[Freeciv-tickets] [freeciv] #78170: Attack from transport crash

Back to archive index
OSDN Ticket System norep****@osdn*****
Sat May 11 16:27:51 JST 2024


#78170: Attack from transport crash

  Open Date: 2024-05-10 14:44
Last Update: 2024-05-11 16:27

URL for this Ticket:
    https://osdn.net//projects/freeciv/ticket/78170
RSS feed for this Ticket:
    https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=78170

---------------------------------------------------------------------

Last Changes/Comment on this Ticket:
2024-05-11 16:27 Updated by: bard

Comment:

Reply To cazfi
I can't reproduce (with the head of S3_1), nor does valgrind reveal anything like accessing the Musketeer memory after it has died. Seems that the only way forward would be that you provide full backtrace of the crash yourself. https://www.freeciv.org/wiki/Bug_Reporting
The head of S3_1 (v3.1.1+ from today) still crashes to me. Gdb backtrace:
#0  tile_to_canvas_pos (canvas_x=canvas_x at entry=0x7fffffffcda8, canvas_y=canvas_y at entry=0x7fffffffcdac, zoom=<optimized out>, ptile=ptile at entry=0xed407f99fe4eb523)
    at mapview_common.c:708
        center_map_x = 14
        center_map_y = 24
        dx = 17
        dy = 0
        tile_x = <optimized out>
        tile_y = <optimized out>
        __FUNCTION__ = "tile_to_canvas_pos"
#1  0x00005555555f1fde in tile_visible_and_not_on_border_mapcanvas (ptile=0xed407f99fe4eb523) at mapview_common.c:1281
        canvas_x = 0
        canvas_y = 0
        xmin = -2276
        ymin = 531
        xmax = 2228
        ymax = 2325
        xsize = 1096
        ysize = 667
        scroll_x = -980
        scroll_y = 602
        border_x = 48
        border_y = 24
        same = false
#2  0x00005555555d0c18 in unit_focus_advance () at control.c:725
        focus_tile = 0x0
        candidate = 0x55555cb08050
        num_units_in_old_focus = 0
        __FUNCTION__ = "unit_focus_advance"
#3  0x00005555555cb10a in client_remove_unit (punit=0x0, punit at entry=0x55555cb08050) at climisc.c:100
        pcity = <optimized out>
        ptile = 0x55555bfa0240
        hc = 0

                        old_unit = {utype = 0x555556273e30 <unit_types+24048>, tile = 0x55555bfa0240, refcount = 1, facing = DIR8_NORTHWEST, owner = 0x555556c162f0, nationality = 0x555556c162f0, id = 126, homecity = 0, upkeep = {1, 0, 0, 1, 0, 0}, moves_left = 6, hp = 20, veteran = 0, fuel = 0, goto_tile = 0x0, activity = ACTIVITY_IDLE, activity_count = 0, activity_target = 0x0, changed_from = ACTIVITY_IDLE, changed_from_count = 0, changed_from_target = 0x0, ssa_controller = SSA_NONE, moved = false, paradropped = false, done_moving = false, transporter = 0x0, transporting = 0x555559f60f70, carrying = 0x0, battlegroup = -1, has_orders = false, orders = {length = 0, index = 0, repeat = false, vigilant = false, list = 0x0}, action_decision_want = ACT_DEC_ACTIVE, action_decision_tile = 0x55555bf9e2c0, stay = false, {client = {focus_status = FOCUS--Type <RET> for more, q to quit, c to continue without paging--
_AVAIL, transported_by = -1, occupied = false, colored = false, color_index = 0, asking_city_name = false, act_prob_cache = 0x0}, server = {debug = false, adv = 0x0, ais = {0x0, 0x0}, birth_turn = 0, ord_map = 0, ord_city = 0, vision = 0x0, action_timestamp = 0, action_turn = 0, moving = 0x0, dying = false, removal_callback = 0x0, upkeep_paid = {0, 0, 0, 0, 0, 0}}}}
        old = 1
        update = true
        __FUNCTION__ = "client_remove_unit"
#4  0x00005555555fe052 in handle_unit_remove (unit_id16=<optimized out>, unit_id32=<optimized out>) at packhand.c:560
        punit = 0x55555cb08050
        cargos = <optimized out>
        powner = 0x555556c162f0
        need_economy_report_update = true
        __FUNCTION__ = "handle_unit_remove"
#5  0x000055555560c2a1 in client_handle_packet (type=type at entry=PACKET_UNIT_REMOVE, packet=packet at entry=0x555557f4ccf0) at packhand_gen.c:207
#6  0x00005555555c719a in client_packet_input (packet=packet at entry=0x555557f4ccf0, type=62) at client_main.c:792
        __FUNCTION__ = "client_packet_input"
#7  0x00005555555ceec4 in input_from_server (fd=<optimized out>) at clinet.c:420
        type = PACKET_UNIT_REMOVE
        packet = 0x555557f4ccf0
        nb = <optimized out>
        __FUNCTION__ = "input_from_server"
#8  0x00005555555c2494 in get_net_input (source=<optimized out>, condition=<optimized out>, data=<optimized out>) at gui_main.c:2222
#9  0x00007ffff6c6ac44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007ffff6cc0258 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffff6c6a2b3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffff74aacfd in gtk_main () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#13 0x00005555555c50b2 in ui_main (argc=<optimized out>, argc at entry=1, argv=<optimized out>, argv at entry=0x7fffffffd9f8) at gui_main.c:1987
        window_name = "Freeciv (gtk3.22)\000\000\000\000\000\000\000\000/\035k/\\rW\340\324\377\377\377\177\000\000\030\000\000\000\000\000\000\000\250t\206UUU\000\000曃UUU\000\000\000\000\000\000\000\000\000\000\030", '\000' <repetidos 23 veces>, "\340\353\210UUU\000\000Z\235\203UUU\000\000\001\000\000\000\000\000\000\000'l\201UUU", '\000' <repetidos 26 veces>, " \000\000\000\060\000\000\000\320\324\377\377\001\000\000\000\360\323\377\377\377\177\000\000colors.p\000/\035k/\\rW_backgro\200\377\377\377\377\377\377\377"...
        toplevel_font_name = <optimized out>
        sig = <optimized out>
        __FUNCTION__ = "ui_main"
#14 0x00005555555c8455 in client_main (argc=1, argv=0x7fffffffd9f8, postpone_tileset=<optimized out>) at client_main.c:703
        i = 1
        loglevel = LOG_NORMAL
        ui_options = <optimized out>
        ui_separator = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
        option = <optimized out>
        fatal_assertions = -1
        aii = 2
        uret = <optimized out>
        __FUNCTION__ = "client_main"
#15 0x00007ffff6a15d90 in __libc_start_call_main (main=main at entry=0x5555555c1a10 <main>, argc=argc at entry=1, argv=argv at entry=0x7fffffffd9f8)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>

                      unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 913343395805536372, 140737488345592, 93824992680464, 93824996397528, 140737354125376, -913343396845576076, -913327234994265996}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#16 0x00007ffff6a15e40 in __libc_start_main_impl
     (main=0x5555555c1a10 <main>, argc=1, argv=0x7fffffffd9f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd9e8)
    at ../csu/libc-start.c:392
#17 0x00005555555c1a45 in _start ()


---------------------------------------------------------------------
Ticket Status:

      Reporter: bard
         Owner: (None)
          Type: Bugs
        Status: Open
      Priority: 5 - Medium
     MileStone: (None)
     Component: (None)
      Severity: 5 - Medium
    Resolution: None
---------------------------------------------------------------------

Ticket details:

Similar to bug #62981, but this time with default ruleset (S3_1). Tested with client gtk3.22 and qt6.
If I load the attached savegame, I use the mouse to select one of the Musketers (all in sentry state) inside the Transport, and I use "drag and drop" (mouse gesture) to attack the adjacent enemy Mech Inf, then the Musketer is deselected, loses the sentry state, and it changes to a "waiting orders" state with a "?" icon. If I select the same Musketer again, and I click attack when the popup appear, the game crashes with a segmentation fault error:
in utype_can_do_action() [unittype.c::449]: assertion '(signed int)(utype_index(putype)) >= 0 && (signed int)(utype_index(putype)) < (signed int) sizeof((unit_can_act_cacheact_id).vec) * 8' failed.
I'm playing a game where this kind of crashes are common (any action performed from a transport with a sentry unit), but it uses to work if I just reload the game. This savegame crashes to me every time I try the same attack.

-- 
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN

Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net

URL for this Ticket:
    https://osdn.net/projects/freeciv/ticket/78170
RSS feed for this Ticket:
    https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=78170



More information about the Freeciv-tickets mailing list
Back to archive index