Seg fault in CSoundData::SoundDataFromFile

[historic_bruno]

Reported by scythetwirler, using 64-bit Ubuntu 12.04. Not easily reproducible, but similar to other intermittent errors like #2057 and another crash I had while testing #1995 on Win 7 64-bit (see ​http://pastebin.com/V43Fp2sx) - all related to CSoundManager::IdleTask.

gdb backtrace:

#0  0x00007ffff515e3c9 in std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >::rfind(wchar_t, unsigned long) const ()
   from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
No symbol table info available.
#1  0x00000000005f0b65 in find_last_of (__pos=18446744073709551615, __c=<optimized out>, this=0x7fffffffdc40) at /usr/include/c++/4.6/bits/basic_string.h:2022
No locals.
#2  Filename (this=0x7fffffffdc40) at ../../../source/lib/path.h:160
        idxSlash = <optimized out>
#3  Extension (this=0x7fffffffdc40) at ../../../source/lib/path.h:178
        filename = {path = {static npos = <optimized out>,
            _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>}, _M_p = 0x0}},
          separator = 8499865 L'\x81b299'}
        idxDot = <optimized out>
#4  CSoundData::SoundDataFromFile (itemPath=...) at ../../../source/soundmanager/data/SoundData.cpp:70
        fExt = {path = {static npos = <optimized out>, _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>},
              _M_p = 0x7fffffffdb60 L"\xffffdb70翿\x75940c00\xa34f1c4b\xd17f740"}}, separator = 0 L'\000'}
        itemFind = <optimized out>
        answer = <optimized out>
#5  0x00000000005ee9a2 in CSoundManager::LoadItem (this=0xbce940, itemPath=...) at ../../../source/soundmanager/SoundManager.cpp:523
        itemData = <optimized out>
#6  0x00000000005ef29c in CSoundManager::IdleTask (this=0xbce940) at ../../../source/soundmanager/SoundManager.cpp:589
        it = <optimized out>
        nextPath = {path = {static npos = <optimized out>,
            _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>}, _M_p = 0x5bff7e0 L"P"}},
          separator = 92 L'\\'}
        aSnd = <optimized out>
#7  0x00000000005d11c4 in Render () at ../../../source/ps/GameSetup/GameSetup.cpp:197
        profile2__ = {m_Name = 0x900615 "render"}
#8  0x000000000041f172 in Frame () at ../../../source/main.cpp:393
        profile2__ = {m_Name = 0x8a87d6 "dispatch events"}
        realTimeSinceLastFrame = 0.0182406362
        need_render = true
        profile2__ = {m_Name = 0x8e6425 "frame"}
        time = <optimized out>
        need_update = false
        is_building_archive = false
#9  RunGameOrAtlas (argc=<optimized out>, argv=<optimized out>) at ../../../source/main.cpp:508
        args = {m_Args = {<std::_Vector_base<std::pair<CStr8, CStr8>, std::allocator<std::pair<CStr8, CStr8> > >> = {
              _M_impl = {<std::allocator<std::pair<CStr8, CStr8> >> = {<__gnu_cxx::new_allocator<std::pair<CStr8, CStr8> >> = {<No data fields>}, <No data fields>},
                _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, <No data fields>}, m_Arg0 = {path = {static npos = <optimized out>,
              _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>},
                _M_p = 0xbcdea8 L"/home/casey/0ad/binaries/system/pyrogenesis"}}, separator = 47 L'/'}}
        ran_atlas = <optimized out>
        res = <optimized out>

[historic_bruno]

Another back trace: ​http://pastebin.com/JCiQHYAd

As Philip pointed out in IRC, the bug is likely this part of CSoundManager::IdleTask:

PlayList::iterator it = find (m_PlayListItems->begin(), m_PlayListItems->end(),
                               *(m_CurrentTune->GetName()) );
++it;

if find() returns the end iterator, then incrementing it is undefined behavior, it may or may not be the end iterator anymore. So on some systems, the bug can slip by unnoticed, but for scythetwirler, it becomes invalid and dereferencing it leads to a crash.

But the other issue is why find() would return the end iterator, that could be a logic error in the playlist code (both need to be fixed).

[historic_bruno]

Hi stwf! scythetwirler also reported in ​IRC:

[18:55:07] <scythetwirler> historicbruno: Ah, here's something that might help./
[18:55:18] <scythetwirler> right before it crashes it starts playing on the dayscape oggs.
[18:58:43] <@historicbruno> scythetwirler: in match setup?!
[18:58:50] <scythetwirler> yeah
[18:58:53] <scythetwirler> I hear birds chirping
[18:59:02] <scythetwirler> I'm really not sure it would play that :/
[18:59:04] <@historicbruno> that makes no sense at all
[18:59:06] <scythetwirler> *why

[historic_bruno]

Here are the minimal steps to reproduce the crash:

• Start 0 A.D.
• Load map
• Wait a few seconds, then exit to main menu
• Wait for main theme to end
• Wait for at least 15 seconds
• Crash

The cause of the crash being that the playlist is from the session (e.g. "Dried Tears" defeat track), but the current track is not in the playlist ("Honour Bound"), so when the current track ends, find() returns the end iterator, etc. I guess the playlist should be cleared/reset when the game ends.

Ambient sounds in the menu has a related cause:

• Start 0 A.D.
• Load map
• Wait until you hear bird sounds, then exit to main menu
• Make the window lose and regain focus
• Now you should hear ambient sounds in the main menu

Ambient sounds should also be cleared when the game ends.

[stwf]

OK, this should be fixed as of revision 13784. Now all songs are part of a playlist, so the issues that led to the segfault are gone. The code that caused the segfault has also been hardened. I added a CloseGame call to the SoundManager that can be expanded in the future as needs arise. Currently it just shuts off the ambient sounds.