Crashbug on kill after disconnect

[ChillerDragon]

Fire a grenade and then disconnect. If the grenade does a kill the server dies :c

[2019-09-22 19:02:55][server]: client dropped. cid=1 addr=172.20.10.9:60364 reason=''
[2019-09-22 19:02:55][game]: kill killer='1:0:nameless tee' victim='1:0:nameless tee' weapon=-3 special=0
[2019-09-22 19:02:55][game]: leave player='1:nameless tee'

Thread 1 "teeworlds_srv" received signal SIGSEGV, Segmentation fault.
0x000055555557d03a in CPlayer::GetTeam (this=0x0) at src/game/server/player.h:30
30		int GetTeam() const { return m_Team; };
(gdb) bt
#0  0x000055555557d03a in CPlayer::GetTeam (this=0x0) at src/game/server/player.h:30
#1  0x00005555555924e3 in CCharacter::Die (this=0x5555555f4340 <ms_PoolDataCCharacter>, Killer=1, Weapon=3) at src/game/server/entities/character.cpp:666
#2  0x0000555555592a9b in CCharacter::TakeDamage (this=0x5555555f4340 <ms_PoolDataCCharacter>, Force=..., Source=..., Dmg=6, From=1, Weapon=3) at src/game/server/entities/character.cpp:747
#3  0x0000555555584b00 in CGameContext::CreateExplosion (this=0x55555566b3e0, Pos=..., Owner=1, Weapon=3, MaxDamage=6) at src/game/server/gamecontext.cpp:149
#4  0x000055555558d6b5 in CProjectile::Tick (this=0x5555556e0780) at src/game/server/entities/projectile.cpp:76
#5  0x000055555557d896 in CGameWorld::Tick (this=0x55555566e4f8) at src/game/server/gameworld.cpp:176
#6  0x0000555555585e5d in CGameContext::OnTick (this=0x55555566b3e0) at src/game/server/gamecontext.cpp:472
#7  0x00005555555768ca in CServer::Run (this=0x7ffff7117010) at src/engine/server/server.cpp:1426
#8  0x000055555557837a in main (argc=1, argv=0x7fffffffe078) at src/engine/server/server.cpp:1859

[ChillerDragon]

Kills after disconnect were always kinda buggy. Maybe we can hold the player object until all projectiles are destroyed.

[jxsl13]

On disconnect walk over all entities then find and destroy the grenades maybe?

[ChillerDragon]

On disconnect walk over all entities then find and destroy the grenades maybe?

Yikes not to sure if this is nice :c
This would for sure make things less trouble but it would feel wrong in my opinion.

[AssassinTee]

Could not reproduce (on CTF at least):

tested on

• 0.7.2
• 0.7.3

Fact is that there is no check at place and it's basically reading ram at this point.
The TakeDamage-Function actually checks if the killer exists to set his face to happy (taunt!)

I wouldn't remove the grenade, i would rather change the killer id to -1 (Owner of the grenade is GAME) or add an extra flag (id = -2?) to show a grayed-out-skin as killer.

If another player joins fast enough the grenade could get his and he has a freekill.

[ChillerDragon]

@AssassinTee i think the m_Team on kill messages is pretty new. And I tested it on current master so newer than 0.7.3.1

Oh the free kill is an interesting thing i did not think of that. But also keeping the player object and occupying the id until all projectiles are destroyed would solve this.

[jxsl13]

teeworlds/src/game/server/gamecontext.cpp

Line 149 in dd522d3

apEnts[i]->TakeDamage(Force * Factor, Diff*-1, (int)(Factor * MaxDamage), Owner, Weapon);

?

[nheir]

Reproduced with a dummy

[nheir]

Some scenario:

1. in individual gametype:
   1. the projectile (any) damages a player
   2. the projectile disappears
2. in team gametype without friendly fire
   1. the projectile damages only the players from the opposite team
   2. the projectile damages any player
   3. the projectile disappears

Note that in 2.i, we have to save the original team in the projectile data.
Also, that rises the fact that atm, a projectile fired from a blue player that switches team before hitting will behave as a red projectile (from my understanding)

[oy]

Fixed bz #2250