Bug#863536: doomsday: Segfaults when attempting to start new game

2017-06-01 Thread Markus Koschany 
Control: tags -1 pending

Am 31.05.2017 um 20:12 schrieb Bernhard Übelacker:
> Hello,
> tried to reproduce the issue.
> 
> I think the problem is that in Cl_IsClientMobj the method maybeAs()
> is called on a NULL pointer on mo->thinker.d.
> 
> With the attached patch the crash does not happen.
> 
> And this time I took the opportunity to play in
> doom1-share.wad and doom2.wad (just short) and found
> no more crashes.
> 
> Kind regards,
> Bernhard

Hi Bernhard,

thanks again for your patch! I have just uploaded a new revision.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#863536: doomsday: Segfaults when attempting to start new game

2017-05-31 Thread Bernhard Übelacker 
Hello,
tried to reproduce the issue.

I think the problem is that in Cl_IsClientMobj the method maybeAs()
is called on a NULL pointer on mo->thinker.d.

With the attached patch the crash does not happen.

And this time I took the opportunity to play in
doom1-share.wad and doom2.wad (just short) and found
no more crashes.

Kind regards,
Bernhard





# gdb -q --args doomsday
(gdb) run
...
Loading map "E1M1"...

Thread 39 "CallbackThread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff873a2700 (LWP 17501)]
0x7476492d in __dynamic_cast () from 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6


(gdb) bt
#0  0x7476492d in __dynamic_cast () at 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
#1  0x555dc9bd in Thinker::IData::maybeAs() 
(this=) at ../libdoomsday/include/doomsday/world/thinker.h:135
#2  0x555dc9bd in Cl_IsClientMobj(mobj_s const*) 
(mo=mo@entry=0x7fffe2663cc0) at src/client/cl_mobj.cpp:214
#3  0x558828e0 in de::Thinkers::add(thinker_s&, bool) 
(this=0x7fff39c58690, th=..., makePublic=makePublic@entry=true) at 
src/world/thinkers.cpp:230
#4  0x55861020 in P_MobjCreate(void (*)(void*), de::Vector3 
const&, unsigned int, double, double, int) (function=0x7fffe1fc3940 
, origin=..., angle=, radius=16, height=128, 
ddflags=536870912) at src/world/p_mobj.cpp:119
#5  0x5580555b in Mobj_CreateXYZ(thinkfunc_t, coord_t, coord_t, 
coord_t, angle_t, coord_t, coord_t, int) (function=, 
x=, y=, z=, angle=, 
radius=, height=, ddflags=) at 
src/world/api_map.cpp:1788
#6  0x7fffe1fc3458 in P_SpawnMobjXYZ (type=type@entry=MT_MISC48, x=288, 
y=-3104, z=0, angle=1073741824, spawnFlags=536870919) at src/p_mobj.c:709
#7  0x7fffe1fc385a in P_SpawnMobj (type=type@entry=MT_MISC48, 
pos=pos@entry=0x7fffe26625c0, angle=, spawnFlags=) at src/p_mobj.c:796
#8  0x7fffe1f6b972 in spawnMapObjects () at ../common/src/p_mapsetup.cpp:593
#9  0x7fffe1f6b972 in P_FinalizeMapChange(uri_s const*) 
(mapUri_=0x7fff873a1900) at ../common/src/p_mapsetup.cpp:894
#10 0x558871c6 in de::WorldSystem::Instance::makeCurrent(de::Map*) 
(this=this@entry=0x56e16b60, newMap=newMap@entry=0x7fff38423e50) at 
src/world/worldsystem.cpp:521
#11 0x55889022 in de::WorldSystem::Instance::changeMap(MapDef*) 
(this=0x56e16b60, mapDef=0x7fff383a08f0) at src/world/worldsystem.cpp:724
#12 0x5588965d in de::WorldSystem::Instance::changeMapWorker(void*) 
(context=) at src/world/worldsystem.cpp:744
#13 0x77243f83 in CallbackThread::run() (this=0x58ae1330) at 
src/concurrency.cpp:76
#14 0x74d45daa in QThreadPrivate::start(void*) (arg=0x58ae1330) at 
thread/qthread_unix.cpp:352
#15 0x76509494 in start_thread (arg=0x7fff873a2700) at 
pthread_create.c:333
#16 0x73f0693f in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:97


(gdb) up
#1  0x555dc9bd in Thinker::IData::maybeAs 
(this=) at ../libdoomsday/include/doomsday/world/thinker.h:135
135 DENG2_AS_IS_METHODS()
(gdb) 
#2  Cl_IsClientMobj (mo=mo@entry=0x7fffe2663cc0) at src/client/cl_mobj.cpp:214
214 if(ClientMobjThinkerData *data = THINKER_DATA_MAYBE(mo->thinker, 
ClientMobjThinkerData))


(gdb) print mo
$3 = (const mobj_t *) 0x7fffe2663cc0
(gdb) print mo->thinker
$4 = {prev = 0x0, next = 0x0, function = 0x7fffe1fc3940 , _flags 
= 0, id = 0, d = 0x0}


#define THINKER_DATA_MAYBE(thinker, T)  (reinterpret_cast((thinker).d)->maybeAs())


(gdb) print mo->thinker.d
$5 = (void *) 0x0


dd_bool Cl_IsClientMobj(mobj_t const *mo)
{
if(ClientMobjThinkerData *data = THINKER_DATA_MAYBE(mo->thinker, 
ClientMobjThinkerData))
{
return data->hasRemoteSync();
}
return false;
}
From 8a6fb59e5dd1965638c70ad9a396eb9bf959e84d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= 
Date: Wed, 31 May 2017 19:59:36 +0200
Subject: Avoid crash when mo->thinker.d is a NULL pointer.

https://bugs.debian.org/863536

(gdb) bt
#0  0x7476492d in __dynamic_cast () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#1  0x555dc9bd in Thinker::IData::maybeAs() (this=) at ../libdoomsday/include/doomsday/world/thinker.h:135
#2  0x555dc9bd in Cl_IsClientMobj(mobj_s const*) (mo=mo@entry=0x7fffe2663cc0) at src/client/cl_mobj.cpp:214
#3  0x558828e0 in de::Thinkers::add(thinker_s&, bool) (this=0x7fff39c58690, th=..., makePublic=makePublic@entry=true) at src/world/thinkers.cpp:230
#4  0x55861020 in P_MobjCreate(void (*)(void*), de::Vector3 const&, unsigned int, double, double, int) (function=0x7fffe1fc3940 , origin=..., angle=, radius=16, height=128, ddflags=536870912) at src/world/p_mobj.cpp:119
#5  0x5580555b in Mobj_CreateXYZ(thinkfunc_t, coord_t, coord_t, coord_t, angle_t, coord_t, coord_t, int) (function=, x=, y=, z=, angle=, radius=, height=, ddflags=) at src/world/api_map.cpp:1788
#6  0x7fffe1fc3458 in P_SpawnMobjXYZ (type=type@entry=MT_MISC48, x=288, y=-3104, z=0, angle=1073741824, spaw

Bug#863536: doomsday: Segfaults when attempting to start new game

2017-05-28 Thread Hans Joachim Desserud 

Package: doomsday
Version: 1.15.8-4
Severity: important

Dear Maintainer,


Thanks for resolving 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847651. I no longer 
get a segfault at

startup, but I do see one when attempting to start a new
game:

^ : Starting music 'intro'
fluidsynth: warning: Failed to pin the sample data to RAM; swapping is 
possible.
fluidsynth: warning: Failed to pin the sample data to RAM; swapping is 
possible.

Game begins...

Episode: Knee-Deep In The Dead (Singleplayer)

S_StartMusic: Starting music 'e1m1'
Loading map "E1M1"...
Segmentation fault

So it looks like there might be more issues. I get similar
segfaults with both doom-shareware wad as well as freedoom.
I can navigate the menu and options fine, but it crashes
when attempting to start a new game.

It should be noted that I'm trying to run this in a VM, so
if I'm the only one who can reproduce this, I can dig
into whether it is related to the 3D graphics somehow.


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages doomsday depends on:
ii  doomsday-common   1.15.8-4
ii  doomsday-data 1.15.8-4
ii  libc6 2.24-10
ii  libgcc1   1:6.3.0-18
ii  libgl1-mesa-glx [libgl1]  13.0.6-1+b2
ii  libqt4-network4:4.8.7+dfsg-11
ii  libqt4-opengl 4:4.8.7+dfsg-11
ii  libqtcore44:4.8.7+dfsg-11
ii  libqtgui4 4:4.8.7+dfsg-11
ii  libsdl2-2.0-0 2.0.5+dfsg1-2
ii  libsdl2-mixer-2.0-0   2.0.1+dfsg1-1
ii  libstdc++66.3.0-18

Versions of packages doomsday recommends:
ii  fluid-soundfont-gm  3.1-5.1

doomsday suggests no packages.

-- no debconf information


--
mvh / best regards
Hans Joachim Desserud
http://desserud.org