Opened 5 years ago
Last modified 3 years ago
#5598 closed defect
Fedora 29 crash when clicking on singleplayer color dropdown — at Version 1
Reported by: | elexis | Owned by: | |
---|---|---|---|
Priority: | Must Have | Milestone: | Alpha 25 |
Component: | Core engine | Keywords: | |
Cc: | Patch: |
Description (last modified by )
A Fedora 29 user reported on #0ad-dev that occasionally when ending a 0ad match in alpha 23b, when opening the summary screen a crash occurs.
From http://irclogs.wildfiregames.com/2019-09/2019-09-15-QuakeNet-%230ad-dev.log:
20:40 < newbay> I am not sure. I have some auto backtrace tool. it blames std::__replacement_assert
Today he reported the same crash to be always reproducible when opening the singleplayer gamesetup page, selecting the maptype "random", then clicking on the color dropdown:
From http://irclogs.wildfiregames.com/2019-09/2019-09-17-QuakeNet-%230ad-dev.log
19:44 < freemint> pyrogenesis killed by SIGABRT and it crashed in std::__replacement_assert 19:47 < freemint> bt: main RunGameOrAtlas(int, char const**) Frame() in_dispatch_event(SDL_Event_ const*) gui_handler(SDL_Event_ const*) CGUIManager::HandleEvent(SDL_Event_ const*) CGUI::HandleEvent(SDL_Event_ const*) IGUIObject::SendEvent(EGUIMessageType, CStr8 const&) CDropDown::HandleMessage(SGUIMessage&) ???? abort raise
The crash happens when clicking on the (collapsed) dropdown already (not after selecting an item or such).
It seems the bug is reported downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1697209
Excerpt from their trace:
#3 0x000000000097833b in std::vector<float, std::allocator<float> >::operator[] (__n=<optimized out>, this=0x6997a38) at /usr/include/c++/8/bits/stl_iterator.h:804 __PRETTY_FUNCTION__ = "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = float; _Alloc = std::allocator<float>; std::vector<_Tp, _Alloc>::reference = f"... #4 CDropDown::HandleMessage (this=0x69979f0, Message=...) at ../../../source/gui/CDropDown.cpp:196 pList = 0x116edcc0 soundPath = {<std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >> = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<wchar_t>> = {<__gnu_cxx::new_allocator<wchar_t>> = {<No data fields>}, <No data fields>}, _M_p = 0xd0c05a0 L"\xd0c0501"}, _M_string_length = 0, {_M_local_buf = L"\xea0580\000\x6997ab0", _M_allocated_capacity = 15336832}}, <No data fields>} enabled = true #5 0x000000000095908f in IGUIObject::SendEvent (this=this@entry=0x6997ab0, type=type@entry=GUIM_MOUSE_PRESS_LEFT, EventName=...) at ../../../source/gui/IGUIObject.cpp:444 msg = {type = GUIM_MOUSE_PRESS_LEFT, value = {<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >> = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffc951bf38 ""}, _M_string_length = 0, {_M_local_buf = "\000\277Q\311\377\177\000\000\000\000\000\000\000\000\000", _M_allocated_capacity = 140736570965760}}, <No data fields>}, skipped = false} #6 0x00000000008f9c82 in CGUI::HandleEvent (this=0x9962ad0, ev=ev@entry=0x7fffc951c270) at /usr/include/c++/8/ext/new_allocator.h:86
Affected line would be here: https://code.wildfiregames.com/source/0ad/browse/ps/trunk/source/gui/CDropDown.cpp;22557$196
Perhaps the summary screen crash is related.
Doing a websearch for std::__replacement_assert
yields some Fedora 29 crashes, one of the results speaks on address sanitization.
So it might be that either a library on Fedora 29 is broken or in the wrong version, or that the game was built on Fedora 29 with less sanitization flags (address sanitization?) and thus reveals a bug in 0ad code that was otherwise hidden.