Opened 3 years ago

Closed 3 years ago

#1533 closed bug (fixed (in master))

Reading scroll of light causes seg fault on OpenBSD

Reported by: vext01 Owned by:
Milestone: 3.3.1 Keywords: unix
Cc:

Description (last modified by myshkin)

On openbsd/i386 with angband 3.3.0 I get a segfault every time when reading the scroll of light.

Backtrace:

Starting program: /usr/local/bin/angband                                                                                                       
                                                                                                                                               
Program received signal SIGSEGV, Segmentation fault.                                                                                           
0x1c06de06 in project_p (who=-1, r=0, y=44, x=166, dam=8, typ=4, obvious=true) at spells1.c:2837                                               
2837            bool seen = (!blind && m_ptr->ml);                                                                                             
#0  0x1c06de06 in project_p (who=-1, r=0, y=44, x=166, dam=8, typ=4, obvious=true) at spells1.c:2837                                           
#1  0x1c06f517 in project (who=-1, rad=2, y=46, x=166, dam=8, typ=4, flg=Variable "flg" is not available.                                      
) at spells1.c:3438                                                                                                                            
#2  0x1c073449 in light_area (dam=8, rad=2) at spells2.c:2651                                                                                  
#3  0x1c017554 in effect_do (effect=EF_LIGHT, ident=0xcfbef3a7, aware=true, dir=5, beam=0, boost=38) at effects.c:824                          
#4  0x1c011284 in do_cmd_use (code=CMD_READ_SCROLL, args=0x3c0355ec) at cmd-obj.c:641                                                          
#5  0x1c01e982 in process_command (ctx=CMD_GAME, no_request=Variable "no_request" is not available.                                            
) at game-cmd.c:677                                                                                                                            
#6  0x1c014df3 in play_game () at dungeon.c:1082                                                                                               
#7  0x1c09a8b6 in main (argc=1, argv=0xcfbf0384) at main.c:445                                                                                 

$1 = (monster_type *) 0x7c7ddfc4                                                                                                               
Cannot access memory at address 0x7c7ddfc4                                                                                                     
The program is running.  Exit anyway? (y or n)

Save file attached. Just read the scroll in the current room.

Patch would be appreciated ASAP, as I am working on upgarding the openbsd port.

Cheers

Attachments (1)

angband-bug-save.tgz (6.6 KB) - added by vext01 3 years ago.
savegame file for reproducing bug

Download all attachments as: .zip

Change History (7)

Changed 3 years ago by vext01

savegame file for reproducing bug

comment:1 Changed 3 years ago by myshkin

  • Description modified (diff)

Should project_p() ever get called with who==-1?

comment:2 Changed 3 years ago by vext01

Ah, sorry forgot to mention:

        /* Source monster */                                        
        monster_type *m_ptr = cave_monster(cave, who);

In the call above in project_p(), who is -1. Not sure if this is indicating some error state that should be handled?

comment:3 Changed 3 years ago by magnate

No, -1 is used to refer to the player, who is not a monster. This enables the project function to handle projections from player or monsters.

But that "/* source monster */" line above should not be called if the source is the player. What baffles me is why this bug only manifests on BSD. Can anyone reproduce it on any other platform?

comment:4 Changed 3 years ago by d_m

I could not reproduce this, but I did push a commit to staging incorporating vext01's changes.

Once we confirm that the commit fixes things on OpenBSD I'll close the bug.

comment:5 Changed 3 years ago by magnate

  • Keywords unix added
  • Milestone changed from Triage to 3.3.1
  • Status changed from new to pending

Fix now in master [r87b2b3c3d], now pending backport to 3.3-release

comment:6 Changed 3 years ago by magnate

  • Resolution set to fixed
  • Status changed from pending to closed
Note: See TracTickets for help on using tickets.