Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple large initialised globals crash in the wrong order #220

Closed
Y-Less opened this issue Dec 22, 2017 · 2 comments
Closed

Multiple large initialised globals crash in the wrong order #220

Y-Less opened this issue Dec 22, 2017 · 2 comments

Comments

@Y-Less
Copy link
Member

Y-Less commented Dec 22, 2017

Crashes:

new a[1000][500] = { { 0, 1, ... }, ... };
new b[500][2000] = { { 0, 1, ... }, ... };

Doesn't crash:

new b[500][2000] = { { 0, 1, ... }, ... };
new a[1000][500] = { { 0, 1, ... }, ... };

I'm guessing it has something to do with allocating memory, since the crash doesn't happen if the total size of the second array is <= the first.
@YashasSamaga
Copy link
Member

YashasSamaga commented Dec 23, 2017
edited
Loading

https://image.prntscr.com/image/TTe7rjEESRC-jSBUMzp4FA.png

I think prev1 is a dangling pointer.

prev1=&litq[litidx]; was done before ... was encountered in the PAWN script.

While filling the lit table, prev1[vidx] is used. If the array is huge and it demands a reallocation of litq, the reallocation happens but this would leave prev1 pointing to an old memory (which is now invalid), right? When the code tries to do prev1[vidx], a segfault happening is no surprise?

I am not sure about this because this is so wrong that the compiler should be crashing way to often when dealing with large multidimensional arrays but I haven't seen this happen.

From what I found, I would expect every multidimensional array with ellipsis to crash at some point but the following doesn't:
new b[2000][4990] = { { 0, 1, ... }, ... };

I am also not able to fit in why the compiler crashing depends on the order of array declarations into my explanation. Even by chance if the invalid memory was within the compiler's memory, using this could cause memory corruption in the PAWN array because something else could have taken up that free memory and overwritten the contents.

@YashasSamaga
Copy link
Member

YashasSamaga commented Dec 31, 2017
edited
Loading

Replaced the pointers with indexes and it's working.

YashasSamaga@19a8bfd

Passes the following test:

#include <a_samp>

new a[1000][500] = { { 0, 1, 2, ... }, ... };
new b[500][2000] = { { 0, 1, 2, ... }, ... };

main ()
{
	for(new i = 0; i < 1000; i++)
	    for(new j = 0; j < 500; j++)
	        if(a[i][j] != j)
	            printf("[BUG] Array 'a': i=%d, j=%d", i, j);
	            
	for(new i = 0; i < 500; i++)
	    for(new j = 0; j < 2000; j++)
	        if(b[i][j] != j)
	            printf("[BUG] Array 'b': i=%d, j=%d", i, j);
}

@YashasSamaga YashasSamaga mentioned this issue Dec 31, 2017
Merged
Zeex added a commit that referenced this issue Jan 4, 2018
@Zeex
Add test for #220
97586a7
@Zeex Zeex closed this as completed Jan 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Y-Less @Zeex @YashasSamaga