[CF-Devel] Server crash (seems to be implicated by get_random_mon function)

huet.o at free.fr huet.o at free.fr
Fri Sep 6 16:21:00 CDT 2002 

Hello,

I had many time a server crash in a recent cvs tree.
(To see which version exactly, the last entry I have in
CHANGES is  :
----
This change mostly deals with improving behaviour of pet monstes.
Most of the code is from K. Reinert - however, I did some code cleanup/
----
)


So it crash when I enter in a shop I've never visited : when it
generate it.

I have both output of the server and core file :

-------------------------------
The server output is :

Trying to load map
/usr/local/crossfire/share/crossfire/maps/santo_dominion/shops/rings.
load_original_map: /santo_dominion/shops/rings (0)
Can't open /usr/local/crossfire/var/crossfire/maps/santo_dominion/shops/rings
Can't open overlay
/usr/local/crossfire/var/crossfire/maps/santo_dominion/shops/rings
Trying to load map
/usr/local/crossfire/share/crossfire/maps/santo_dominion/shops/nosferatu.
load_original_map: /santo_dominion/shops/nosferatu (0)
get_random_mon() couldnt return monster for level 51

SIGSEGV received.
Emergency saves disabled, no save attempted
Cleaning up...
Saving map /santo_dominion/town
Player on map that is being saved
Saving map /dragonisland/stoneville
Saving map /city/city
Saving map /city/anthony/portgate
Saving map /Lake_Country/kundi_area
Saving map /Lake_Country/shops/Olds_jewel
Saving map /santo_dominion/shops/rings
Saving map /santo_dominion/shops/nosferatu
Abandon (core dumped)

------------------------
With core file, here is the backtrace :

There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-mandrake-linux"...
Core was generated by `crossfire'.
Program terminated with signal 6, Abandon.
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_nisplus.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  0x2ab4fee1 in __kill () from /lib/libc.so.6
(gdb) bt
#0  0x2ab4fee1 in __kill () from /lib/libc.so.6
#1  0x2ab4fb1d in raise () from /lib/libc.so.6
#2  0x8063926 in fatal_signal (make_core=1, close_sockets=1) at init.c:687
#3  0x8063818 in rec_sigsegv (i=11) at init.c:629
#4  0x7fffdf94 in ?? ()
#5  0x80a8ff5 in mon_info_msg (level=17, booksize=280) at readable.c:1335
#6  0x80aa507 in tailor_readable_ob (book=0x89acc00, msg_type=-1)
    at readable.c:1972
#7  0x80ae4cf in fix_generated_item (op=0x89acc00, creator=0x89f0aa8, 
    difficulty=1, max_magic=0, flags=8) at treasure.c:842
#8  0x80ad611 in create_one_treasure (tl=0x83dcf90, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=3) at treasure.c:377
#9  0x80ad65e in create_treasure (t=0x83dcf90, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=1) at treasure.c:396
#10 0x80ad3fb in create_all_treasures (t=0x83dcf68, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=1) at treasure.c:327
#11 0x80ad494 in create_all_treasures (t=0x83dcf40, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=1) at treasure.c:343
#12 0x80ad494 in create_all_treasures (t=0x83dcf18, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=1) at treasure.c:343
#13 0x80ad66d in create_treasure (t=0x83dcee0, op=0x89f0aa8, flag=8, 
    difficulty=1, tries=0) at treasure.c:398
#14 0x804fd82 in fix_auto_apply (m=0x8800610) at apply.c:3097
#15 0x80a27ef in ready_map_name (
    name=0x80f4ba0 "/santo_dominion/shops/nosferatu", flags=0) at map.c:1419
#16 0x8067289 in enter_exit (op=0x8120550, exit_ob=0x8becba8) at main.c:630
#17 0x804ea4c in manual_apply (op=0x8120550, tmp=0x8b70368, aflag=0)
    at apply.c:2182
#18 0x804ed75 in player_apply (pl=0x8120550, op=0x8b70368, aflag=0, quiet=1)
    at apply.c:2373
#19 0x804ee25 in player_apply_below (pl=0x8120550) at apply.c:2416
#20 0x8059146 in command_apply (op=0x8120550, params=0x0) at c_object.c:102
#21 0x8058f4b in execute_newserver_command (pl=0x8120550, 
    command=0x7ffff74c "apply") at c_new.c:112
#22 0x80bfc3b in NewPlayerCmd (buf=0x8699f37 "", len=11, pl=0x2acaf008)
    at request.c:347
#23 0x80be0f3 in HandleClient (ns=0x2acaf00c, pl=0x2acaf008) at loop.c:361
#24 0x80be83d in doeric_server () at loop.c:611
#25 0x8067f29 in main (argc=1, argv=0x7ffffb14) at main.c:1156

-------------------
-------------------
I've up the stack :
#4 seems to be the crash space :

on #5, it's 

#5  0x80a8ff5 in mon_info_msg (level=17, booksize=280) at readable.c:1335
1335		  sprintf (tmpbuf, "\n---\n%s", mon_desc (tmp));



---> I printed retbuf :
(gdb) printf "%s\n", retbuf
This beastiary contains:
(gdb) 

---> To see stack residue :
(gdb) p retbuf
$7 = "This beastiary contains:\000---\n *** skeleton ***\n(fast
movement)(undead)(wield weapon)(wear armour)(wear ring)(Attacks: physical,
cold)(resist fire -100)(resist cold +30)(resist fear +100)\n---\n *** nigh"...



on previous code, tmp is a monster : there is 
     tmp = get_random_mon (level * 3);

----> my error message displayed (get_random_mon() couldnt return
      monster for level 51)
is in this function... and it return NULL... it's perhaps the reason
of the crash.... (but gdb give me strange value on tmp  : 
(gdb) p tmp
$14 = (object *) 0x77b858
)

It seems like the crash is because tmp is NULL
somewhere in function mon_desc...


I keep the core file : if you would like to have another info...

--
Olivier.

More information about the crossfire mailing list