Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#5496 closed defect (fixed)

UnitMotion PathResult Stack smash on A24.

Reported by: Freagarach Owned by: wraitii
Priority: Release Blocker Milestone: Alpha 24
Component: Core engine Keywords: regression
Cc: Patch:

Description

Got an error recently (revision 22454):

*** stack smashing detected ***: <unknown> terminated

Thread 1 "pyrogenesis" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff3029801 in __GI_abort () at abort.c:79
#2  0x00007ffff3072897 in __libc_message (action=action@entry=do_abort, 
    fmt=fmt@entry=0x7ffff319f988 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff311dcd1 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, 
    msg=msg@entry=0x7ffff319f966 "stack smashing detected") at fortify_fail.c:33
#4  0x00007ffff311dc92 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x000055555572dff4 in PathGoal::RectContainsGoal (this=this@entry=0x7fffffffbff4, x0=..., z0=..., x1=..., z1=...)
    at ../../../source/simulation2/helpers/PathGoal.cpp:292
#6  0x00005555557214c9 in HierarchicalPathfinder::MakeGoalReachable (this=this@entry=0x55555b33e8e0, 
    i0=<optimised out>, j0=<optimised out>, goal=..., passClass=passClass@entry=4)
    at ../../../source/simulation2/helpers/HierarchicalPathfinder.cpp:614
#7  0x0000555555727cdd in LongPathfinder::ComputeJPSPath (this=0x55555b33f970, hierPath=..., x0=..., z0=..., 
    origGoal=..., passClass=<optimised out>, path=...) at ../../../source/simulation2/helpers/LongPathfinder.cpp:750
#8  0x000055555572b28b in LongPathfinder::ComputePath (this=<optimised out>, hierPath=..., x0=..., z0=..., 
    origGoal=..., passClass=<optimised out>, path=...) at ../../../source/simulation2/helpers/LongPathfinder.cpp:1005
#9  0x000055555568cc42 in CCmpPathfinder::ComputePath (ret=..., passClass=<optimised out>, goal=..., z0=..., x0=..., 
    this=0x55555b32fc80) at ../../../source/simulation2/components/CCmpPathfinder.cpp:709
#10 CCmpPathfinder::ProcessLongRequests (this=this@entry=0x55555b32fc80, 
    longRequests=std::vector of length 1, capacity 1 = {...})
    at ../../../source/simulation2/components/CCmpPathfinder.cpp:759
#11 0x000055555568d37f in CCmpPathfinder::FinishAsyncRequests (this=0x55555b32fc80)
    at ../../../source/simulation2/components/CCmpPathfinder.cpp:748
#12 0x00005555556063bb in CSimulation2Impl::UpdateComponents (simContext=..., turnLengthFixed=..., 
    turnLengthFixed@entry=..., commands=std::vector of length 0, capacity 0)
    at ../../../source/simulation2/Simulation2.cpp:544
#13 0x000055555560ca91 in CSimulation2Impl::Update (this=0x55555adce210, turnLength=<optimised out>, 
    commands=std::vector of length 0, capacity 0) at ../../../source/simulation2/Simulation2.cpp:402
#14 0x000055555560f00f in CSimulation2::Update (this=<optimised out>, turnLength=<optimised out>, 
    commands=std::vector of length 0, capacity 0) at ../../../source/simulation2/Simulation2.cpp:761
#15 0x0000555555651bb7 in CTurnManager::Update (this=<optimised out>, simFrameLength=<optimised out>, maxTurns=1)
    at ../../../source/simulation2/system/TurnManager.cpp:163
#16 0x00005555557b6627 in CGame::Update (this=0x555557537f80, deltaRealTime=0.049666278064250946, 
    doInterpolate=<optimised out>) at ../../../source/ps/Game.cpp:397
#17 0x00005555555b489e in Frame () at ../../../source/main.cpp:393
#18 RunGameOrAtlas (argc=<optimised out>, argv=<optimised out>) at ../../../source/main.cpp:629
#19 0x00005555555a3437 in main (argc=1, argv=0x7fffffffe038) at ../../../source/main.cpp:675

Reproducible for me in non-visual replay mode, see attachment.

Attachments (2)

commands.txt (2.5 KB ) - added by Freagarach 5 years ago.
commands.2.txt (2.0 KB ) - added by Freagarach 5 years ago.
Another replay.

Download all attachments as: .zip

Change History (10)

by Freagarach, 5 years ago

Attachment: commands.txt added

by Freagarach, 5 years ago

Attachment: commands.2.txt added

Another replay.

comment:1 by wraitii, 5 years ago

It doesn't crash on my system, but the PathGoal in question has completely garbage value, so this indicates it gets corrupted somewhere.

Thanks for reporting, I'll investigate and fix.

comment:2 by elexis, 5 years ago

With r22455 on unix/gcc 9 I get for both replays this segfault:

Thread 1 "pyrogenesis" received signal SIGSEGV, Segmentation fault.
PathGoal::RectContainsGoal (this=this@entry=0x7fffffffcbc4, x0=..., z0=..., x1=..., z1=...) at ../../../source/simulation2/helpers/PathGoal.cpp:251
251		switch (type)
(gdb) info stack
#0  PathGoal::RectContainsGoal (this=this@entry=0x7fffffffcbc4, x0=..., z0=..., x1=..., z1=...) at ../../../source/simulation2/helpers/PathGoal.cpp:251
#1  0x000055555574f570 in HierarchicalPathfinder::MakeGoalReachable (this=this@entry=0x5555566a6d60, i0=<optimized out>, j0=<optimized out>, goal=..., passClass=passClass@entry=4)
    at ../../../source/simulation2/helpers/HierarchicalPathfinder.cpp:614
#2  0x00005555557559e0 in LongPathfinder::ComputeJPSPath (this=0x555556693810, hierPath=..., x0=..., z0=..., origGoal=..., passClass=<optimized out>, path=...) at ../../../source/simulation2/helpers/LongPathfinder.cpp:750
#3  0x0000555555758c3b in LongPathfinder::ComputePath (this=<optimized out>, hierPath=..., x0=..., z0=..., origGoal=..., passClass=<optimized out>, path=...) at ../../../source/simulation2/helpers/LongPathfinder.cpp:1005
#4  0x00005555556c443a in CCmpPathfinder::ComputePath (ret=..., passClass=<optimized out>, goal=..., z0=..., x0=..., this=0x555556697ef0) at /usr/include/c++/9.1.0/bits/unique_ptr.h:357
#5  CCmpPathfinder::ProcessLongRequests (this=0x555556697ef0, longRequests=std::vector of length 1, capacity 1 = {...}) at ../../../source/simulation2/components/CCmpPathfinder.cpp:759
#6  0x00005555556c4b60 in CCmpPathfinder::FinishAsyncRequests (this=0x555556697ef0) at ../../../source/simulation2/components/CCmpPathfinder.cpp:748
#7  0x0000555555643e74 in CSimulation2Impl::UpdateComponents (simContext=..., turnLengthFixed=..., commands=std::vector of length 0, capacity 1) at ../../../source/simulation2/Simulation2.cpp:544
#8  0x000055555564cdf1 in CSimulation2Impl::Update (this=0x555555edc9d0, turnLength=<optimized out>, commands=std::vector of length 0, capacity 1) at ../../../source/simulation2/Simulation2.cpp:402
#9  0x0000555555845a3c in CReplayPlayer::Replay (this=0x7fffffffe360, serializationtest=<optimized out>, rejointestturn=<optimized out>, ooslog=<optimized out>, testHashFull=true, testHashQuick=false) at ../../../source/ps/Game.h:184
#10 0x00005555555f89f4 in RunGameOrAtlas (argc=<optimized out>, argv=<optimized out>) at /usr/include/c++/9.1.0/bits/allocator.h:153
#11 0x00005555555eae7a in main (argc=3, argv=0x7fffffffe8d8) at ../../../source/main.cpp:675
Last edited 5 years ago by elexis (previous) (diff)

comment:3 by wraitii, 5 years ago

The crash happens because UnitMotion requests a long path, and PathResult sends a "MoveFailed" message, which calls StopMoving(), making the call here return garbage since the goal computation fails.

Phab:D1907 also exhibits this problem. Two fixes:

  • PathResult should check if there is still a move request when computing a path - this doesn't fix this particular case but it is sane.
  • Calls to ComputeGoal should check if it succeeded, implemented in Phab:D2063
Last edited 5 years ago by elexis (previous) (diff)

comment:4 by wraitii, 5 years ago

Revision that introduced the issue is r22450, which changed UpdateFinalGoal - which did nothing in case MoveRequest was voided and thus m_FinalGoal was presumably still valid - to ComputeGoal.

Last edited 5 years ago by elexis (previous) (diff)

comment:5 by wraitii, 5 years ago

Was right the first time: it's r22452 which introduces the code that actually crashes, though r22450 set the stage.

comment:6 by wraitii, 5 years ago

Owner: set to wraitii
Resolution: fixed
Status: newclosed

In 22458:

Unit motion - Check the return value of ComputeGoal and handle failure cases

As reported by @Freagarach on #5496, there can be broken behaviour as UnitMotion::PathResult may call RequestLongPath with an uninitialised path goal when ComputeGoal fails.

To fix this, check the return value everywhere and react accordingly in case of failure.

Fixes #5496

Differential Revision: https://code.wildfiregames.com/D2063

comment:7 by elexis, 5 years ago

Keywords: regression added

comment:8 by elexis, 4 years ago

Summary: Stack smash on A24.UnitMotion PathResult Stack smash on A24.
Note: See TracTickets for help on using tickets.