Opened 7 years ago
Last modified 7 years ago
#4788 new defect
CCmpFootprint / CCmpPathfinder Segfault on a tiny square danubius map
Reported by: | elexis | Owned by: | |
---|---|---|---|
Priority: | Should Have | Milestone: | Backlog |
Component: | Core engine | Keywords: | pathfinding |
Cc: | Patch: |
Description
Often getting a segfault in case of setting danubius to a square map in the json file. The attached replay reproduces the issue reliably on alpha 22.
Stacktrace:
#0 CCmpPathfinder::CheckUnitPlacement (this=0x1895680, filter=..., x=..., z=..., r=..., passClass=<optimized out>) at ../../../source/simulation2/components/CCmpPathfinder.cpp:819 #1 0x000000000050806c in CCmpFootprint::PickSpawnPoint (this=0x639ce20, spawned=<optimized out>) at ../../../source/simulation2/components/CCmpFootprint.cpp:253 #2 0x000000000054809b in ScriptInterface_NativeMethodWrapper<CFixedVector3D, ICmpFootprint>::call<CFixedVector3D (ICmpFootprint::*)(unsigned int) const, unsigned int> ( fptr=&virtual ICmpFootprint::PickSpawnPoint(unsigned int) const, c=0x639ce20, rval=..., cx=0x13024b0) at ../../../source/scriptinterface/NativeWrapperDefns.h:98 #3 ScriptInterface::callMethodConst<CFixedVector3D, unsigned int, &class_ICmpFootprint, ICmpFootprint, &(ICmpFootprint::PickSpawnPoint(unsigned int) const)> (cx=0x13024b0, argc=<optimized out>, vp=0x120fd08) at ../../../source/scriptinterface/NativeWrapperDefns.h:165 #4 0x00007ffff71dc012 in js::CallJSNative (args=..., native=<optimized out>, cx=0x13024b0) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jscntxtinlines.h:226 #5 js::Invoke (cx=0x13024b0, args=..., construct=<optimized out>) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:498 #6 0x00007ffff71d084f in Interpret (cx=0x13024b0, state=...) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:2602 #7 0x00007ffff71dbcd1 in js::RunScript (cx=cx@entry=0x13024b0, state=...) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:448 #8 0x00007ffff71dbf5c in js::Invoke (cx=cx@entry=0x13024b0, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:517 #9 0x00007ffff71dca8f in js::Invoke (cx=cx@entry=0x13024b0, thisv=..., fval=..., argc=argc@entry=4, argv=argv@entry=0x7fffffff95d8, rval=..., rval@entry=...) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/vm/Interpreter.cpp:554 #10 0x00007ffff736cb00 in js::jit::DoCallFallback (cx=0x13024b0, frame=0x7fffffff9698, stub_=0x65cea48, argc=4, vp=0x7fffffff95c8, res=...) at /path/to/0ad/git/0ad/libraries/source/spidermonkey/mozjs-38.0.0/js/src/jit/BaselineIC.cpp:9572 #11 0x00007ffff7fc2036 in ?? ()
Sounds like out of bounds to me. Someone could print the coordinates and see if there is a simple map coordinates boundary check missing.
Attachments (1)
Note:
See TracTickets
for help on using tickets.
Valgrind output