Ubuntu
abuse-sdl package

Bug #3616
Comment #3

Comment 3 for bug 3616

Revision history for this message

Lakin Wecker (lakin) wrote on 2006-01-05:

I built a debug version of abuse-sdl on amd64, the following is a backtrace and some extra info:

(gdb) r
Starting program: /home/lakin/Documents/remote-dev/abuse-sdl-0.7.0/src/abuse.sdl
[Thread debugging using libthread_db enabled]
[New Thread 46912536229648 (LWP 21777)]
Added himem block (3072000 bytes)
Memory available : 3071856
Abuse-SDL 0.7.0

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912536229648 (LWP 21777)]
0x00002aaaab6527ff in strcpy () from /lib/libc.so.6
(gdb) where
#0 0x00002aaaab6527ff in strcpy () from /lib/libc.so.6
#1 0x000000000048e747 in set_save_filename_prefix (
save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...) at specs.cpp:102
#2 0x0000000000480d09 in setup (argc=1, argv=0x7fffffca1418) at setup.cpp:374
#3 0x0000000000475c17 in main (argc=1, argv=0x7fffffca1418) at game.cpp:2611
(gdb) up
#1 0x000000000048e747 in set_save_filename_prefix (
save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...) at specs.cpp:102
102 strcpy( save_spec_prefix, save_prefix );
(gdb) print save_spec_prefix
$1 = 0x2aaaad0ec0d4 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...
(gdb) print save_prefix
$2 = 0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...
(gdb) b specs.cpp:102
Breakpoint 1 at 0x48e737: file specs.cpp, line 102.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/lakin/Documents/remote-dev/abuse-sdl-0.7.0/src/abuse.sdl
[Thread debugging using libthread_db enabled]
[New Thread 46912536229648 (LWP 21785)]
Added himem block (3072000 bytes)
Memory available : 3071856
Abuse-SDL 0.7.0
[Switching to Thread 46912536229648 (LWP 21785)]

Breakpoint 1, set_save_filename_prefix (save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff\uffff*") at specs.cpp:102
102 strcpy( save_spec_prefix, save_prefix );
(gdb) print save_spec_prefix
$3 = 0x2aaaad0ec0d4 "\uffff*"
(gdb) print save_prefix
$4 = 0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff\uffff*"
(gdb)

I checked the code, and realized that the jmalloc line before line 102, seemed to be the culprit as it corrupts the save_prefix string. I was able to build a version of abuse-sdl that did not use jmalloc( by changing the header src/imlib/include/jmalloc.hpp to redirect those calls to malloc and friends + some other small changes). In this case, it ran further, but segfaulted later on:

(gdb) r
Starting program: /home/lakin/.local/bin/abuse.sdl
[Thread debugging using libthread_db enabled]
[New Thread 46912536229648 (LWP 21845)]
Added himem block (3072000 bytes)
Memory available : 3071856
Abuse-SDL 0.7.0
Abuse (Version 2.00)
Sound : Disabled (couldn't find the sfx directory)
Specs : main file set to abuse.spe
Protocol Installed : UNIX generic TCPIP
Lisp : 529 symbols defined, 99 system functions, 321 pre-compiled functions
(load "abuse.lsp") [........ ]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912536229648 (LWP 21845)]
0x0000000000428460 in eval_user_fun (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:2963
warning: Source file is more recent than executable.

2963 l_user_stack.push(((lisp_symbol *)CAR(f_arg))->value);
(gdb) where
#0 0x0000000000428460 in eval_user_fun (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:2963
#1 0x000000000042f20a in eval_function (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:1491
#2 0x000000000042773b in eval (prog=0x641714) at lisp.cpp:3068
#3 0x0000000000452a4e in character_type (this=0x66ac00, args=0x641574, name=0x65da20) at chars.cpp:372
#4 0x000000000041c6e3 in l_caller (number=23, args=0x64154b) at clisp.cpp:775
#5 0x000000000042f35e in eval_function (sym=0x649050, arg_list=0x64154b) at lisp.cpp:1535
#6 0x000000000042773b in eval (prog=0x641533) at lisp.cpp:3068
#7 0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x640f5e) at lisp.cpp:2451
#8 0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x640f5e) at lisp.cpp:1533
#9 0x000000000042773b in eval (prog=0x640f46) at lisp.cpp:3068
#10 0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x640110) at lisp.cpp:2451
#11 0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x640110) at lisp.cpp:1533
#12 0x000000000042773b in eval (prog=0x6400f8) at lisp.cpp:3068
#13 0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x2aaaad811028) at lisp.cpp:2451
#14 0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x2aaaad811028) at lisp.cpp:1533
#15 0x000000000042773b in eval (prog=0x2aaaad811010) at lisp.cpp:3068
#16 0x0000000000461463 in load_data (argc=1, argv=0x7fffff857a78) at loader2.cpp:334
#17 0x00000000004722e0 in game (this=0x64a5d0, argc=1, argv=0x7fffff857a78) at game.cpp:1427
#18 0x00000000004754e0 in main (argc=1, argv=0x7fffff857a78) at game.cpp:2678
(gdb) print f_arg
$1 = (void *) 0x65da60
(gdb) print CAR(f_arg)
No symbol "CAR" in current context.
(gdb)

I built a debug version of abuse-sdl on amd64, the following is a backtrace and some extra info:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912536229648 (LWP 21777)]
0x00002aaaab6527ff in strcpy () from /lib/libc.so.6
(gdb) where
#0  0x00002aaaab6527ff in strcpy () from /lib/libc.so.6
#1  0x000000000048e747 in set_save_filename_prefix (
    save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...) at specs.cpp:102
#2  0x0000000000480d09 in setup (argc=1, argv=0x7fffffca1418) at setup.cpp:374
#3  0x0000000000475c17 in main (argc=1, argv=0x7fffffca1418) at game.cpp:2611
(gdb) up
#1  0x000000000048e747 in set_save_filename_prefix (
    save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...) at specs.cpp:102
102                     strcpy( save_spec_prefix, save_prefix );
(gdb) print save_spec_prefix
$1 = 0x2aaaad0ec0d4 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...
(gdb) print save_prefix
$2 = 0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff/home/lakin/.abu\uffff\uffff\016\uffff"...
(gdb) b specs.cpp:102
Breakpoint 1 at 0x48e737: file specs.cpp, line 102.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/lakin/Documents/remote-dev/abuse-sdl-0.7.0/src/abuse.sdl
[Thread debugging using libthread_db enabled]
[New Thread 46912536229648 (LWP 21785)]
Added himem block (3072000 bytes)
Memory available : 3071856
Abuse-SDL 0.7.0
[Switching to Thread 46912536229648 (LWP 21785)]

Breakpoint 1, set_save_filename_prefix (save_prefix=0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff\uffff*") at specs.cpp:102
102                     strcpy( save_spec_prefix, save_prefix );
(gdb) print save_spec_prefix
$3 = 0x2aaaad0ec0d4 "\uffff*"
(gdb) print save_prefix
$4 = 0x2aaaad0ec0c0 "/home/lakin/.abu\uffff\uffff\016\uffff\uffff*"
(gdb)

I checked the code, and realized that the jmalloc line before line 102, seemed to be the culprit as it corrupts the save_prefix string.  I was able to build a version of abuse-sdl that did not use jmalloc( by changing the header src/imlib/include/jmalloc.hpp to redirect those calls to malloc and friends + some other small changes).  In this case,  it ran further, but segfaulted later on:

(gdb) r
Starting program: /home/lakin/.local/bin/abuse.sdl
[Thread debugging using libthread_db enabled]
[New Thread 46912536229648 (LWP 21845)]
Added himem block (3072000 bytes)
Memory available : 3071856
Abuse-SDL 0.7.0
 Abuse (Version 2.00)
Sound : Disabled (couldn't find the sfx directory)
Specs : main file set to abuse.spe
Protocol Installed : UNIX generic TCPIP
Lisp : 529 symbols defined, 99 system functions, 321 pre-compiled functions
(load "abuse.lsp") [........                                ]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912536229648 (LWP 21845)]
0x0000000000428460 in eval_user_fun (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:2963
warning: Source file is more recent than executable.

2963        l_user_stack.push(((lisp_symbol *)CAR(f_arg))->value);
(gdb) where
#0  0x0000000000428460 in eval_user_fun (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:2963
#1  0x000000000042f20a in eval_function (sym=0x651df0, arg_list=0x64172c) at lisp.cpp:1491
#2  0x000000000042773b in eval (prog=0x641714) at lisp.cpp:3068
#3  0x0000000000452a4e in character_type (this=0x66ac00, args=0x641574, name=0x65da20) at chars.cpp:372
#4  0x000000000041c6e3 in l_caller (number=23, args=0x64154b) at clisp.cpp:775
#5  0x000000000042f35e in eval_function (sym=0x649050, arg_list=0x64154b) at lisp.cpp:1535
#6  0x000000000042773b in eval (prog=0x641533) at lisp.cpp:3068
#7  0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x640f5e) at lisp.cpp:2451
#8  0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x640f5e) at lisp.cpp:1533
#9  0x000000000042773b in eval (prog=0x640f46) at lisp.cpp:3068
#10 0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x640110) at lisp.cpp:2451
#11 0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x640110) at lisp.cpp:1533
#12 0x000000000042773b in eval (prog=0x6400f8) at lisp.cpp:3068
#13 0x000000000042d2e1 in eval_sys_function (fun=0x62c7b4, arg_list=0x2aaaad811028) at lisp.cpp:2451
#14 0x000000000042f33d in eval_function (sym=0x642a90, arg_list=0x2aaaad811028) at lisp.cpp:1533
#15 0x000000000042773b in eval (prog=0x2aaaad811010) at lisp.cpp:3068
#16 0x0000000000461463 in load_data (argc=1, argv=0x7fffff857a78) at loader2.cpp:334
#17 0x00000000004722e0 in game (this=0x64a5d0, argc=1, argv=0x7fffff857a78) at game.cpp:1427
#18 0x00000000004754e0 in main (argc=1, argv=0x7fffff857a78) at game.cpp:2678
(gdb) print f_arg
$1 = (void *) 0x65da60
(gdb) print CAR(f_arg)
No symbol "CAR" in current context.
(gdb)

Ubuntuabuse-sdl package

Comment 3 for bug 3616

Ubuntu
abuse-sdl package