Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix possible crash with trail systems #1441

Merged
merged 3 commits into from Jun 29, 2021
Merged

Fix possible crash with trail systems #1441

merged 3 commits into from Jun 29, 2021

Conversation

slipher
Copy link
Contributor

@slipher slipher commented Jun 24, 2021

I received a couple of a user's crash dumps on 0.52.1 looking like this:

Thread 0 (crashed)
 0  main.nexe!CG_DrawActiveFrame(int, bool) [cg_attachment.cpp : 305 + 0x2]
    rax = 0x0000000000000000   rdx = 0x0000000000000003
    rcx = 0x0000000000000000   rbx = 0x0000000000000000
    rsi = 0x000000001116a814   rdi = 0x0000000011155afc
    rbp = 0x00000000fffeff80   rsp = 0x00000000fffdf8c0
     r8 = 0x0000000000000000    r9 = 0x0000000000000128
    r10 = 0x00000000fcbd6000   r11 = 0x00000466000d7680
    r12 = 0x0000000000000003   r13 = 0x0000000000000000
    r14 = 0x00000000000cd047   r15 = 0x0000046600000000
    rip = 0x00000000000d7799
    Found by: given as instruction pointer in context
 1  main.nexe!VM::VMHandleSyscall(unsigned int, Util::Reader) [cg_api.cpp : 92 + 0x20]
    rbx = 0x0000000000000000   rbp = 0x00000000fffeff80
    rsp = 0x00000000fffe2ff0   r12 = 0x00000000fffefeb0
    r13 = 0x0000000000000064   r14 = 0x0000000000000000
    r15 = 0x0000046600000000   rip = 0x0000000000028f20
    Found by: call frame info
 2  main.nexe!main [VMMain.cpp : 66 + 0x20]
    rbx = 0x00000000fcb53f78   rbp = 0x00000000fffeff80
    rsp = 0x00000000fffefe70   r12 = 0x00000000fffefeb0
    r13 = 0x0000000000000064   r14 = 0x00000000fffefe90
    r15 = 0x0000046600000000   rip = 0x00000000001ca2e0
    Found by: call frame info
 3  main.nexe!_start [start.c : 68 + 0x39]
    rbx = 0x0000000000000015   rbp = 0x00000000fffeff80
    rsp = 0x00000000fffeff30   r12 = 0x00000000fffeffbc
    r13 = 0x00000000fffeffc8   r14 = 0x0000000000000015
    r15 = 0x0000046600000000   rip = 0x00000000004aebc0
    Found by: call frame info

I suspect it was caused by this part of my recent changes to CG_DestroyTrailSystem:

-       ts = nullptr;
+       *ts = nullptr;

The change is fixing an obvious typo, but it turns out making the code behave according to the author's intention here was a bad idea.

Still no idea why it consistently happens to some people, but not at all to others.

@slipher
Remove unnecessary usage of CG_IsTrailSystemValid
37c0f1d
@slipher
CG_DestroyTrailSystem - don't mess with pointer
7a43618 
I recently fixed a typo on the last line, which attempts to set the
input pointer to null. But "fixing" this seems to have lead to crashing
on some people's machines. It looks like the trail beam's 'parent'
pointer needs to be kept, so don't do this.
@slipher
Increase max number of trail systems
b3fe650 
In a recent game (just 5v5) I saw the MAX_TRAIL_SYSTEMS hit log message
a lot.
@slipher slipher mentioned this pull request Jun 25, 2021
Closed
@slipher
Copy link
Contributor Author

slipher commented Jun 25, 2021

lautre on IRC has discovered a way to reproduce the bug: select the "Lowest" graphics preset. ("Low" or higher prevents it.) Thanks to this tip I was able to confirm that the crash happens in CG_UpdateBeam as I suspected, and that this PR fixes it.

@slipher slipher changed the title Try to fix possible crash with trail systems Fix possible crash with trail systems Jun 26, 2021
@illwieckz
Copy link
Member

illwieckz commented Jun 29, 2021
edited

That code is now running on both unvanquished.net and gg.illwieckz.net servers since multiple days and it looks like it fixes the bug for everyone affected.

@slipher slipher merged commit fc007c7 into Unvanquished:master Jun 29, 2021
@slipher slipher deleted the trail branch June 29, 2021 03:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@slipher @illwieckz