Technical support > Feature Requests

Village mission crash (now with patch)

<< < (2/3) > >>

ubequitz:
Dang... I take that back... CM_FreeTile only frees tile->extraData

 my only explanation is extraData is written in the same memory region as sv.models[1]

so it is even more complex... back to square 2...

ubequitz:
Ok, this _might_ be related. Something here looks strange:

in CMod_LoadSubmodels [qcommon/cmodel.c]:

--- Code: ---
out->tile = curTile - mapTiles;

--- End code ---

where out has type cmodel_t, so looking in [game/q_shared.h] cmodel_t->tile we find this has type int. However curTile and mapTile_t are of type *mapTile_t

Looks odd indeed

ubequitz:
Well if I comment out the /* free stuff */ block in qcommon/cmodel.c I can not reproduce this bug (tried 26 times in a row, previous record was 7). So that freeing I would say is causing my system issues, but I don't understand how or why...

ubequitz:
OH boy, I think I have finally figured it out

sv.models[1] is mapped to &mapTiles[1].cmodels[258] via qcommon/cmodel.c : CM_InlineModel

&mapTiles[1].cmodels[258] exists in shared memory since it is allocated by qcommon/cmodel.c : CMod_LoadSubmodels

this shared memory is then freed by CM_LoadMap [qcommon/cmodel.c]

but there is still a function that tries to use sv.models[1] after the free (namely SV_HullForEntity [server/sv_world.c]).

obviously no guarantee that that memory hasn't been overwritten since a whole chunk of previously allocated shared memory where that data was is now unmapped. Hence might work some of the time, and not work at other times....

Not sure why it is happening for me on the Village map only though.

PS: this is a log of allocations around the critical section:

==== InitGame ====
------- Server Initialization -------
CM_AddMapTile: curTile->extraData = Hunk_Begin(0x400000)
Hunk_Begin called with maxsize: 4194304
CMod_LoadSurfaces: out = Hunk_Alloc
Hunk_Alloc called with size: 141632, curhunksize: 141632
CMod_LoadLeafs: out = Hunk_Alloc
Hunk_Alloc called with size: 89344, curhunksize: 230976
CMod_LoadLeafBrushes: out = Hunk_Alloc
Hunk_Alloc called with size: 8000, curhunksize: 238976
CMod_LoadPlanes: out = Hunk_Alloc
Hunk_Alloc called with size: 102688, curhunksize: 341664
CMod_LoadBrushes: out = Hunk_Alloc
Hunk_Alloc called with size: 29920, curhunksize: 371584
CMod_LoadBrushSides: out = Hunk_Alloc
Hunk_Alloc called with size: 203072, curhunksize: 574656
CMod_LoadSubmodels: out = Hunk_Alloc
Hunk_Alloc called with size: 11424, curhunksize: 586080
CMod_LoadNodes: out = Hunk_Alloc
Hunk_Alloc called with size: 446464, curhunksize: 1032544
CM_MakeNodes: curTile->tnodes = Hunk_Alloc
Hunk_Alloc called with size: 356992, curhunksize: 1389536
CM_AddMapTile: curTile->extraData = Hunk_End()
Hunk_End called. Final curhunksize: 1389536
ED_CallSpawn: NULL classname
Created AI player (team 0)
Created AI player (team 7)
-------------------------------------
0.0.0.0:0: client_connect


^]^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^_

^Bvillage07d
CL_Precache_f
CM_FreeTile: freeing tile->extradata
Hunk_Free called. curhunksize b4 free: 1389540
CM_AddMapTile: curTile->extraData = Hunk_Begin(0x400000)
Hunk_Begin called with maxsize: 4194304
CMod_LoadSurfaces: out = Hunk_Alloc
Hunk_Alloc called with size: 141632, curhunksize: 141632
CMod_LoadLeafs: out = Hunk_Alloc
Hunk_Alloc called with size: 89344, curhunksize: 230976
CMod_LoadLeafBrushes: out = Hunk_Alloc
Hunk_Alloc called with size: 8000, curhunksize: 238976
CMod_LoadPlanes: out = Hunk_Alloc
Hunk_Alloc called with size: 102688, curhunksize: 341664
CMod_LoadBrushes: out = Hunk_Alloc
Hunk_Alloc called with size: 29920, curhunksize: 371584
CMod_LoadBrushSides: out = Hunk_Alloc
Hunk_Alloc called with size: 203072, curhunksize: 574656
CMod_LoadSubmodels: out = Hunk_Alloc
Hunk_Alloc called with size: 11424, curhunksize: 586080
CMod_LoadNodes: out = Hunk_Alloc
Hunk_Alloc called with size: 446464, curhunksize: 1032544
CM_MakeNodes: curTile->tnodes = Hunk_Alloc
Hunk_Alloc called with size: 356992, curhunksize: 1389536
CM_AddMapTile: curTile->extraData = Hunk_End()
Hunk_End called. Final curhunksize: 1389536
LoadMap
Map: village07d

Notice the pattern repeats, it is separated by a Hunk_Free call... actually the data loaded after the Hunk_Free is identical to the earlier data as far as I can tell... the Hunk_Free just corrupts our sv.model[1] data then restores the original data back in a new memory location.... I would have to double check this though.

Bandobras:
Congrats on tracing down the Hunk_Free issue! Keep up the good work!


--- Quote from: "ubequitz" ---
--- Code: ---
out->tile = curTile - mapTiles;

--- End code ---

where out has type cmodel_t, so looking in [game/q_shared.h] cmodel_t->tile we find this has type int. However curTile and mapTile_t are of type *mapTile_t

Looks odd indeed
--- End quote ---


Such oddities are common in C, AFAICT. This should work OK...

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version