URL:
<http://gna.org/bugs/?9545>
Summary: Cam2 mission1 crash II
Project: Warzone Resurrection Project
Submitted by: per
Submitted on: Thursday 07/19/2007 at 20:51
Category: Campaign
Severity: 3 - Normal
Priority: 6
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: svn
Operating System: All
_______________________________________________________
Details:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912498406672 (LWP 3254)]
0x0000000000476db8 in intDisplayMessageButton (psWidget=0x266c910,
xOffset=355, yOffset=629, pColours=0x266c964) at intelmap.c:1403
1403 if (pResearch->psStat)
(gdb) bt full
#0 0x0000000000476db8 in intDisplayMessageButton (psWidget=0x266c910,
xOffset=355, yOffset=629, pColours=0x266c964) at intelmap.c:1403
psButton = (W_CLICKFORM *) 0x266c910
psBuffer = (RENDERED_BUTTON *) 0xa0f8c8
psMsg = (MESSAGE *) 0x1a68e30
Hilight = 0
Down = 16
IMDType = 0
compID = 24420772
image = -1
pResearch = (RESEARCH *) 0x0
psResGraphic = (BASE_STATS *) 0x0
MovieButton = 0
__FUNCTION__ = "intDisplayMessageButton"
__PRETTY_FUNCTION__ = "intDisplayMessageButton"
#1 0x0000000000556a97 in widgDisplayForm (psForm=0x266c910, xOffset=355,
yOffset=629) at widget.c:1528
psCurr = (WIDGET *) 0x0
xOrigin = 0
yOrigin = 0
#2 0x0000000000556b4e in widgDisplayForm (psForm=0x174a150, xOffset=355,
yOffset=629) at widget.c:1560
psCurr = (WIDGET *) 0x266c910
xOrigin = 0
yOrigin = 11
#3 0x0000000000556b4e in widgDisplayForm (psForm=0x1a62060, xOffset=353,
yOffset=612) at widget.c:1560
psCurr = (WIDGET *) 0x174a150
xOrigin = 0
yOrigin = 0
#4 0x0000000000556b4e in widgDisplayForm (psForm=0x46964e0, xOffset=0,
yOffset=0) at widget.c:1560
psCurr = (WIDGET *) 0x1a62060
xOrigin = 0
yOrigin = 0
#5 0x0000000000556ba6 in widgDisplayScreen (psScreen=0x46c6050) at
widget.c:1578
No locals.
#6 0x0000000000462dd0 in intDisplayWidgets () at hci.c:3309
bPlayerHasHQ = 1
#7 0x00000000004810da in gameLoop () at loop.c:556
psCurr = (DROID *) 0x7fff22cfb0f0
psNext = (DROID *) 0x1ff600045
psCBuilding = (STRUCTURE *) 0x300
psNBuilding = (STRUCTURE *) 0x7fff22cfb110
psCFeat = (FEATURE *) 0x0
psNFeat = (FEATURE *) 0x6164200000acd800
i = 32767
widgval = 584036672
quitting = 0
intRetVal = INT_INTERCEPT
clearMode = 3
__FUNCTION__ = "gameLoop"
__PRETTY_FUNCTION__ = "gameLoop"
#8 0x000000000048249c in runGameLoop () at main.c:524
(gdb) p *psWidget
$1 = {formID = 6001, id = 6101, type = WIDG_FORM, style = 4, x = 64, y = 0,
width = 60, height = 46, display = 0x476c27 <intDisplayMessageButton>,
callback = 0, pUserData = 0xa0f8c8, UserData = 0, psNext = 0x2675360}
(gdb) p *pColours
$2 = 225
(gdb) p *psButton
$3 = {formID = 6001, id = 6101, type = WIDG_FORM, style = 4, x = 64, y = 0,
width = 60, height = 46, display = 0x476c27 <intDisplayMessageButton>,
callback = 0, pUserData = 0xa0f8c8, UserData = 0, psNext = 0x2675360,
disableChildren = 0, Ax0 = 0, Ay0 = 0, Ax1 = 0, Ay1 = 0, animCount = 0,
startTime = 0, aColours = {225, 4294967295, 233, 1, 221, 182, 42, 229},
psLastHiLite = 0x0, psWidgets = 0x0, state = 16,
pTip = 0x5ba650 "Current Objective", HilightAudioID = -1, ClickedAudioID =
2, AudioCallback = 0x471b02 <WidgetAudioCallback>}
(gdb) p *psMsg
$4 = {type = MSG_RESEARCH, id = 0, pViewData = 0x3f800000, read = 0, player =
0, psNext = 0x3f80000000000000}
(gdb) p *psMsg->pViewData
Cannot access memory at address 0x3f800000
Valgrind says:
==3387== Invalid read of size 4
==3387== at 0x485DB9: intDisplayMessageButton (intelmap.c:1392)
==3387== by 0x567A6E: widgDisplayForm (widget.c:1528)
==3387== by 0x567B25: widgDisplayForm (widget.c:1560)
==3387== by 0x567B25: widgDisplayForm (widget.c:1560)
==3387== by 0x567B25: widgDisplayForm (widget.c:1560)
==3387== by 0x567B7D: widgDisplayScreen (widget.c:1578)
==3387== by 0x471E1B: intDisplayWidgets (hci.c:3309)
==3387== by 0x490125: gameLoop (loop.c:556)
==3387== by 0x4914E7: runGameLoop (main.c:524)
==3387== by 0x491857: mainLoop (main.c:690)
==3387== by 0x491C46: main (main.c:855)
==3387== Address 0x105A2840 is 0 bytes inside a block of size 32 free'd
==3387== at 0x4A055AB: free (vg_replace_malloc.c:233)
==3387== by 0x495C1B: removeMessageFromList (message.c:242)
==3387== by 0x495A78: removeMessage (message.c:384)
==3387== by 0x4D3A1F: scrRemoveMessage (scriptfuncs.c:1416)
==3387== by 0x58E74C: interpRunScript (interp.c:780)
==3387== by 0x58AEDD: eventFireCallbackTrigger (event.c:1056)
==3387== by 0x49041E: videoLoop (loop.c:696)
==3387== by 0x49183A: mainLoop (main.c:685)
==3387== by 0x491C46: main (main.c:855)
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?9545>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Warzone-dev mailing list
[email protected]
https://mail.gna.org/listinfo/warzone-dev
