE_VERSION="0.4.14.1" BIN_PRODUCT_VERSION="0.4.14.1" PRODUCT_VERSION="4.14.1" FILE_DESCRIPTION="FMOD Ex SoundSystem" COMPANY_NAME="Firelight Technologies" PRODUCT_NAME="FMOD Ex" FILE_VERSION="4.14.1" ORIGINAL_FILENAME="fmodex.dll" INTERNAL_NAME="FMOD Ex" LEGAL_COPYRIGHT="Copyright © Firelight Technologies 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.4.14.1" UPTO_BIN_PRODUCT_VERSION="0.4.14.1" LINK_DATE="04/11/2008 08:10:20" UPTO_LINK_DATE="04/11/2008 08:10:20" VER_LANGUAGE="English (Australia) [0xc09]" />
    <MATCHING_FILE NAME="SNESAPU.DLL" SIZE="151552" CHECKSUM="0xA25485D4" BIN_FILE_VERSION="2.0.0.0" BIN_PRODUCT_VERSION="2.0.0.0" PRODUCT_VERSION="2, 0, 0, 0" FILE_DESCRIPTION="Super NES APU Emulator" COMPANY_NAME="Alpha-II Productions http://www.alpha-ii.com" PRODUCT_NAME="SNESAPU" FILE_VERSION="2, 0, 0, 0" ORIGINAL_FILENAME="SNESAPU.DLL" INTERNAL_NAME="SNESAPU" LEGAL_COPYRIGHT="Copyright ©2001-2004 Alpha-II Productions" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x10001" UPTO_BIN_FILE_VERSION="2.0.0.0" UPTO_BIN_PRODUCT_VERSION="2.0.0.0" LINK_DATE="01/26/2004 09:25:58" UPTO_LINK_DATE="01/26/2004 09:25:58" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="ZDL (v1).exe" SIZE="69632" CHECKSUM="0x997FA941" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="03/13/2005 04:10:53" UPTO_LINK_DATE="03/13/2005 04:10:53" />
    <MATCHING_FILE NAME="zdoom.exe" SIZE="2486272" CHECKSUM="0xCE7AEC11" BIN_FILE_VERSION="2.2.0.994" BIN_PRODUCT_VERSION="2.2.0.0" PRODUCT_VERSION="2.2" FILE_DESCRIPTION="ZDoom" COMPANY_NAME=" " PRODUCT_NAME="ZDoom" FILE_VERSION="2.2.0 (r994M)" ORIGINAL_FILENAME="zdoom.exe" INTERNAL_NAME="ZDoom" LEGAL_COPYRIGHT="Copyright © 1993-1996 id Software, 1998-2007 Randy Heit" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x26C447" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.2.0.994" UPTO_BIN_PRODUCT_VERSION="2.2.0.0" LINK_DATE="05/28/2008 03:09:54" UPTO_LINK_DATE="05/28/2008 03:09:54" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="zdoomd.exe" SIZE="4993024" CHECKSUM="0xDF99500E" BIN_FILE_VERSION="2.2.0.994" BIN_PRODUCT_VERSION="2.2.0.0" PRODUCT_VERSION="2.2" FILE_DESCRIPTION="ZDoom" COMPANY_NAME=" " PRODUCT_NAME="ZDoom" FILE_VERSION="2.2.0 (r994)" ORIGINAL_FILENAME="zdoom.exe" INTERNAL_NAME="ZDoom" LEGAL_COPYRIGHT="Copyright © 1993-1996 id Software, 1998-2007 Randy Heit" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.2.0.994" UPTO_BIN_PRODUCT_VERSION="2.2.0.0" LINK_DATE="05/29/2008 22:13:13" UPTO_LINK_DATE="05/29/2008 22:13:13" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="ntdll.dll" SIZE="706048" CHECKSUM="0x864EA42F" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2111)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB62BC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:24" UPTO_LINK_DATE="04/14/2008 00:11:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x7D737C09" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2111)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF44A2" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:24" UPTO_LINK_DATE="04/14/2008 00:11:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Apparently not. This is the best I can do. If I run it in a Window, when the game crashes I get left with the console window and this message:

[code]MAP01 - entryway

ACS scripts unloaded.
]summon irailgunner
Player was shot through by an inca railgunner.

Execution could not continue.

Could not realloc zu bytes[/code]

I could get the game to crash then screenshot the contents of the microsoft crash report window, but it is many, many pages long and it would take some time to screenshot and post. Unfortunately, the MS window is not highlight/copy/pastable and the file it tells me will be sent to MS contains much less information than the crash window. :?

Here's the contents of a crash file:
[code]<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="zdoomd.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="fmod.dll" SIZE="162816" CHECKSUM="0x69378F38" BIN_FILE_VERSION="3.7.5.0" BIN_PRODUCT_VERSION="3.7.5.0" PRODUCT_VERSION="3.75" FILE_DESCRIPTION="FMOD" COMPANY_NAME="Firelight Technologies Pty, Ltd" PRODUCT_NAME="FMOD" FILE_VERSION="3.75" ORIGINAL_FILENAME="fmod.dll" INTERNAL_NAME="FMOD" LEGAL_COPYRIGHT="Copyright © 1994-2005, Firelight Technologies Pty, Ltd." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.7.5.0" UPTO_BIN_PRODUCT_VERSION="3.7.5.0" LINK_DATE="12/28/2005 04:44:30" UPTO_LINK_DATE="12/28/2005 04:44:30" VER_LANGUAGE="English (Australia) [0xc09]" />
<MATCHING_FILE NAME="fmodex.dll" SIZE="334336" CHECKSUM="0xBF733E5B" BIN_FILE_VERSION="0.4.14.1" BIN_PRODUCT_VERSION="0.4.14.1" PRODUCT_VERSION="4.14.1" FILE_DESCRIPTION="FMOD Ex SoundSystem" COMPANY_NAME="Firelight Technologies" PRODUCT_NAME="FMOD Ex" FILE_VERSION="4.14.1" ORIGINAL_FILENAME="fmodex.dll" INTERNAL_NAME="FMOD Ex" LEGAL_COPYRIGHT="Copyright © Firelight Technologies 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.4.14.1" UPTO_BIN_PRODUCT_VERSION="0.4.14.1" LINK_DATE="04/11/2008 08:10:20" UPTO_LINK_DATE="04/11/2008 08:10:20" VER_LANGUAGE="English (Australia) [0xc09]" />
<MATCHING_FILE NAME="SNESAPU.DLL" SIZE="151552" CHECKSUM="0xA25485D4" BIN_FILE_VERSION="2.0.0.0" BIN_PRODUCT_VERSION="2.0.0.0" PRODUCT_VERSION="2, 0, 0, 0" FILE_DESCRIPTION="Super NES APU Emulator" COMPANY_NAME="Alpha-II Productions http://www.alpha-ii.com" PRODUCT_NAME="SNESAPU" FILE_VERSION="2, 0, 0, 0" ORIGINAL_FILENAME="SNESAPU.DLL" INTERNAL_NAME="SNESAPU" LEGAL_COPYRIGHT="Copyright ©2001-2004 Alpha-II Productions" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x10001" UPTO_BIN_FILE_VERSION="2.0.0.0" UPTO_BIN_PRODUCT_VERSION="2.0.0.0" LINK_DATE="01/26/2004 09:25:58" UPTO_LINK_DATE="01/26/2004 09:25:58" VER_LANGUAGE="Language Neutral [0x0]" />
<MATCHING_FILE NAME="ZDL (v1).exe" SIZE="69632" CHECKSUM="0x997FA941" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="03/13/2005 04:10:53" UPTO_LINK_DATE="03/13/2005 04:10:53" />
<MATCHING_FILE NAME="zdoom.exe" SIZE="2486272" CHECKSUM="0xCE7AEC11" BIN_FILE_VERSION="2.2.0.994" BIN_PRODUCT_VERSION="2.2.0.0" PRODUCT_VERSION="2.2" FILE_DESCRIPTION="ZDoom" COMPANY_NAME=" " PRODUCT_NAME="ZDoom" FILE_VERSION="2.2.0 (r994M)" ORIGINAL_FILENAME="zdoom.exe" INTERNAL_NAME="ZDoom" LEGAL_COPYRIGHT="Copyright © 1993-1996 id Software, 1998-2007 Randy Heit" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x26C447" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.2.0.994" UPTO_BIN_PRODUCT_VERSION="2.2.0.0" LINK_DATE="05/28/2008 03:09:54" UPTO_LINK_DATE="05/28/2008 03:09:54" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="zdoomd.exe" SIZE="4993024" CHECKSUM="0xDF99500E" BIN_FILE_VERSION="2.2.0.994" BIN_PRODUCT_VERSION="2.2.0.0" PRODUCT_VERSION="2.2" FILE_DESCRIPTION="ZDoom" COMPANY_NAME=" " PRODUCT_NAME="ZDoom" FILE_VERSION="2.2.0 (r994)" ORIGINAL_FILENAME="zdoom.exe" INTERNAL_NAME="ZDoom" LEGAL_COPYRIGHT="Copyright © 1993-1996 id Software, 1998-2007 Randy Heit" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.2.0.994" UPTO_BIN_PRODUCT_VERSION="2.2.0.0" LINK_DATE="05/29/2008 22:13:13" UPTO_LINK_DATE="05/29/2008 22:13:13" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="ntdll.dll" SIZE="706048" CHECKSUM="0x864EA42F" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2111)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB62BC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:24" UPTO_LINK_DATE="04/14/2008 00:11:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x7D737C09" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2111)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF44A2" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:24" UPTO_LINK_DATE="04/14/2008 00:11:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
[/code]

I thought it saved the crash to the zdoom directory automatically.

OK, I'm building a debug version right now but I thought they didn't generate a crash log? Ah well, I'll give it a go.

[edit]Well, the debug version does indeed crash, but it only gives me a Microsoft crash message rather than a Zdoom one.So I can't see any log to post. :?

Presumably debug versions have a way of generating information (I'm guessing because of the name, so if someone could tell me how to do that, I'd post the results.[/edit]

I don't know if it will help me any but could you build a debug version of ZDoom get it to crash (and be sure to upload the log)? If it doesn't get me anywhere then either Graf or Randy will have to look into this bug.

Yup, I've done most of my testing in GZdoom because that's what my mod is for but I've checked and double checked and the crashes are 100% reproducible in Zdoom too. If I get killed by an enemy doing disintegrate damage whilst the mugshot is visible, the game crashes.

[edit]That was with my own build of r994. I just downloaded Nash's build and the results are the same.[/edit]

This does happen in ZDoom right? It's still not happening for me.

I'm sure there is enough info to go on already, and perhaps this is obvious, but here's a little more info...

I noticed that, when playing a mod that uses inventory items, when the status bar is visible but an inventory item is held (thereby replacing the mugshot with the currently selected inventory item) the crash didn't happen when I was killed by a monster doing disintegrate damage. Loading a savegame and then using the inventory items up so that the mugshot got displayed again and then allowing myself to be killed by the monster caused a crash.