Angband.oook.cz
Angband.oook.cz
AboutVariantsLadderForumCompetitionComicScreenshotsFunniesLinks

Go Back   Angband Forums > Angband > Development

Reply
 
Thread Tools Display Modes
Old July 22, 2016, 22:05   #1
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
woohoo! found the bug!

Severity 0: Game crashes reliably in drop_near when firing a missile.
Cause: drop_near attempts to examine the object after it has been deleted in object_absorb in a floor pile of similar objects.
Line 1009: dropped-oidx is garbage after being freed in object absorption in the floor. Absolutely cannot use after reference.
Possible solution: Make floor_carry take a reference pointer, in case the object is absorbed by a pile.
Pete Mack is offline   Reply With Quote
Old July 22, 2016, 23:18   #2
Nick
Vanilla maintainer
 
Nick's Avatar
 
Join Date: Apr 2007
Location: Canberra, Australia
Age: 54
Posts: 7,860
Donated: $60
Nick will become famous soon enough
Thanks, I'll check that out. Since player knowledge, object_absorb() has been a rich source of bugs...

Is this in master or the curses branch?
__________________
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
Nick is offline   Reply With Quote
Old July 22, 2016, 23:22   #3
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
Ok, now that I found it, I am looking for other uses of an object ptr after drop_near. Jwre is the list:
obj-gear.c, line 1050
Out of 10 total uses. Recommendation:
Make drop_near pass-by-reference, so the dropped object cannot disappear out of the calling scope. This is very risky code.
Pete Mack is offline   Reply With Quote
Old July 23, 2016, 00:34   #4
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
Master. I haven't updated in a couple weeks tho.
Pete Mack is offline   Reply With Quote
Old July 23, 2016, 00:41   #5
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
In my local copy I just moved the message or message condition to prior to the drop code. To preserve your sanity, I recommend invalidating any object in a destructive call, so that errors like this show up earlier.

Edit:
I suspect these bugs are very longstanding indeed.
Pete Mack is offline   Reply With Quote
Old July 24, 2016, 05:30   #6
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
Hmm. Another fault (this time just a trap from the debugger on access to freed memory, but it's the same type of issue.)
Unfortunately it is in object delete in floor_pile_know, when moving into a room with objects detected by !enlightenment. That is a much harder one to track down.
Pete Mack is offline   Reply With Quote
Old July 24, 2016, 20:38   #7
PowerWyrm
Prophet
 
PowerWyrm's Avatar
 
Join Date: Apr 2008
Posts: 2,672
PowerWyrm is on a distinguished road
Quote:
Originally Posted by Pete Mack View Post
Severity 0: Game crashes reliably in drop_near when firing a missile.
Cause: drop_near attempts to examine the object after it has been deleted in object_absorb in a floor pile of similar objects.
Line 1009: dropped-oidx is garbage after being freed in object absorption in the floor. Absolutely cannot use after reference.
Possible solution: Make floor_carry take a reference pointer, in case the object is absorbed by a pile.
Already reported ages ago lol: http://angband.oook.cz/forum/showpos...21&postcount=5
__________________
PWMAngband variant maintainer - check http://powerwyrm.monsite-orange.fr (or http://www.mangband.org/forum/viewforum.php?f=9) to learn more about this new variant!
PowerWyrm is offline   Reply With Quote
Old July 31, 2016, 01:26   #8
Nick
Vanilla maintainer
 
Nick's Avatar
 
Join Date: Apr 2007
Location: Canberra, Australia
Age: 54
Posts: 7,860
Donated: $60
Nick will become famous soon enough
Quote:
Originally Posted by Pete Mack View Post
Ok, now that I found it, I am looking for other uses of an object ptr after drop_near. Jwre is the list:
obj-gear.c, line 1050
Out of 10 total uses. Recommendation:
Make drop_near pass-by-reference, so the dropped object cannot disappear out of the calling scope. This is very risky code.
I've done a fix to this in a36e0e5 - does that address your concerns?
__________________
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
Nick is offline   Reply With Quote
Old July 31, 2016, 03:22   #9
Pete Mack
Prophet
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 5,414
Donated: $40
Pete Mack is on a distinguished road
Yes, it's well done. (It occurred to me later that the right thing to do is to return the new value, if the object moved into a stack. But that' still not a good idea, for the not-so-rare case where the object disappears on dropping onto an already full square.)
Pete Mack is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Woohoo! My second 4.0beta win! Ingwe Ingweron AAR 1 May 13, 2015 22:46
Bug found in ui.c. CJNyfalt Development 1 July 13, 2011 21:15
Bug: You have found - gold pieces worth of adamantie Raggy Vanilla 6 July 6, 2011 04:23
Trickery from BM, woohoo! Timo Pietil AAR 14 November 14, 2010 00:20
Found a pseudo-id bug.. i think. timtek Vanilla 8 September 6, 2009 22:47


All times are GMT +1. The time now is 23:15.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.