Reading scroll of light causes seg fault on OpenBSD

[vext01]

On openbsd/i386 with angband 3.3.0 I get a segfault every time when reading the scroll of light.

Backtrace:

Starting program: /usr/local/bin/angband                                                                                                       
                                                                                                                                               
Program received signal SIGSEGV, Segmentation fault.                                                                                           
0x1c06de06 in project_p (who=-1, r=0, y=44, x=166, dam=8, typ=4, obvious=true) at spells1.c:2837                                               
2837            bool seen = (!blind && m_ptr->ml);                                                                                             
#0  0x1c06de06 in project_p (who=-1, r=0, y=44, x=166, dam=8, typ=4, obvious=true) at spells1.c:2837                                           
#1  0x1c06f517 in project (who=-1, rad=2, y=46, x=166, dam=8, typ=4, flg=Variable "flg" is not available.                                      
) at spells1.c:3438                                                                                                                            
#2  0x1c073449 in light_area (dam=8, rad=2) at spells2.c:2651                                                                                  
#3  0x1c017554 in effect_do (effect=EF_LIGHT, ident=0xcfbef3a7, aware=true, dir=5, beam=0, boost=38) at effects.c:824                          
#4  0x1c011284 in do_cmd_use (code=CMD_READ_SCROLL, args=0x3c0355ec) at cmd-obj.c:641                                                          
#5  0x1c01e982 in process_command (ctx=CMD_GAME, no_request=Variable "no_request" is not available.                                            
) at game-cmd.c:677                                                                                                                            
#6  0x1c014df3 in play_game () at dungeon.c:1082                                                                                               
#7  0x1c09a8b6 in main (argc=1, argv=0xcfbf0384) at main.c:445                                                                                 

$1 = (monster_type *) 0x7c7ddfc4                                                                                                               
Cannot access memory at address 0x7c7ddfc4                                                                                                     
The program is running.  Exit anyway? (y or n)

Save file attached. Just read the scroll in the current room.

Patch would be appreciated ASAP, as I am working on upgarding the openbsd port.

Cheers

[vext01]

savegame file for reproducing bug

[myshkin]

Should project_p() ever get called with who==-1?

[vext01]

Ah, sorry forgot to mention:

        /* Source monster */                                        
        monster_type *m_ptr = cave_monster(cave, who);

In the call above in project_p(), who is -1. Not sure if this is indicating some error state that should be handled?

[magnate]

No, -1 is used to refer to the player, who is not a monster. This enables the project function to handle projections from player or monsters.

But that "/* source monster */" line above should not be called if the source is the player. What baffles me is why this bug only manifests on BSD. Can anyone reproduce it on any other platform?

[d_m]

I could not reproduce this, but I did push a commit to staging incorporating vext01's changes.

Once we confirm that the commit fixes things on OpenBSD I'll close the bug.

[magnate]

Fix now in master [r87b2b3c3d], now pending backport to 3.3-release