[Fixed] Crash w/Chosen 1.31

Bugs that have been investigated and resolved somehow.

Moderator: GZDoom Developers

Crash w/Chosen 1.31

Postby Hirogen2 » Tue Dec 30, 2003 2:13 pm

I tried out LWM's Chosen 1.31, and upon doing something silly this popped up.
I know it is OK to segfault here, but a warning indicating some Dehacked work
"would not work right now" would be nice.

I went on map30 and played a bit, until:
Code: Select allExpand view
Code: ACCESS_VIOLATION
Tried to write address beefcafe
Flags: 00000000
Address: 0045bcca

Windows 9x 4.10 Build 67766222 

GS=0000  FS=24bf  ES=0167  DS=0167
EAX=00000000  EBX=01000000  ECX=05bffa80  EDX=beefcafe
ESI=00000000  EDI=05bffa80
EBP=0b400000  EIP=0045bcca  ESP=0085fa38  CS=015f  SS=0167
EFlags=00010246
 CF- PF+ AF- ZF+ SF- TF- IF+ DF- OF- NT- RF+ VM- AC- VI- VP-

FPU State:
 ControlWord=037f StatusWord=4020 TagWord=ffff
 ErrorOffset=78001f2d
 ErrorSelector=077d015f
 DataOffset=0085f94c
 DataSelector=ffff0167
 Cr0NpxState=0000000a

MM0=0000000000000000
MM1=007175ae0071057a
MM2=d7fc8807a9ec1940
MM3=0000000000000000
MM4=000000000000000a
MM5=0000000005bffa80
MM6=0b40000000000000
MM7=000001670085fa38

Running threads:
fff1a583 at 0045bcca*
fff1b477
fff14037
fff1bdab
fff317c7

Loaded modules:
79fe0000 - 7a047fff  SETUPAPI.DLL
7f840000 - 7f84afff  CFGMGR32.DLL
7fe70000 - 7fe78fff  WINSPOOL.DRV
bfe80000 - bfe85fff  LZ32.DLL
7dad0000 - 7dad7fff  HID.DLL
70000000 - 70038fff  DINPUT8.DLL
baaa0000 - baaf8fff  DDRAW.DLL
bfee0000 - bfee4fff  NTDLL.DLL
7fc20000 - 7fc2dfff  MPR.DLL
beaf0000 - beb64fff  DSOUND.DLL
bfe90000 - bfe95fff  VERSION.DLL
00400000 - 0062cfff *ZDOOM.EXE
7fe40000 - 7fe6cfff  COMDLG32.DLL
7fce0000 - 7fe39fff  SHELL32.DLL
10000000 - 10093fff  FMOD.DLL
7c160000 - 7c178fff  MSACM32.DLL
bfe10000 - bfe1ffff  WINMM.DLL
78660000 - 78669fff  WSOCK32.DLL
7b070000 - 7b084fff  MSWSOCK.DLL
786b0000 - 786c1fff  WS2_32.DLL
70200000 - 70294fff  WININET.DLL
70bd0000 - 70c33fff  SHLWAPI.DLL
65340000 - 653dafff  OLEAUT32.DLL
65f00000 - 65fc0fff  OLE32.DLL
71450000 - 714adfff  CRYPT32.DLL
70100000 - 70151fff  RPCRT4.DLL
5e380000 - 5e3a4fff  MSOSS.DLL
786a0000 - 786a5fff  WS2HELP.DLL
78000000 - 78043fff  MSVCRT.DLL
bfb70000 - bfbfdfff  COMCTL32.DLL
bff50000 - bff60fff  USER32.DLL
bff20000 - bff45fff  GDI32.DLL
bfea0000 - bfeaffff  ADVAPI32.DLL
bff70000 - bffe5fff  KERNEL32.DLL

Bytes near EIP:
0045bcba: 81 8c 00 00 00 08 75 2a 8b 41 24 3b c6 8b 51 28
0045bcca: 89 02 74 03 89 50 28 8b 81 f0 00 00 00 89 71 24
0045bcda: c7 41 28 fe ca ef be a3 0c 2d 5b 00 89 b1 f0 00

ZDoom version 2.0.60

Command line:
 C:\DX\ZDOOM.EXE -file ch131
IWAD: doom2.wad

Current map: map30

viewx = 170868344
viewy = -3292160
viewz = 19529932
viewangle = 4262133760

Possible call trace:
 0045bcca  BOOM
 0045c6ab  call 0045bcb0
 0045969b  call 0045c6a0
 004a69f7  call 00459430
 0045cde2  call eax
 00461cc0  call 0045cce0
 00421e87  call [edx+0x10]
 004221cd  call 00421e10
 004729d4  call 00422180
 0042a7eb  call 004728f0
 0041b412  call 0042a4d0
 004174fc  call 0041b120
 0040afe3  call 0040af30
 0040afe3  call 0040af30
 00498981  call 0040afd0
 00498a83  call 004fc8a6
 00495b33  call 00417550
 00495e45  call 00495780
 004ffd5a  call 00495dd0
 004ffbee  call 004fd650
 004ffbd6

Stack Contents:
0085fa38: ff600000 0045c6ab 05bffa80 ff600000  ··`···E·······`·
0085fa48: 01000000 05bffa80 0045969b 0b400000  ··········E···@·
0085fa58: ff600000 01000000 05bfc7c0 05bffa80  ··`·············
0085fa68: 00010000 00000000 0b400000 ffff0000  ··········@·····
0085fa78: 0000000a 004a69f7 ff600000 01000000  ·····iJ···`·····
0085fa88: 00000007 05bfc7c0 005729b8 0045cde2  ·········)W···E·
0085fa98: 00000080 05bfc7c0 00461cc0 005729b8  ··········F··)W·
0085faa8: 00000000 0000000f 00000000 05bfc7c0  ················
0085fab8: 00000000 00000000 00000000 00000000  ················
0085fac8: 00000000 005aaf14 00010000 01059250  ······Z·····P···
0085fad8: 00421e87 005a9ed4 00000008 00000000  ··B···Z·········
0085fae8: 004221cd 00000008 005ac6f8 00000001  ·!B·······Z·····
0085faf8: 004729d4 00029229 00000001 0042a7eb  ·)G·)·········B·
0085fb08: 005aa5d0 00000008 a8a0e882 0041b412  ··Z···········A·
0085fb18: 00000004 0128b080 0085fb50 00000001  ······(·P·······
0085fb28: 004174fc 00000004 0128b080 00000001  ·tA·······(·····
0085fb38: 00000001 00029228 0085fb2c 0085fc7c  ····(···,···|···
0085fb48: 0050df65 00000000 00000000 0000026e  e·P·········n···
0085fb58: 000000f8 0085fce4 0000017e 179706a7  ········~·······
0085fb68: 011c9680 0085fcd8 bff726c4 6d6f6f44  ·········&··Doom
0085fb78: 7475412e 616f6c6f 81780064 00000001  .Autoload·x·····
0085fb88: 800030f0 00000000 00000001 0000017e  ·0··········~···
0085fb98: 0085fbd0 65f1a03a 00000000 00000000  ····:··e········
0085fba8: 800078f0 88000000 bff713e2 0000015f  ·x··········_···
0085fbb8: bff915df c2a04040 bff79480 00000002  ····@@··········
0085fbc8: e938c42a 0040afe3 0085fbdc 00000002  *·8···@·········
0085fbd8: e938c42a 0040afe3 0085fbec 00498981  *·8···@·······I·
0085fbe8: 0052d030 00498a83 00000094 00000004  0·R···I·········
0085fbf8: 0000000a 040a07ce 00000001 00000020  ············ ···
0085fc08: 0000026e 00000000 00000000 65f01893  n··············e
0085fc18: 00000000 0000000c 65f00000 00000000  ···········e····
0085fc28: 00000000 00000002 00000000 65f1c8a8  ···············e
0085fc38: 0085fc48 65f1c6b0 65f1c0f8 bff7b9b6  H······e···e····
0085fc48: 817887c4 00000002 65f1a115 65fb34f8  ··x········e·4·e
0085fc58: 00000000 00000000 00632128 0085fc74  ········(!c·t···
0085fc68: 65f1a066 00000000 00000002 0038c42a  f··e········*·8·
0085fc78: e938c42a 0085fcd8 0050df88 ffffffff  *·8·······P·····
0085fc88: 00495b33 ffffffff bff9622c 00750000  3[I·····,b····u·
0085fc98: 00000000 00000000 0000026e 0000017e  ········n···~···
0085fca8: 00000001 0000ffff bff7b9b6 00000002  ················
0085fcb8: 00000276 00000000 00400000 00400230  v·········@·0·@·
0085fcc8: 00400208 bff70000 00400000 0085fc8c  ··@·······@·····
0085fcd8: 0085fd00 0050f430 00000000 0085fd10  ····0·P·········
0085fce8: 00495e45 bff7771a 00000000 00750000  E^I··w········u·
0085fcf8: 0085fcec 0085f868 0085fe28 004ff998  ····h···(·····O·
0085fd08: 0052c6d8 00000000 0085fe38 004ffd5a  ··R·····8···Z·O·
0085fd18: 00400000 00000000 817899de 00000001  ··@·······x·····
0085fd28: 00000094 00000004 0000000a 040a07ce  ················
0085fd38: 00000001 00000020 00000000 00000000  ···· ···········
0085fd48: 00000000 000000ce 00ef0000 8dc23a48  ············H:··
0085fd58: 00000001 01570000 5f648d7c 01800147  ······W·|·d_G···
0085fd68: 00000000 4cb200ce 000859af 00008dc1  ·······L·Y······
0085fd78: 00000000 516f8d98 8dc1ffff bfea12cc  ······oQ········
0085fd88: 00000001 01474ee2 81789aa0 00000000  ·····NG···x·····
0085fd98: 00000000 0085ffff 7fce2233 00000001  ········3"·····
0085fda8: 0000015f 81789aa0 00000000 00000000  _·····x·········
0085fdb8: 004ffbee 00000000 8178983c 00750000  ··O·····<·x···u·
0085fdc8: 00000044 00000000 00000000 00000000  D···············
0085fdd8: 00000000 00000000 00000000 00000000  ················
0085fde8: 00000000 00000000 00000000 00000401  ················
0085fdf8: 00000001 00000000 00000000 000011a2  ················
0085fe08: 00000000 bff741fb 00000000 bff7ea0d  ·····A··········
0085fe18: 817899de 00000000 0085fd28 8178983c  ··x·····(···<·x·
0085fe28: 0085ff68 004ff998 00559b00 00000000  h·····O···U·····
0085fe38: 0085ff78 bff8b537 00000000 8178983c  x···7·······<·x·
0085fe48: 00750000 6f6f645a 5845006d 00000045  ··u·Zdoom·EXE···
0085fe58: 00000000 00000000 00000000 00000000  ················
0085fe68: 00000000 00000000 00000000 00000000  ················
0085fe78: 00000000 00000000 00000000 00000000  ················
0085fe88: 00000000 00000000 00000000 00000000  ················
0085fe98: 00000000 00000000 00000000 00000000  ················
0085fea8: 00000000 00000000 00000000 00000000  ················
0085feb8: 00000000 00000000 00000000 00000000  ················
0085fec8: 00000000 00000000 00000000 00000000  ················
0085fed8: 00000000 00000000 00000000 00000000  ················
0085fee8: 00000000 00000000 00000000 00000000  ················
0085fef8: 00000000 00000000 00000000 00000000  ················
0085ff08: 00000000 00000000 00000000 00000000  ················
0085ff18: 00000000 00000000 00000000 00000000  ················
0085ff28: 00000000 00000000 00000000 00000000  ················
0085ff38: 0085ff6c 8176d050 81789a44 c170e5c0  l···P·v·D·x···p·
0085ff48: 0085ff6c 004ffbd6 bff7b317 00000000  l·····O·········
0085ff58: 8178985c 24ce0000 0085fe40 00750000  \·x····$@·····u·
0085ff68: ffffffff bffbfe14 bff79138 00000000  ········8·······
0085ff78: 0085fff4 bff8b3e9 81789a5c 8178983c  ········\·x·<·x·
0085ff88: 00000008 00000000 00000000 00000000  ················
0085ff98: 00000000 00000000 00000000 00000000  ················
0085ffa8: 00000000 00000000 00000000 00000000  ················
0085ffb8: 00000000 00000000 00000000 00000000  ················
0085ffc8: 00000000 00000000 0002ffff 0000f285  ················
0085ffd8: 0085e000 00860000 00000000 ffffffff  ················
0085ffe8: 81789ce8 00000000 32ff24ce 830f7fec  ··x······$·2···
0085fff8: bff89dac 00000000                    ········
User avatar
Hirogen2
 
Joined: 19 Jul 2003
Location: Central Germany
Github ID: jengelh
Operating System: RedHat-like Linux (RHEL, Fedora, CentOS, etc) 64-bit
Graphics Processor: Intel (Modern GZDoom)

Postby Ty Halderman » Tue Dec 30, 2003 2:31 pm

Anyone else read that as "Tried to write address beefcake" ?

... anyone? Lexus? :)

Oh, and what were you doing? It looks like it's in P_LookForMonsters in p_enemy--would that involve the REJECT?
User avatar
Ty Halderman
I'm free! ...or at least inexpensive.
... in loving memory ...
 
Joined: 17 Jul 2003
Location: New Orleans LA

Postby HotWax » Tue Dec 30, 2003 2:34 pm

Wow, no wonder it crashed. That memory is obviously already taken by the world famous Beef Cafe. Trying to overwrite that should definately be strictly forbidden!
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby LilWhiteMouse » Tue Dec 30, 2003 3:57 pm

I seriously doubt this is a problem with ZDoom. For starters, Chosen has no map30, so you must have been playing Doom 2's map30? If so, the boss spawner probably tried to spawn a monster that is no longer "legal".
User avatar
LilWhiteMouse
"Stop the world, I'm getting off."
 
Joined: 15 Jul 2003
Location: Maine, US

Postby Graf Zahl » Tue Dec 30, 2003 6:00 pm

For those who are interested where this interesting address came from:

Code: Select allExpand view
void AActor::UnlinkFromWorld ()
{
   sector_list = NULL;
   if (!(flags & MF_NOSECTOR))
   {
      // invisible things don't need to be in sector list
      // unlink from subsector

      // killough 8/11/98: simpler scheme using pointers-to-pointers for prev
      // pointers, allows head node pointers to be treated like everything else
      AActor **prev = sprev;
      AActor  *next = snext;
      if ((*prev = next))  // unlink from sector list
         next->sprev = prev;
      snext = NULL;
      sprev = (AActor **)0xBeefCafe;   // Woo! Bug-catching value!


Apparently the game tried to do something to an object that was temporarily unlinked for a coordinate update. There must be something seriously wrong for that to happen...
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Postby HotWax » Tue Dec 30, 2003 6:14 pm

Awww, so it wasn't a random occurance? That would have made it funnier. Oh well.
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby Cyb » Tue Dec 30, 2003 7:04 pm

haha beef cafe
Cyb
 
Joined: 15 Jul 2003

Postby Chris » Tue Dec 30, 2003 10:04 pm

I like 0xDeadBeef or 0xD00fBa11
User avatar
Chris
 
Joined: 17 Jul 2003

Postby HotWax » Wed Dec 31, 2003 8:33 am

80085!!! 80085!!! :P
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby Giest118 » Wed Dec 31, 2003 1:26 pm

LilWhiteMouse wrote:I seriously doubt this is a problem with ZDoom.

Wait, are you saying that the ACCESS_VIOLATION errors aren't a problem with ZDOOM? Oh, do explain why it is that they only do happen in ZDOOM, then.
User avatar
Giest118
I don't trust people who trust me. Because they're stoned.
 
Joined: 05 Dec 2003

Postby wildweasel » Wed Dec 31, 2003 1:28 pm

HotWax wrote:80085!!! 80085!!! :P

That doesn't fit within hex though...try 80081355.
User avatar
wildweasel
from a different perspective.
Moderator Team Lead
 
Joined: 15 Jul 2003

Postby LilWhiteMouse » Wed Dec 31, 2003 1:39 pm

giest118 wrote:Wait, are you saying that the ACCESS_VIOLATION errors aren't a problem with ZDOOM? Oh, do explain why it is that they only do happen in ZDOOM, then.


Somebody shoots someone with a gun, it's not the gun's fault.

As I said before, the boss spawner is probably trying to spawn a monster that is no longer legal. IE: I've used it's frames elsewhere and changed it's pointers, but the original monster still references them.

Without digging through the dehacked work (why bother?), I'd guess the guilty monster's initial frames use a code pointer that can only be used after the monster has awakened.
User avatar
LilWhiteMouse
"Stop the world, I'm getting off."
 
Joined: 15 Jul 2003
Location: Maine, US

Postby HotWax » Wed Dec 31, 2003 1:51 pm

Erm. Why exactly doesn't 80085 fit in hex? It might not identify a MEMORY location (unless it had leading/trailing zeroes), but it fits the hex (and decimal for that matter) number system fine. Now, if you said it didn't fit into octal, you'd have a point. :P
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby Hirogen2 » Wed Dec 31, 2003 2:24 pm

LilWhiteMouse wrote:I seriously doubt this is a problem with ZDoom. For starters, Chosen has no map30, so you must have been playing Doom 2's map30? If so, the boss spawner probably tried to spawn a monster that is no longer "legal".

As I said, this is "due to the dehacked work of Chosen", so no surprise. Anyway, a soft warning "Uh, DEHACKED work engaged and you should not be here" would jsut be as nice as a ACCESS_VIOLATION (aka SIGSEGV)
User avatar
Hirogen2
 
Joined: 19 Jul 2003
Location: Central Germany
Github ID: jengelh
Operating System: RedHat-like Linux (RHEL, Fedora, CentOS, etc) 64-bit
Graphics Processor: Intel (Modern GZDoom)

Postby HotWax » Wed Dec 31, 2003 2:33 pm

And how exactly would ZDoom make that determination? A Dehacked lump doesn't specify which maps you should or should not be able to use with it, and there are plenty of patches out there meant to be used with any map.

I agree that ZDoom shouldn't crash if it's at all possible to avoid it, but if you're intentionally trying to kill a program and you succeed, you really shouldn't be that surprised.
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Next

Return to Closed Bugs

Who is online

Users browsing this forum: No registered users and 0 guests