Opened 5 years ago

Last modified 16 months ago

#5614 new defect

Segfault after hotloading global.xml and closing an ingame summary dialog

Reported by: elexis Owned by:
Priority: Should Have Milestone: Backlog
Component: Core engine Keywords: regression
Cc: Patch:

Description

While reviewing Phab:D148 in the course of Phab:rP22957#38105, I noticed a segfault that occurs if one:

  1. Enables FPS display (maybe unneeded)
  2. Starts a match
  3. Opens the ingame summary page
  4. Deletes dataCounterand fpsCounter in global.xml and saves the file
  5. Close the summary dialog

As of r23028, this happens: 

ERROR: Error in timer: TypeError: Engine.GetGUIObjectByName(...) is undefined
  displayGamestateNotifications@gui/common/functions_global_object.js:49:14
  updateTimers@gui/common/timer.js:61:4
  onTick@gui/session/session.js:825:2
  __eventhandler337 (tick)@session tick:0:1

Segmentation fault (core dumped)
0x00007ffff76230e8 in JSScript::getName (pc=0x555555d9e378 "\217", this=0x0) at /home/elexis/code/0ad-svn/trunk/libraries/source/spidermonkey/mozjs-45.0.2/js/src/jsscript.h:1788
1788	        return atoms[index];
(gdb) info stack
#0  0x00007ffff76230e8 in JSScript::getName (pc=0x555555d9e378 "\217", this=0x0) at /home/elexis/code/0ad-svn/trunk/libraries/source/spidermonkey/mozjs-45.0.2/js/src/jsscript.h:1788
#1  js::GetIntrinsicOperation (vp=..., pc=0x555555d9e378 "\217", cx=0x55555f397c00) at /home/elexis/code/0ad-svn/trunk/libraries/source/spidermonkey/mozjs-45.0.2/js/src/vm/Interpreter-inl.h:229
#2  js::jit::DoGetIntrinsicFallback (cx=0x55555f397c00, frame=0x7fffffffc918, stub_=0x555561bf76e0, res=...) at /home/elexis/code/0ad-svn/trunk/libraries/source/spidermonkey/mozjs-45.0.2/js/src/jit/BaselineIC.cpp:4379
#3  0x00007ffff7fa64a8 in ?? ()
#4  0x0000000c000003a8 in ?? ()
#5  0x00007fffffffc8a0 in ?? ()
#6  0xfff9000000000000 in ?? ()
#7  0x00007ffff7d64f80 in js::jit::DoSetPropFallbackInfo () from /home/elexis/code/0ad-svn/trunk/binaries/system/libmozjs45-ps-release.so
#8  0x00007ffff0a58730 in ?? ()
#9  0x00007fff9c75eff8 in ?? ()
#10 0x0000000000001301 in ?? ()
#11 0x00007fffffffc918 in ?? ()
#12 0x0000555561bf76e0 in ?? ()
#13 0xfffc7fff97ec6b20 in ?? ()
#14 0xfffa000000000008 in ?? ()
#15 0xfff9000000000000 in ?? ()
#16 0xfff9000000000000 in ?? ()
#17 0xfff9000000000000 in ?? ()
#18 0xfff9000000000000 in ?? ()
#19 0xfff9000000000000 in ?? ()
#20 0xfff9000000000000 in ?? ()
#21 0x0000555561bf7b28 in ?? ()
#22 0x00000059000004c3 in ?? ()
#23 0x0000555500000088 in ?? ()
#24 0x00007fff9c639070 in ?? ()
#25 0x00005555626a3200 in ?? ()
#26 0x000000000000006b in ?? ()
#27 0x00000000000000aa in ?? ()
#28 0x0000000000000000 in ?? ()

So it sounds like a rooting error or an infinite loop.

In Alpha 23 I can't reproduce the error.

So it should be a regression and Phab:D1684 might be a candidate.

In fact it sounds like it tries to read the callback function but that callback function was invalidated (this could even be iterator invalidation, I remember there was a crash).

Change History (7)

comment:1 by Stan, 3 years ago

Milestone: Alpha 24Alpha 25

This is indeed worrysome that one can crash the game that way, but it's only breaking for a non standard usage of the game. Feel free to push it back if you have a fix

comment:2 by wraitii, 3 years ago

Feel rather likely this is Phab:rP22676 indeed.

comment:3 by wraitii, 3 years ago

Milestone: Alpha 25Alpha 26

comment:4 by Freagarach, 2 years ago

Milestone: Alpha 26Alpha 27

comment:5 by phosit, 19 months ago

There is no fpsCounter in global.xml anymore.

Can it be reproduced somehow else?

comment:6 by phosit, 19 months ago

fpsCounter and dataCounter were merged in [23096].

comment:7 by Freagarach, 16 months ago

Milestone: Alpha 27Backlog

Pushing back.

Note: See TracTickets for help on using tickets.