[crossfire] server 1.8.0 SEGV

hv at crypt.org hv at crypt.org
Fri Dec 30 16:20:32 CST 2005 

(In passing: the README in the v1.8.0 server release points at:
  http://crossfire.real-time.com/Website_Index/Mailing_Lists/mailing_lists.jhtml
for the mailing lists, but a site reorganisation means it is now at:
  http://crossfire.real-time.com/mailinglists/index.html
)

Running a local server for single player use under Redhat Linux 7.1,
using v1.8.0 release of server and cfclient (under X with fvwm),
compiled with gcc 2.96, configured with:
  --prefix=/opt/crossfire-1.8.0 --with-python=/opt/python-2.4.1

The server had been up 2-3 days, and had several hours of (single player)
use in that time. I entered the first (random map) level of:
  maps/quests/peterm/quests/ogre_chief
and hit a SEGV as described below within a minute of entering.

Firing up gdb on the core file gave me:
(gdb) where
#0  monster_should_cast_spell (monster=0x908ec90, spell_ob=0x0)
    at monster.c:689
#1  0x0807e32a in monster_check_apply (mon=0x908ec90, item=0x8acff6c)
    at monster.c:1252
#2  0x0807e06b in monster_check_pickup (monster=0x908ec90) at monster.c:1084
#3  0x0807cc6d in move_monster (op=0x908ec90) at monster.c:329
#4  0x0809d765 in process_object (op=0x908ec90) at time.c:1312
#5  0x0807c061 in process_events (map=0x0) at main.c:1002
#6  0x0807c5bd in main (argc=1, argv=0xbffffbd4) at main.c:1232
#7  0x4009f1c4 in __libc_start_main () from /lib/libc.so.6
(gdb) up
#1  0x0807e32a in monster_check_apply (mon=0x908ec90, item=0x8acff6c)
    at monster.c:1252
1252            if (monster_should_cast_spell(mon, item->inv))
(gdb) p *item
$1 = {contr = 0x0, next = 0x8d5d2b4, prev = 0x91c8530, active_next = 0x0, 
  active_prev = 0x0, below = 0x893ba88, above = 0x0, inv = 0x0, 
  container = 0x0, env = 0x908ec90, more = 0x0, head = 0x0, map = 0x0, 
  count = 2952096, refcount = 0, name = 0x82f23fc "scroll", 
  name_pl = 0x826d384 "scrolls", title = 0x0, race = 0x826d384 "scrolls", 
  slaying = 0x0, skill = 0x827baf4 "use magic item", msg = 0x0, lore = 0x0, 
  x = 0, y = 0, ox = 0, oy = 0, speed = 0, speed_left = -0.100000001, 
  nrof = 1, face = 0x81ad468, direction = 0 '\000', facing = 0 '\000', 
  type = 111 'o', subtype = 0 '\000', client_type = 661, resist = {
    0 <repeats 26 times>}, attacktype = 0, path_attuned = 0, 
  path_repelled = 0, path_denied = 0, material = 1, 
  materialname = 0x83d2eac "paper", magic = 0 '\000', state = 0 '\000', 
  value = 1, level = 0, last_heal = 0, last_sp = 0, last_grace = 0, 
  last_eat = 0, invisible = 0, pick_up = 0 '\000', item_power = 0 '\000', 
  gen_sp_armour = 0 '\000', weight = 200, weight_limit = 0, carrying = 0, 
  glow_radius = 0 '\000', stats = {Str = 0 '\000', Dex = 0 '\000', 
    Con = 0 '\000', Wis = 0 '\000', Cha = 0 '\000', Int = 0 '\000', 
    Pow = 0 '\000', wc = 0 '\000', ac = 0 '\000', hp = 0, maxhp = 0, sp = 0, 
    maxsp = 0, grace = 0, maxgrace = 0, exp = 0, food = 0, dam = 0, 
    luck = 0 '\000'}, perm_exp = 0, current_weapon_script = 0x0, 
  current_weapon = 0x0, weapontype = 0, tooltype = 0, 
  body_info = '\000' <repeats 11 times>, 
  body_used = '\000' <repeats 11 times>, owner = 0x0, ownercount = 0, 
  enemy = 0x0, attacked_by = 0x0, attacked_by_count = 4294967295, 
  randomitems = 0x0, run_away = 0, chosen_skill = 0x0, hide = 0, 
  move_status = 0, move_type = 0, will_apply = 0 '\000', spellitem = 0x0, 
  expmul = 1, duration = 0, duration_modifier = 0 '\000', casting_time = -1, 
  spell = 0x0, start_holding = 0, spellarg = 0x0, dam_modifier = 0 '\000', 
  range = 0 '\000', range_modifier = 0 '\000', arch = 0x83425a0, 
  other_arch = 0x0, flags = {0, 0, 0, 0}, animation_id = 0, 
  anim_speed = 0 '\000', last_anim = 0 '\000', elevation = 0, 
  smoothlevel = 0 '\000', events = 0x0, custom_name = 0x0}
(gdb) 

I'm happy to provide more info (or the core file) if it might help,
but I'd suggest at the least a patch as below to avoid the crash.

Hugo
--- monster.c	Sat Jul 30 09:23:27 2005
+++ monster.c	Fri Dec 30 22:07:06 2005
@@ -686,6 +686,11 @@
 
 static int monster_should_cast_spell(object *monster, object *spell_ob)
 {
+    /* sanity check */
+    if (spell_ob == NULL) {
+	LOG(llevError, "monster_should_cast_spell: spell_ob is NULL\n");
+	return 0;
+    }
     if (spell_ob->subtype == SP_BOLT || spell_ob->subtype == SP_BULLET ||
 	spell_ob->subtype == SP_EXPLOSION || spell_ob->subtype == SP_CONE ||
 	spell_ob->subtype == SP_BOMB || spell_ob->subtype == SP_SMITE ||

More information about the crossfire mailing list