FreeGameDev Forums < SR Bugs & Help

[Wuzzy]

My editor crashes if if try to align a track with the key [U]. How to reproduce:

1. Start editor → full GUI, menus etc. the track loaded properly as well (no error to see here yet, read along)
2. Select some track segments with [Backspace], [Page ↑], [Page ↓] and [Space].
3. Press [U]

The editor receives SIGSEGV (segmentation fault).

It also crashes if I try to drop objects with [C]. I do not know how to exactly reproduce it, sometimes, [C] drops the objects successfully,. Sometimes, the editor does not want to do that and segfaults instead.

Stunt Rally version: 2.0
Obtained from: original source code
My system: GNU/Linux with Linux version 3.9.6 and GNU version 1.3.3.7 (just kidding )
Graphics card: NVIDIA GeForce GTX 460
NVIDIA unfree driver version 319.23

I give you the log files for the [U] bug but I fear they are not very helpful to you, I did not find anything useful in them. The log files were created from a single editor session doing the exact steps as written in “How to reproduce: (…)”. The files I upload here are the only logfiles I have. “log.txt” was not created (I deleted all logfiles beforehand to have clean logs for the crash test (get it? crash test )). But first here’s the strack trace for [U] key crash:

{l Code}: {l Select All Code}

in free () from /usr/lib/libc.so.6
#1  0xb7398a4f in operator delete(void*) () from /usr/lib/libstdc++.so.6
#2  0x081a84ef in App::AlignTerToRoad (this=this@entry=0x84f7ed8) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/Render2tex.cpp:446
#3  0x081b3c7d in App::KeyPress (this=this@entry=0x84f7ed8, arg=...) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/Update_Key.cpp:529
#4  0x081eef58 in App::frameEnded (this=0x84f7ed8, evt=...) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/Update_Frame.cpp:97
#5  0xb7c032dd in Ogre::Root::_fireFrameEnded(Ogre::FrameEvent&) () from /usr/lib/libOgreMain.so.1.8.1
#6  0xb7c05d12 in Ogre::Root::_fireFrameEnded() () from /usr/lib/libOgreMain.so.1.8.1
#7  0xb7c05edc in Ogre::Root::renderOneFrame() () from /usr/lib/libOgreMain.so.1.8.1
#8  0xb7c05f2d in Ogre::Root::startRendering() () from /usr/lib/libOgreMain.so.1.8.1
#9  0x081c3c38 in BaseApp::Run (this=0x84f7ed8, showDialog=false) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/BaseApp_Create.cpp:148
#10 0x0817c0e1 in main (argc=1, argv=0xbffff764) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/main.cpp:65

Stack trace for the [C] key crash:

{l Code}: {l Select All Code}

#0  0xb71b9fa6 in free () from /usr/lib/libc.so.6
#1  0xb7398a4f in operator delete(void*) () from /usr/lib/libstdc++.so.6
#2  0x0825e59a in App::ToggleObjSim (this=this@entry=0x84f7ed8) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/ogre/common/SceneObjects.cpp:323
#3  0x081b34a2 in App::KeyPress (this=this@entry=0x84f7ed8, arg=...) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/Update_Key.cpp:798
#4  0x081eef58 in App::frameEnded (this=0x84f7ed8, evt=...) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/Update_Frame.cpp:97
#5  0xb7c032dd in Ogre::Root::_fireFrameEnded(Ogre::FrameEvent&) () from /usr/lib/libOgreMain.so.1.8.1
#6  0xb7c05d12 in Ogre::Root::_fireFrameEnded() () from /usr/lib/libOgreMain.so.1.8.1
#7  0xb7c05edc in Ogre::Root::renderOneFrame() () from /usr/lib/libOgreMain.so.1.8.1
#8  0xb7c05f2d in Ogre::Root::startRendering() () from /usr/lib/libOgreMain.so.1.8.1
#9  0x081c3c38 in BaseApp::Run (this=0x84f7ed8, showDialog=false) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/BaseApp_Create.cpp:148
#10 0x0817c0e1 in main (argc=1, argv=0xbffff764) at /home/wuzzy/src/stuntrally/StuntRally-2.0-sources/source/editor/main.cpp:65


This is what I did to make a [C] crash:

1. started editor → full GUI, menus etc. the track loaded properly as well (no error to see here yet, read along)
2. placed two dynamic objects in the sky
3. pressed [C] → objects fell successfully
4. pressed [C] again

After that, the editor segfaulted.

Anyone: If your editor crashes in a similar way (you hit a key and and the editor dies), please post your into this thread, too.

[CryHam]

Thanks for details.
So it crashes on delete. Inside clear bullet world / Destroy blt world section. In both cases bullet world stuff is being released.
But there are a few delete's there.
Can you debug more to see which line (in our in App::) code crashes, which delete, is it always the same, and whats the pointer (null, already deleted or random, uninited ?).
Strangely it never crashed for me.

[Wuzzy]

[U] crash: It seems to always crash at line 446 of Render2tex.cpp. In the first time it is reached, this instruction gets executed successfully. But at the second time this instruction is executed, the editor segfaults.

Both times sd points to an invalid memory location, says gdb, but only after the second “delete sd;” the editor segfaults.

[CryHam]

Wow what a bug. Heh I just realised what I'm doing. Marking UserPointer to constant 111 and then deleting it.
Ok. the lines (in Render2tex.cpp)

{l Code}: {l Select All Code}

         ShapeData* sd = static_cast<ShapeData*>(obj->getUserPointer());
         delete sd;


simply must go away.
I already pushed.
This could have something to do with the simulate [C] crash. Maybe it's gone now.

[Wuzzy]

I can confirm that the [U] bug is now fixed.

But the [C] bug did of course not go because it occours in App::ToggleObjSim, not in App::AlignTerToRoad.

It segfaults after executing line 323 of SceneObjects.cpp when the iteration variable i == 126. You have the exactly same two nasty lines here, and yes, sd == 111.

[CryHam]

Ugh. Right.
Can you replace the 2 lines there (in SceneObjects.cpp):

{l Code}: {l Select All Code}

   ShapeData* sd = static_cast<ShapeData*>(obj->getUserPointer());
   delete sd;


with these:

{l Code}: {l Select All Code}

   if (obj->getUserPointer() != (void*)111)
   {
      ShapeData* sd = static_cast<ShapeData*>(obj->getUserPointer());
      delete sd;
   }


And check if it won't crash ?

[Wuzzy]

Yes.
It doesn’t crash.

[CryHam]

Great, I've pushed it.
Thanks for finding this.