[Fixed] [2.4]Portals + polyobjs + BlockLinesIterator heap corruption

Bugs that have been investigated and resolved somehow.

Moderator: GZDoom Developers

[2.4]Portals + polyobjs + BlockLinesIterator heap corruption

Postby phantombeta » Fri Oct 25, 2019 2:12 pm

Basically what it says in the thread title. Not sure what causes it. I haven't found many maps that cause it, only the WIP training map for my mod. My mod's radar (use "give all" to get it) seems to cause it reliably, though the moment it happens is random.
I don't have a minimal example right now, but I'll try to make one as soon as I figure out what in the map causes it.

Edit: Just speculation, but it might be related to portals. Would explain why I hadn't found the crash when testing in the IWAD maps.

Edit 2: Added a simpler BlockLinesIterator example as an attachment. I also tried to make a simpler map, but couldn't get it to crash reliably.

Edit 3: Updated the thread title. This is nastier than I thought.
Edit 3.1: Updated the thread title to add the first version I can find this in. Uhhhhhhhhh.

Edit 4: Updated the thread title again and added a fully minimal example.
Attachments
Portals-Polyobjs-BlockLinesIterator_crash.PK3
(3.67 KiB) Downloaded 4 times
LineCounter.PK3
(718 Bytes) Downloaded 4 times
Last edited by phantombeta on Fri Oct 25, 2019 10:05 pm, edited 6 times in total.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: The United Soviet Socialist Dictatorship of Hueland
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: Consistent, repeatable crash with BlockLinesIterator

Postby phantombeta » Fri Oct 25, 2019 8:51 pm

Okay, so, it's definitely something to do with portals. I took a moment to look at the callstack, and then it was pretty obvious:

Seems like the "data" TArray in here may not be getting initialized.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: The United Soviet Socialist Dictatorship of Hueland
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [2.4]Portals + polyobjs + BlockLinesIterator heap corrup

Postby phantombeta » Fri Oct 25, 2019 10:06 pm

Sorry for the bump, but I have some more important, bump-worthy (IMO) info to add:
So it turns out it's even weirder. For some reason, portals combined with polyobjects and BlockLinesIterator causes heap corruption. Unfortunately, this seems to be something I can't figure out how to fix myself.
User avatar
phantombeta
In the meadow of sinful thoughts, every flower's a perfect one
 
Joined: 02 May 2013
Location: The United Soviet Socialist Dictatorship of Hueland
Discord: phantombeta#2461
Twitch ID: phantombeta_
Github ID: Doom2fan
Operating System: Windows 10/8.1/8 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: [2.4]Portals + polyobjs + BlockLinesIterator heap corrup

Postby _mental_ » Sat Oct 26, 2019 3:02 am

Fixed in fb384c6.
_mental_
 
 
 
Joined: 07 Aug 2011

Re: [2.4]Portals + polyobjs + BlockLinesIterator heap corrup

Postby Graf Zahl » Sat Oct 26, 2019 3:13 am

Out of curiosity, why does this kind of change help fix it?
User avatar
Graf Zahl
Lead GZDoom Developer
Lead GZDoom Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: [2.4]Portals + polyobjs + BlockLinesIterator heap corrup

Postby _mental_ » Sat Oct 26, 2019 3:26 am

Well, this means my commit comments really suck.

DBlockLinesIterator was derived from FMultiBlockLinesIterator.
DBlockLinesIterator::check was passed to FMultiBlockLinesIterator's constructor while it wasn't initialized because parent class' constructor is called before all members' constructors.
The problem was FMultiBlockLinesIterator's constructor is using its check argument.
For this reason, DBlockLinesIterator cannot be derived from FMultiBlockLinesIterator. It should be made a member initialized after check.
_mental_
 
 
 
Joined: 07 Aug 2011

Re: [2.4]Portals + polyobjs + BlockLinesIterator heap corrup

Postby drfrag » Sat Oct 26, 2019 5:23 am

Superb work as usual. :) I've just ported the fix to LZDoom.
User avatar
drfrag
I.R developer, I.R smart
Vintage GZDoom Developer
 
Joined: 23 Apr 2004
Location: Spain


Return to Closed Bugs

Who is online

Users browsing this forum: Ahrefs [Bot], DotBot, Trendiction.de [Bot] and 1 guest