Source Code Project Mantis - FSSCP
View Issue Details
0002377FSSCPmultiplayerpublic2011-01-11 19:282019-12-23 07:06
ReporterSDM 
Assigned Totaylor 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.6.13 
Target VersionFixed in Version 
Summary0002377: Crash when pressing F2 after death but before respawn - Assert: model_instance_num < (int)Polygon_model_instances.size()
DescriptionThe game crashes every time I died and pressed F2 before I respawned. Although I changed the sound to ensure consistency, it probably crashes even without changing sounds, but that has not been tested yet as there were not enough multi games to conduct further testing.
Additional InformationCall stack:

WinAssert(char*, char*, int) + 981
model_get_instance(int) + 591 (modelread.cpp:2987)
model_clear_submodel_instances(int) + 493 (modelread.cpp:4536)
ship_model_update_instance(object*) + 1466 (ship.cpp:12268)
obj_move_all_post(object*, float) + 5626 (object.cpp:1218)
obj_move_all(float) + 4462 (object.cpp:1431)
game_simulation_frame() + 10078 (freespace.cpp:4025)
game_frame(bool) + 4658 (freespace.cpp:4399)
game_do_frame() + 604 (freespace.cpp:4814)
game_do_state(int) + 1419 (freespace.cpp:6596)
gameseq_process_events() + 1283 (gamesequence.cpp:409)
game_main(char*) + 2121 (freespace.cpp:7061)
TagsNo tags attached.
Attached Fileslog fs2_open.log (45,931) 2011-01-11 19:28
http://scp.indiegames.us/mantis/file_download.php?file_id=1631&type=bug

Notes
(0012723)
Zacam   
2011-06-22 20:00   
(Last edited: 2011-06-22 20:13)
Able to reproduce on Antipodes 7267.

F2 pressed during "death spin" or "respawn" screen will result in the following
(after hitting Accept):

Assert: model_instance_num < (int)Polygon_model_instances.size()
File: modelread.cpp
Line: 2872

ntdll.dll! NtWaitForSingleObject + 21 bytes
kernel32.dll! WaitForSingleObjectEx + 67 bytes
kernel32.dll! WaitForSingleObject + 18 bytes
fs2_open_3_6_13d_SSE2.exe! SCP_DumpStack + 354 bytes
fs2_open_3_6_13d_SSE2.exe! WinAssert + 208 bytes
fs2_open_3_6_13d_SSE2.exe! model_get_instance + 106 bytes
fs2_open_3_6_13d_SSE2.exe! model_clear_submodel_instances + 39 bytes
fs2_open_3_6_13d_SSE2.exe! ship_model_update_instance + 192 bytes
fs2_open_3_6_13d_SSE2.exe! obj_move_all_post + 577 bytes
fs2_open_3_6_13d_SSE2.exe! obj_move_all + 352 bytes
fs2_open_3_6_13d_SSE2.exe! game_simulation_frame + 1229 bytes
fs2_open_3_6_13d_SSE2.exe! game_frame + 469 bytes
fs2_open_3_6_13d_SSE2.exe! game_do_frame + 239 bytes
fs2_open_3_6_13d_SSE2.exe! game_do_state + 854 bytes
fs2_open_3_6_13d_SSE2.exe! gameseq_process_events + 237 bytes
fs2_open_3_6_13d_SSE2.exe! game_main + 782 bytes
fs2_open_3_6_13d_SSE2.exe! WinMain + 330 bytes
fs2_open_3_6_13d_SSE2.exe! __tmainCRTStartup + 358 bytes
fs2_open_3_6_13d_SSE2.exe! WinMainCRTStartup + 15 bytes
kernel32.dll! BaseThreadInitThunk + 18 bytes
ntdll.dll! RtlInitializeExceptionChain + 99 bytes
ntdll.dll! RtlInitializeExceptionChain + 54 bytes

polymodel_instance* model_get_instance(int model_instance_num)
 model_instance_num 0 int

void model_clear_submodel_instances( int model_instance_num )
 model_instance_num 0 int
+pmi 0xcccccccc {model_num=??? root_submodel_num=??? submodel=??? } polymodel_instance *
+pm 0xcccccccc {id=??? version=??? filename=0xccccccd4 <Bad Ptr> ...} polymodel *
 i -858993460 int

void ship_model_update_instance(object *objp)
+objp 0x01184170 struct object * Objects {next=0x011843a4 prev=0x01179d88 signature=1 ...} object *
+pss 0xcccccccc {next=??? prev=??? system_info=??? ...} ship_subsys *
+psub 0xcccccccc {flags=??? name=0xccccccd0 <Bad Ptr> subobj_name=0xccccccf0 <Bad Ptr> ...} model_subsystem *
 model_instance_num 0 int
+shipp 0x0167df78 struct ship * Ships {objnum=0 ai_index=0 ship_info_index=32 ...} ship *

(0013994)
karajorma   
2012-10-26 06:38   
Client side or server side?
(0013998)
karajorma   
2012-10-28 06:19   
This error does appear to be linked to E's change in r6878. The Polygon_model_instances vector is empty so the assert is triggered.

This may just be a case of an overzealous assertion so I'm going bounce this over to The E for checking.
(0015476)
Echelon9   
2013-11-30 20:59   
(Last edited: 2013-11-30 21:29)
Still present as of SVN r10175.

Prior to reaching the Assert, game_level_close() has been called which will lead to a call to model_instance_free_all().

model_instance_free_all() contains the call to Polygon_model_instances.clear().

(0016951)
taylor   
2019-12-23 07:06   
https://github.com/scp-fs2open/fs2open.github.com/commit/1584484

Issue History
2011-01-11 19:28SDMNew Issue
2011-01-11 19:28SDMFile Added: fs2_open.log
2011-06-22 20:00ZacamNote Added: 0012723
2011-06-22 20:13ZacamNote Edited: 0012723
2012-04-03 09:57Echelon9Statusnew => acknowledged
2012-10-26 06:38karajormaNote Added: 0013994
2012-10-28 06:19karajormaNote Added: 0013998
2012-10-28 06:19karajormaAssigned To => The_E
2012-10-28 06:19karajormaStatusacknowledged => assigned
2013-11-30 20:51Echelon9SummaryCrash when pressing F2 after death but before respawn => Crash when pressing F2 after death but before respawn - Assert: model_instance_num < (int)Polygon_model_instances.size()
2013-11-30 20:51Echelon9Additional Information Updatedbug_revision_view_page.php?rev_id=681#r681
2013-11-30 20:59Echelon9Note Added: 0015476
2013-11-30 21:29Echelon9Note Edited: 0015476bug_revision_view_page.php?bugnote_id=15476#r683
2019-12-23 07:04taylorAssigned ToThe_E => taylor
2019-12-23 07:06taylorStatusassigned => resolved
2019-12-23 07:06taylorResolutionopen => fixed
2019-12-23 07:06taylorNote Added: 0016951