Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash due to global memory assigned before initialized. #452

Closed
Charlese2 opened this issue Nov 3, 2023 · 2 comments · Fixed by #453
Closed

Crash due to global memory assigned before initialized. #452

Charlese2 opened this issue Nov 3, 2023 · 2 comments · Fixed by #453

Comments

@Charlese2
Copy link
Contributor

Charlese2 commented Nov 3, 2023
edited
Loading

Ja++ crashes on map load because bgAllAnims gets set when registering CVars before BG_InitAnimsets is called to Initialize the memory. The crash is elsewhere, but this is the Call Stack of it setting bgAllAnims before it gets memset to 0.

OJK640B.tmp!BG_ParseAnimationFile(const char * filename, animation_s * animset, unsigned int isHumanoid) Line 2159
OJK640B.tmp!CG_RegisterClientModelname(clientInfo_s * ci, const char * modelName, const char * skinName, const char * teamName, int clientNum) Line 308
OJK640B.tmp!CG_LoadClientInfo(clientInfo_s * ci) Line 641
OJK640B.tmp!CG_SetDeferredClientInfo(clientInfo_s * ci) Line 898
OJK640B.tmp!CG_NewClientInfo(int clientNum, unsigned int entitiesInitialized) Line 1191
OJK640B.tmp!CVU_ForceOwnSaber() Line 350
OJK640B.tmp!CG_RegisterCvars() Line 588
OJK640B.tmp!CG_Init(int serverMessageNum, int serverCommandSequence, int clientNum, unsigned int demoPlayback) Line 1719

Moving trap->GetGameState(&cgs.gameState); in 7df0369 is what made the crash start happening because CG_ConfigString has a valid game state when it is called in CG_NewClientInfo. It no longer skips the rest of the code on the first pass because of the config string being valid.
@Charlese2 Charlese2 mentioned this issue Nov 4, 2023
Merged
@Charlese2
Copy link
Contributor Author

========================================
JA++ Crash Log

Version: JA++, 32 bits, Nov 3 2023, 243c728 (Windows)
Side: Client-side
Build Date/Time: Nov 3 2023 12:13:06
Operating system: Microsoft (build 22621), 64-bit
Crash type: Exception

      Exception Information

Process: E:\JediAcademy\openjk.x86.exe
Exception in module: OJKA534.tmp
Exception Address: 0x15988177 (OJKA534.tmp+0x68177)
Exception Code: 0xC0000005 (Access Violation)
Attempted to read data at: 0x00000004

          Register Dump

General Purpose & Control Registers:
EAX: 0x00000000, EBX: 0x00000000, ECX: 0x00000000, EDX: 0x00000000
EDI: 0x01EE0008, ESI: 0x0F806C2C, ESP: 0x01CFE2EC, EBP: 0x01CFE338
EIP: 0x15988177

Segment Registers:
CS: 0x00000023, DS: 0x0000002B, ES: 0x0000002B
FS: 0x00000053, GS: 0x0000002B, SS: 0x0000002B

           Module List

0x00270000 - openjk.x86 - E:\JediAcademy\openjk.x86.exe
0x77BB0000 - ntdll - C:\WINDOWS\SYSTEM32\ntdll.dll
0x76AB0000 - KERNEL32 - C:\WINDOWS\System32\KERNEL32.DLL
0x75ED0000 - KERNELBASE - C:\WINDOWS\System32\KERNELBASE.dll
0x6E280000 - apphelp - C:\WINDOWS\SYSTEM32\apphelp.dll
0x75850000 - USER32 - C:\WINDOWS\System32\USER32.dll
0x77910000 - win32u - C:\WINDOWS\System32\win32u.dll
0x77B20000 - GDI32 - C:\WINDOWS\System32\GDI32.dll
0x762C0000 - gdi32full - C:\WINDOWS\System32\gdi32full.dll
0x763B0000 - msvcp_win - C:\WINDOWS\System32\msvcp_win.dll
0x684C0000 - WSOCK32 - C:\WINDOWS\SYSTEM32\WSOCK32.dll
0x76900000 - ucrtbase - C:\WINDOWS\System32\ucrtbase.dll
0x771A0000 - msvcrt - C:\WINDOWS\System32\msvcrt.dll
0x73660000 - WINMM - C:\WINDOWS\SYSTEM32\WINMM.dll
0x77270000 - SHELL32 - C:\WINDOWS\System32\SHELL32.dll
0x76250000 - WS2_32 - C:\WINDOWS\System32\WS2_32.dll
0x77040000 - RPCRT4 - C:\WINDOWS\System32\RPCRT4.dll
0x77930000 - ADVAPI32 - C:\WINDOWS\System32\ADVAPI32.dll
0x76A20000 - sechost - C:\WINDOWS\System32\sechost.dll
0x7BEE0000 - MSVCP140 - E:\JediAcademy\MSVCP140.dll
0x7BEC0000 - VCRUNTIME140 - E:\JediAcademy\VCRUNTIME140.dll
0x10000000 - OpenAL32 - E:\JediAcademy\OpenAL32.dll
0x76BA0000 - ole32 - C:\WINDOWS\System32\ole32.dll
0x76DC0000 - combase - C:\WINDOWS\System32\combase.dll
0x79870000 - SDL2 - E:\JediAcademy\SDL2.dll
0x75AC0000 - IMM32 - C:\WINDOWS\System32\IMM32.DLL
0x77100000 - OLEAUT32 - C:\WINDOWS\System32\OLEAUT32.dll
0x76430000 - SETUPAPI - C:\WINDOWS\System32\SETUPAPI.dll
0x75740000 - VERSION - C:\WINDOWS\SYSTEM32\VERSION.dll
0x75C90000 - shcore - C:\WINDOWS\System32\shcore.dll
0x6FE60000 - CRYPTSP - C:\WINDOWS\SYSTEM32\CRYPTSP.dll
0x6FE30000 - rsaenh - C:\WINDOWS\system32\rsaenh.dll
0x70020000 - CRYPTBASE - C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
0x75E60000 - bcryptPrimitives - C:\WINDOWS\System32\bcryptPrimitives.dll
0x73BE0000 - windows.storage - C:\WINDOWS\SYSTEM32\windows.storage.dll
0x73570000 - wintypes - C:\WINDOWS\SYSTEM32\wintypes.dll
0x77B50000 - shlwapi - C:\WINDOWS\System32\shlwapi.dll
0x6FFF0000 - SspiCli - C:\WINDOWS\SYSTEM32\SspiCli.dll
0x799B0000 - rd-vanilla_x86 - E:\JediAcademy\rd-vanilla_x86.dll
0x5D260000 - OPENGL32 - C:\WINDOWS\SYSTEM32\OPENGL32.dll
0x5C230000 - GLU32 - C:\WINDOWS\SYSTEM32\GLU32.dll
0x6A9A0000 - dxcore - C:\WINDOWS\SYSTEM32\dxcore.dll
0x743B0000 - uxtheme - C:\WINDOWS\system32\uxtheme.dll
0x75D60000 - MSCTF - C:\WINDOWS\System32\MSCTF.dll
0x74BF0000 - kernel.appcore - C:\WINDOWS\SYSTEM32\kernel.appcore.dll
0x76870000 - clbcatq - C:\WINDOWS\System32\clbcatq.dll
0x04750000 - nvoglv32 - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_677da8a9230cea15\nvoglv32.dll
0x733B0000 - WTSAPI32 - C:\WINDOWS\SYSTEM32\WTSAPI32.dll
0x716D0000 - msasn1 - C:\WINDOWS\SYSTEM32\msasn1.dll
0x6C4D0000 - cryptnet - C:\WINDOWS\SYSTEM32\cryptnet.dll
0x779B0000 - CRYPT32 - C:\WINDOWS\System32\CRYPT32.dll
0x6C550000 - drvstore - C:\WINDOWS\SYSTEM32\drvstore.dll
0x6FEE0000 - devobj - C:\WINDOWS\SYSTEM32\devobj.dll
0x74C10000 - cfgmgr32 - C:\WINDOWS\SYSTEM32\cfgmgr32.dll
0x70410000 - wldp - C:\WINDOWS\SYSTEM32\wldp.dll
0x76150000 - wintrust - C:\WINDOWS\System32\wintrust.dll
0x75B00000 - imagehlp - C:\WINDOWS\System32\imagehlp.dll
0x733F0000 - bcrypt - C:\WINDOWS\SYSTEM32\bcrypt.dll
0x6C500000 - gpapi - C:\WINDOWS\SYSTEM32\gpapi.dll
0x71D00000 - profapi - C:\WINDOWS\SYSTEM32\profapi.dll
0x07400000 - nvgpucomp32 - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_677da8a9230cea15\nvgpucomp32.dll
0x6F990000 - ntmarta - C:\WINDOWS\SYSTEM32\ntmarta.dll
0x09A10000 - nvspcap - C:\WINDOWS\system32\nvspcap.dll
0x6A150000 - dwmapi - C:\WINDOWS\SYSTEM32\dwmapi.dll
0x6DD20000 - powrprof - C:\WINDOWS\SYSTEM32\powrprof.dll
0x6E010000 - UMPDC - C:\WINDOWS\SYSTEM32\UMPDC.dll
0x6DD90000 - WINSTA - C:\WINDOWS\SYSTEM32\WINSTA.dll
0x69230000 - textinputframework - C:\WINDOWS\SYSTEM32\textinputframework.dll
0x69F20000 - CoreMessaging - C:\WINDOWS\SYSTEM32\CoreMessaging.dll
0x605F0000 - CoreUIComponents - C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
0x6A180000 - mscms - C:\WINDOWS\SYSTEM32\mscms.dll
0x7BC60000 - Windows.Internal.Graphics.Display.DisplayColorManagement - C:\Windows\System32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
0x6A7D0000 - dinput8 - C:\Windows\System32\dinput8.dll
0x69FF0000 - inputhost - C:\WINDOWS\SYSTEM32\inputhost.dll
0x6A700000 - HID - C:\WINDOWS\SYSTEM32\HID.DLL
0x66B80000 - XInput1_4 - C:\WINDOWS\SYSTEM32\XInput1_4.dll
0x57F00000 - dsound - C:\WINDOWS\System32\dsound.dll
0x57E40000 - ResampleDmo - C:\WINDOWS\System32\ResampleDmo.DLL
0x57EE0000 - winmmbase - C:\WINDOWS\SYSTEM32\winmmbase.dll
0x684B0000 - msdmo - C:\WINDOWS\System32\msdmo.dll
0x690A0000 - MMDevApi - C:\WINDOWS\System32\MMDevApi.dll
0x5ED10000 - AUDIOSES - C:\WINDOWS\SYSTEM32\AUDIOSES.DLL
0x67E20000 - resourcepolicyclient - C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll
0x69120000 - Windows.UI - C:\Windows\System32\Windows.UI.dll
0x5F6B0000 - avrt - C:\WINDOWS\SYSTEM32\avrt.dll
0x6C950000 - napinsp - C:\WINDOWS\system32\napinsp.dll
0x6C930000 - pnrpnsp - C:\WINDOWS\system32\pnrpnsp.dll
0x6FB50000 - mswsock - C:\WINDOWS\System32\mswsock.dll
0x6E910000 - DNSAPI - C:\WINDOWS\SYSTEM32\DNSAPI.dll
0x6FA40000 - IPHLPAPI - C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
0x75AF0000 - NSI - C:\WINDOWS\System32\NSI.dll
0x6E830000 - winrnr - C:\WINDOWS\System32\winrnr.dll
0x6C910000 - wshbth - C:\WINDOWS\system32\wshbth.dll
0x6C8F0000 - nlansp_c - C:\WINDOWS\system32\nlansp_c.dll
0x6E220000 - fwpuclnt - C:\WINDOWS\System32\fwpuclnt.dll
0x6FEA0000 - rasadhlp - C:\Windows\System32\rasadhlp.dll
0x7A4F0000 - OJKA2A2 - C:\Users\knigh\AppData\Local\Temp\OJKA2A2.tmp
0x78AF0000 - MSVCP140D - C:\WINDOWS\SYSTEM32\MSVCP140D.dll
0x78BB0000 - ucrtbased - C:\WINDOWS\SYSTEM32\ucrtbased.dll
0x6C1C0000 - dbghelp - C:\WINDOWS\SYSTEM32\dbghelp.dll
0x78AD0000 - VCRUNTIME140D - C:\WINDOWS\SYSTEM32\VCRUNTIME140D.dll
0x15920000 - OJKA534 - C:\Users\knigh\AppData\Local\Temp\OJKA534.tmp

      Disassembly/Source code

Crash location located at 0x15988177: OJKA534.tmp::CG_PlayerAnimEvents(+0x107) [Func at 0x15988070]
Source code: E:\japp\cgame\cg_players.cpp:1704(+0x3)

^^^^^^^^^^

--- E:\japp\cgame\cg_players.cpp:1696(+0x3) ---

0x1598814E - cmp edx, [ebp-0x30]
0x15988151 - jz short 0x1598815c (CG_PlayerAnimEvents+0xEC)

--- E:\japp\cgame\cg_players.cpp:1697 ---

0x15988153 - mov dword ptr [ebp-0x20], 0x0
0x1598815A - jmp short 0x159881c3

--- E:\japp\cgame\cg_players.cpp:1702 ---

0x1598815C - mov dword ptr [ebp-0x20], 0x1

--- E:\japp\cgame\cg_players.cpp:1703 ---

0x15988163 - imul eax, [ebp+0x8], 0x44
0x15988167 - imul ecx, [ebp-0x1c], 0x7
0x1598816B - add ecx, [eax+0x168c1020]
0x15988171 - mov [ebp-0x14], ecx

--- E:\japp\cgame\cg_players.cpp:1704 ---

0x15988174 - mov edx, [ebp-0x14]

=============================================
0x15988177 - movsx eax, word ptr [edx+0x4] <-- Exception

0x1598817B - test eax, eax
0x1598817D - jge short 0x15988188
0x1598817F - mov dword ptr [ebp-0x34], 0x1
0x15988186 - jmp short 0x1598818f
0x15988188 - mov dword ptr [ebp-0x34], 0x0
0x1598818F - mov ecx, [ebp-0x34]
0x15988192 - mov [ebp-0x38], ecx

--- E:\japp\cgame\cg_players.cpp:1705 ---

0x15988195 - mov edx, [ebp-0x14]
0x15988198 - movsx eax, byte ptr [edx+0x6]
0x1598819C - cmp eax, 0xff
vvvvvvvvvv

            Backtrace

OJKA534.tmp::CG_PlayerAnimEvents(+0x107) [0x15988177] - (E:\japp\cgame\cg_players.cpp:1704)
OJKA534.tmp::CG_TriggerAnimSounds(+0x1B5) [0x15984465] - (E:\japp\cgame\cg_players.cpp:1848)
OJKA534.tmp::CG_Player(+0x36CE) [0x1597D6EE] - (E:\japp\cgame\cg_players.cpp:7244)
OJKA534.tmp::CG_AddCEntity(+0x185) [0x1594BE25] - (E:\japp\cgame\cg_ents.cpp:2707)
OJKA534.tmp::CG_AddPacketEntities(+0x241) [0x159430B1] - (E:\japp\cgame\cg_ents.cpp:2815)
OJKA534.tmp::CG_DrawActiveFrame(+0x66A) [0x159B03DA] - (E:\japp\cgame\cg_view.cpp:2184)
openjk.x86.exe::CGVM_DrawActiveFrame(+0x8D) [0x002DBA5D] - (E:\OpenJK\codemp\client\cl_cgameapi.cpp:79)
openjk.x86.exe::CL_CGameRendering(+0x4F) [0x002D9FCF] - (E:\OpenJK\codemp\client\cl_cgame.cpp:600)
openjk.x86.exe::SCR_DrawScreenField(+0xC1) [0x002F5581] - (E:\OpenJK\codemp\client\cl_scrn.cpp:464)
openjk.x86.exe::SCR_UpdateScreen(+0x61) [0x002F5D11] - (E:\OpenJK\codemp\client\cl_scrn.cpp:516)
openjk.x86.exe::CL_Frame(+0x1DC) [0x002EE57C] - (E:\OpenJK\codemp\client\cl_main.cpp:2209)
openjk.x86.exe::Com_Frame(+0x229) [0x0028C699] - (E:\OpenJK\codemp\qcommon\common.cpp:1588)
openjk.x86.exe::SDL_main(+0x161) [0x0033AAB1] - (E:\OpenJK\shared\sys\sys_main.cpp:813)
openjk.x86.exe::main_getcmdline(+0xD5) [0x00279385] - (c:\projects\sdl\src\main\windows\sdl_windows_main.c:74)
openjk.x86.exe::WinMain(+0x5) [0x00279445] - (c:\projects\sdl\src\main\windows\sdl_windows_main.c:104)
openjk.x86.exe::__scrt_common_main_seh(+0xF8) [0x00382E74] - (D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
KERNEL32.DLL::BaseThreadInitThunk(+0x19) [0x76AC7BA9]
ntdll.dll::RtlInitializeExceptionChain(+0x6B) [0x77C1BD3B]
ntdll.dll::RtlClearBits(+0xBF) [0x77C1BCBF]

        Extra Information

@Charlese2
Copy link
Contributor Author

Charlese2 commented Nov 6, 2023
edited
Loading

I can get it to crash if I start ja++ directly by using +set fs_game japlus. It won't crash if I let the engine switch mods on server connect. The server seems to send a ConfigString command which ends up making bgallAnims[0] not NULL again.

OJKBD37.tmp!BG_ParseAnimationFile(const char * filename, animation_s * animset, unsigned int isHumanoid) Line 2158
OJKBD37.tmp!CG_RegisterClientModelname(clientInfo_s * ci, const char * modelName, const char * skinName, const char * teamName, int clientNum) Line 308
OJKBD37.tmp!CG_LoadClientInfo(clientInfo_s * ci) Line 641
OJKBD37.tmp!CG_NewClientInfo(int clientNum, unsigned int entitiesInitialized) Line 1189
OJKBD37.tmp!CG_ConfigStringModified() Line 733
OJKBD37.tmp!CG_ServerCommand() Line 1228
OJKBD37.tmp!CG_ExecuteNewServerCommands(int latestSequence) Line 1393
OJKBD37.tmp!CG_SetInitialSnapshot(snapshot_s * snap) Line 82
OJKBD37.tmp!CG_ProcessSnapshots() Line 310
OJKBD37.tmp!CG_DrawActiveFrame(int serverTime, stereoFrame_e stereoView, unsigned int demoPlayback) Line 2053

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bgAllAnims being assigned a value before initialized. Charlese2/japp
1 participant
@Charlese2