[CF-Devel] How can this have happened? (crashing bug)

Peter Mardahl peterm at alfven.EECS.Berkeley.EDU
Sun Apr 8 18:12:33 CDT 2001 

Hello,

  I've noticed some instability on entering random maps.
Sometimes it'll instantly crash.  Very irritating.

  I caught one such crash here:
  #0  0x4009ad21 in __kill () from /lib/libc.so.6
  #1  0x4009a996 in raise (sig=6) at ../sysdeps/posix/raise.c:27
  #2  0x4009c0b8 in abort () at ../sysdeps/generic/abort.c:88
  #3  0x80cc5c1 in remove_ob (op=0x8a64bd0) at object.c:1098
  #4  0x80cc6f7 in remove_ob (op=0x8a774c0) at object.c:1117
  #5  0x80a1676 in explosion (op=0x8a774c0) at spell_util.c:1319
  #6  0x80a95ec in process_object (op=0x8a774c0) at time.c:1033
  #7  0x807054f in process_events (map=0x0) at main.c:862
  #8  0x8070c39 in main (argc=1, argv=0xbffff83c) at main.c:1056


  More debugging info:

  at level 3, "op" is an arch angel, who has no map, and is removed.
   level 3 is at abort();  

  at level 4, "op" is a fireball, which is in a random map,
  and which is unfortunately also having its "more" pointer point
  to the archangel.
    level 4 is at remove_ob(op->more)

 
 at level 5, op is still a fireball, and it still has
 the invalid (op->more) is an angel.


This is a full dump of the object:
(gdb) p *op
(gdb) p *op
$21 = {contr = 0x0, next = 0x8f84de8, prev = 0x8a64bd0, 
  active_next = 0xbffff684, active_prev = 0x8954364, below = 0x89725b4, 
  above = 0x8b46d28, inv = 0x0, container = 0x0, env = 0x0, more = 0x8a64bd0, 
  head = 0x8af2b10, map = 0x931c5f0, count = 345935, refcount = 0, 
  sk_list = 0x0, name = 0x81af2b2 "fireball", title = 0x0, race = 0x0, 
  slaying = 0x0, msg = 0x0, x = 20, y = 16, ox = 20, oy = 16, 
  speed = 0.200000003, speed_left = -0.899999976, nrof = 0, face = 0x81a5490, 
  direction = 0 '\000', facing = 0 '\000', type = 11 '\013', resist = {
    0 <repeats 24 times>}, attacktype = 6, path_attuned = 0, 
  path_repelled = 0, path_denied = 0, material = 0, magic = 0 '\000', 
  thrownthaco = 0 '\000', state = 1 '\001', value = 0, level = 0, 
  last_heal = 0, last_sp = 0, last_grace = 0, last_eat = 0, invisible = 0, 
  pick_up = 0 '\000', owner = 0x89725b4, enemy = 0x0, arch = 0x8217718, 
  other_arch = 0x0, weight = 0, carrying = 0, flags = {10496, 1073741824, 0, 
    0}, ownercount = 345864, randomitems = 0x0, run_away = 0, 
  chosen_skill = 0x0, exp_obj = 0x0, hide = 0, lights = 0x0, glow_radius = 1, 
  move_status = 0, move_type = 0, weight_limit = 0, can_apply = 0 '\000', 
  will_apply = 0 '\000', animation_id = 299, anim_speed = 0 '\000', 
  last_anim = 2 '\002', stats = {Str = 0 '\000', Dex = 0 '\000', 
    Con = 0 '\000', Wis = 0 '\000', Cha = 0 '\000', Int = 0 '\000', 
    Pow = 0 '\000', wc = -', ac = 0 '\000', hp = 13, maxhp = 18254, 
    sp = 0, maxsp = 0, grace = 0, maxgrace = 0, exp = 0, food = 0, dam = 11, 
    luck = 0 '\000'}, spellitem = 0x0, expmul = 1}

Those flags mean:
NO_PICK
FLAG_ANIMATE
FLAG_FLYING

And, I think...
FLAG_NO_APPLY

It is IN a map.


Even at the top level, op->more points to the angel.

So it all boils down to:  why does this fireball have "op->more"?

PeterM

More information about the crossfire mailing list