Bug#604172: lincity-ng crash (easyly reproducible)

Thu, 02 Dec 2010 13:06:17 -0800 

Hi

i digged a little more this weird bug :
In attachment you'll find 
- a simple patch that fix this (or more probably a workaround)
- the backtrack from gdb (on latest svn)
        (game map is bounded by (0,0) < (x,y) < (100,100) )

I just don't understand why this bug does not happen all the time, 
and stayed hidden for so long (it appears in a very stable part of
the code, untouched for years)

I'll try to have a deeper understanding later.

Cheers
Alain

Index: src/lincity-ng/GameView.cpp
===================================================================
--- src/lincity-ng/GameView.cpp	(révision 1604)
+++ src/lincity-ng/GameView.cpp	(copie de travail)
@@ -1777,6 +1777,9 @@
 int GameView::bulldozeCost( MapPoint tile ){
     int group;
     int prize = 0;
+    if ( (tile.x < 0) || (tile.x >= WORLD_SIDE_LEN) || (tile.y < 0) || (tile.y >= WORLD_SIDE_LEN) )
+	    return 0;
+
     if (MP_TYPE( tile.x, tile.y) == CST_USED)
         group = MP_GROUP( MP_INFO(tile.x,tile.y).int_1,
                           MP_INFO(tile.x,tile.y).int_2 );

Program received signal SIGSEGV, Segmentation fault.
0x0000000000431502 in GameView::bulldozeCost (this=0x9993e0, tile=...) at 
src/lincity-ng/GameView.cpp:1780
1780        if (MP_TYPE( tile.x, tile.y) == CST_USED)
(gdb) bt
#0  0x0000000000431502 in GameView::bulldozeCost (this=0x9993e0, tile=...) at 
src/lincity-ng/GameView.cpp:1780
#1  0x0000000000430b7a in GameView::draw (this=0x9993e0, painter=...) at 
src/lincity-ng/GameView.cpp:1683
#2  0x000000000046c6fa in Component::drawChild (this=0x9ad650, child=..., 
painter=...) at src/gui/Component.cpp:66
#3  0x000000000046c7b9 in Component::draw (this=0x9ad650, painter=...) at 
src/gui/Component.cpp:81
#4  0x0000000000480c83 in Desktop::draw (this=0x9ad650, painter=...) at 
src/gui/Desktop.cpp:108
#5  0x0000000000434020 in Game::run (this=0x884d00) at 
src/lincity-ng/Game.cpp:238
#6  0x000000000040b2d1 in mainLoop () at src/lincity-ng/main.cpp:409
#7  0x000000000040bf1d in main (argc=1, argv=0x7fffffffe588) at 
src/lincity-ng/main.cpp:557
(gdb) p tile.x
$1 = -102
(gdb) p tile.y
$2 = -36
(gdb) p MP_TYPE(-102,-36)
Cannot access memory at address 0x70f568

Reply via email to