UFO: Alien Invasion Issue Tracker
UFO: Alien Invasion
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png UFO: Alien Invasion / Closed Bug report #2073 2.3-SVN-HEAD segfaults when entering soldier equip screen
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "Not determined".
Issue basics
  • Type of issue
    Bug report
  • Category
    User interface
  • Targetted for
    Not determined
  • Status
    Closed
  • Priority
    3. Normal
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    Not estimated
Issue details
  • Resolution
    Not determined
  • Reproducability
    Not determined
  • Severity
    Not determined
  • Complexity
    Not determined
  • Platform
    Not determined
  • Architecture
    Not determined
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description
[http://sourceforge.net/p/ufoai/bugs/2073 Item 2073] imported from sourceforge.net tracker on 2013-01-28 19:18:54

After I have successfully finished a mission (non-auto) and entered the equip/outfit screen (selected a base->Aircraft->Dropship selected->Equip Soldier), I got this segfault:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6326930 (LWP 29771)]
0x081630df in Com_AddToInventory (i=0xa1a37c0, item={a = 0, m = 0x0, t = 0xc1492ec, amount = 0, rotated = 0},
container=0xc3c65b4, x=0, y=0, amount=1) at src/game/inv_shared.c:671
671 invUnused = ic->next;
(gdb) bt full
#0 0x081630df in Com_AddToInventory (i=0xa1a37c0, item={a = 0, m = 0x0, t = 0xc1492ec, amount = 0, rotated = 0},
container=0xc3c65b4, x=0, y=0, amount=1) at src/game/inv_shared.c:671
ic = (invList_t *) 0x3ef90000
__PRETTY_FUNCTION__ = "Com_AddToInventory"
#1 0x08116c0d in MN_ContainerNodeUpdateEquipment (inv=0xa1a37c0, ed=0xbff00170)
at src/client/menu/node/m_node_container.c:135
item = {a = 0, m = 0x0, t = 0xc1492ec, amount = 0, rotated = 0}
i = 7
__PRETTY_FUNCTION__ = "MN_ContainerNodeUpdateEquipment"
#2 0x080bbf5e in CL_UpdateEquipmentMenuParameters_f () at src/client/campaign/cp_team_callbacks.c:239
unused = {name = &#039;\0&#039; <repeats 63 times>, num = {0, 0, 0, 0, 0, 0, 0, 29, 3, 30, 0, 3, 3, 3, 0, 0, 0, 0, 0, 0, 0, 2,
0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 40, 0, 0, 6, 33, 0, 0, 0, 13, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 5, 26, 28, 0, 0, 0, 0, 0, 3, 36, 2, 6, 8, 35, 0, 0, 0, 1, 0 <repeats 18 times>, 3, 5,
0 <repeats 21 times>},
numLoose = &#039;\0&#039; <repeats 50 times>, "\032\000\000\000\002", &#039;\0&#039; <repeats 23 times>, "\003\000\000\000\016", &#039;\0&#039; <repeats 44 times>, minInterest = 0, maxInterest = 0}
p = 8
aircraft = (aircraft_t *) 0xa18a26c
#3 0x0813132f in Cmd_ExecuteString (text=0xbff0049c "team_updateequip") at src/common/cmd.c:912
cmd = (const cmd_function_t *) 0x18f394bc
a = (const cmd_alias_t *) 0xb7cc685f
str = 0x1bbf8c8c "team_updateequip"
hash = 21
#4 0x0813015a in Cbuf_Execute () at src/common/cmd.c:229
text = 0x9308ca0 "update_item_list;equip_select 0;\n;equip_select 0;\nuip_select 0;\n\nst;equip_select 0;\nt;equip_select 0;\nhange\n\naircraft_status_change\nstatus_change\n\naircraft_status_change\n;deselpra;\nrs;deselpra;\n\n;\ndes"...
quotes = 0
i = 17
line = "team_updateequip\0000\000149\000\033\034\034\035\035\036\036\037\037 !!\"\"##$$%%&&&#039;&#039;(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrss"...
#5 0x0808e046 in CL_SendCommand () at src/client/cl_main.c:930
No locals.
#6 0x0808e55e in CL_Frame (now=1339149, data=0x0) at src/client/cl_main.c:1110
delta = 21
last_frame = 1339149
#7 0x0813d701 in tick_timer (now=1339149, data=0x1693cc0c) at src/common/common.c:1084
timer = (struct timer *) 0x1693cc0c
old_interval = 20
lateness = 0
#8 0x0813d9d9 in Qcommon_Frame () at src/common/common.c:1165
event = (struct event *) 0x1b7cd78c
time_to_next = 0
#9 0x0818c057 in main (argc=1, argv=0xbff00a24) at src/ports/linux/linux_main.c:58
No locals.
------------------------
It goes "magically" away after I have (to!) restart the game and load the saved game. I have saved before I entered that outfit screen but now I continued playing.

In my view maybe a variable is wrongly/missed initialized after the game returns back from "mission=mode" to "geoscape-mode".
===== Comments Ported from Sourceforge =====

====== itsdrone (2009-03-15 01:53:33) ======

I have had similar issue:

successfully completed battle with a couple losses (3 remaining of 8).
After return from mission I recruited a new soldier, assigned the available recruits so 8 were back on the aircraft. When I tried to gear the new recruits it provided this segment fault.

Couple tests I did after:
(gdb) p ic
$2 = (invList_t *) 0xaa9c8fe0
(gdb) p invUnused
$3 = (invList_t *) 0xaa9c8fe0
(gdb) p ic->next
Cannot access memory at address 0xaa9c8ffc

SVN: 23530

I believe there might be a problem when a soldier dies on the battle field with items in their inventory. When returned to requip the new soldiers it attempts to read an array of invalid (?) inventory on the new soldiers.

CL_ReloadAndRemoveCarried is called just prior to MN_ContainerNodeUpdateEquipment

I&#039;ll look into it a bit more as time is avail. I also, confirmed that a savegame after the battle does not replicate the symptoms so its possible that inventory is not being reset properly when a soldier dies.



====== itsdrone (2009-03-15 20:33:22) ======

I have determined the cause of this segment fault:
Basicly, the invUnused is being assigned a new set that is in a different segment of ram when in a mission compared to world view.
My fix:
inv_shared.h
void INVSH_InitCSI(csi_t * import) __attribute__((nonnull));
EDIT void INVSH_InitInventory(invList_t * invChain, int store); /* store arguement added */
ADD void INVSH_InvUnusedRevert(); /* function added */
int Com_CheckToInventory(const inventory_t* const i, const objDef_t *ob, const invDef_t * container, const int x, const int y, const invList_t *ignoredItem);


g_main.c
In: static void G_Init (void)
INVSH_InitCSI(gi.csi);
EDIT INVSH_InitInventory(invChain, qtrue); /* qtrue added to arguements */
logstatsfile = NULL;


cl_game.c
In: void GAME_SetMode (int gametype)
memset(&invList, 0, sizeof(invList));
EDIT INVSH_InitInventory(invList, qfalse); /* qfalse added to arguements */
list->init();

In: void GAME_HandleResults (struct dbuffer *msg, int winner, int *numSpawned, int *numAlive, int numKilled[][MAX_TEAMS], int numStunned[][MAX_TEAMS])
list->results(msg, winner, numSpawned, numAlive, numKilled, numStunned);
ADD INVSH_InvUnusedRevert(); /* inventory buffer switched back */
break;

inv_shared.c
In: header
static invList_t *invUnused;
ADD static invList_t *invUnusedRevert = 0; /* added */
static item_t cacheItem = {NONE_AMMO, NULL, NULL, 0, 0}; /* to crash as soon as possible */

In: void INVSH_InitInventory (invList_t * invList, int store)
assert(invList);
ADD /* store previous invUnused list? */
ADD if (store)
ADD invUnusedRevert = invUnused;
invUnused = invList;

ADD:
/**
* @brief reverts invUnused back to previous structure list
* @note
*/
void INVSH_InvUnusedRevert ()
{
if (!invUnusedRevert)
return;
invUnused = invUnusedRevert;
invUnusedRevert = NULL;
}


====== geever (2009-03-15 22:36:24) ======

(bit modified) Patch applied to r23538.

-geever
====== sf-robot (2009-03-30 02:20:18) ======

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).
Steps to reproduce this issue
Nothing entered.
Todos (0 / 0)
Issue created
footer_logo.png The Bug Genie 4.3.1 | Support | Feedback spinning_16.gif