Context Navigation

← Previous Ticket
Next Ticket →

#5598 closed defect (fixed)

Fedora 29 crash when clicking on singleplayer color dropdown

Reported by:	elexis	Owned by:	wraitii
Priority:	Must Have	Milestone:	Alpha 25
Component:	Core engine	Keywords:
Cc:		Patch:	Phab:D4183

Description (last modified by elexis)

A Fedora 29 user reported on #0ad-dev that occasionally when ending a 0ad match in alpha 23b, when opening the summary screen a crash occurs.

From http://irclogs.wildfiregames.com/2019-09/2019-09-15-QuakeNet-%230ad-dev.log:

20:40 < newbay> I am not sure. I have some auto backtrace tool. it blames std::__replacement_assert

Today he reported the same crash to be always reproducible when opening the singleplayer gamesetup page, selecting the maptype "random", then clicking on the color dropdown:

From http://irclogs.wildfiregames.com/2019-09/2019-09-17-QuakeNet-%230ad-dev.log

19:44 < freemint> pyrogenesis killed by SIGABRT and it crashed in std::__replacement_assert
19:47 < freemint> bt: main RunGameOrAtlas(int, char const**) Frame() in_dispatch_event(SDL_Event_ const*) gui_handler(SDL_Event_ const*) CGUIManager::HandleEvent(SDL_Event_ const*) CGUI::HandleEvent(SDL_Event_ const*) IGUIObject::SendEvent(EGUIMessageType, CStr8 const&) CDropDown::HandleMessage(SGUIMessage&) ???? abort raise

The crash happens when clicking on the (collapsed) dropdown already (not after selecting an item or such).

It seems the bug is reported downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1697209

Excerpt from their trace:

#3  0x000000000097833b in std::vector<float, std::allocator<float> >::operator[] (__n=<optimized out>, this=0x6997a38) at /usr/include/c++/8/bits/stl_iterator.h:804
        __PRETTY_FUNCTION__ = "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = float; _Alloc = std::allocator<float>; std::vector<_Tp, _Alloc>::reference = f"...
#4  CDropDown::HandleMessage (this=0x69979f0, Message=...) at ../../../source/gui/CDropDown.cpp:196
        pList = 0x116edcc0
        soundPath = {<std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >> = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>}, _M_p = 0xd0c05a0 L"\xd0c0501"}, _M_string_length = 0, {_M_local_buf = L"\xea0580\000\x6997ab0", _M_allocated_capacity = 15336832}}, <No data fields>}
        enabled = true
#5  0x000000000095908f in IGUIObject::SendEvent (this=this@entry=0x6997ab0, type=type@entry=GUIM_MOUSE_PRESS_LEFT, EventName=...) at ../../../source/gui/IGUIObject.cpp:444
        msg = {type = GUIM_MOUSE_PRESS_LEFT, value = {<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >> = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffc951bf38 ""}, _M_string_length = 0, {_M_local_buf = "\000\277Q\311\377\177\000\000\000\000\000\000\000\000\000", _M_allocated_capacity = 140736570965760}}, <No data fields>}, skipped = false}
#6  0x00000000008f9c82 in CGUI::HandleEvent (this=0x9962ad0, ev=ev@entry=0x7fffc951c270) at /usr/include/c++/8/ext/new_allocator.h:86

Affected line would be here: https://code.wildfiregames.com/source/0ad/browse/ps/trunk/source/gui/CDropDown.cpp;22557$196

Perhaps the summary screen crash is related.

Doing a websearch for std::__replacement_assert yields some Fedora 29 crashes, one of the results speaks on address sanitization.

So it might be that either a library on Fedora 29 is broken or in the wrong version, or that the game was built on Fedora 29 with less sanitization flags (address sanitization?) and thus reveals a bug in 0ad code that was otherwise hidden.

Change History (6)

comment:1 by elexis, 5 years ago

Description:	modified (diff)

comment:2 by elexis, 5 years ago

From http://irclogs.wildfiregames.com/2019-09/2019-09-18-QuakeNet-%230ad-dev.log

11:06 < bb> hmm, doesn't happen after changing the number of players
11:06 < bb> seems like if you switch from "skirmish" to "random" the number of players is not correctly initialized
11:07 < bb> (or from scenario)
11:07 < bb> since if with persistmatchsetting you start on "random" -> no crash
11:25 < bb> 'when I select the random maps category, I have the crash, however I can stop it crashing by changing the number of players or reassigning the players (i.e. setting "bb" to the second slot or so)

comment:3 by wraitii, 3 years ago

Milestone:	Backlog → Alpha 25
Patch:	→ Phab:D4183

(technically a duplicate of #6238 but I'll leave open as the former is newer but has additional details)

comment:4 by Silier, 3 years ago

Owner:	set to wraitii

comment:5 by Silier, 3 years ago

Priority:	Should Have → Must Have

comment:6 by Stan, 3 years ago

Resolution:	→ fixed
Status:	new → closed

In 25830:

Fix rare crash on Linux when opening dropdowns.
Patch by: @wraitii
Accepted by: @Angen
Fixes #5598
Fixes #6225

Differential Revision: https://code.wildfiregames.com/D4183

Note: See TracTickets for help on using tickets.

Download in other formats: