View Issue Details

IDProjectCategoryView StatusLast Update
0002864FSSCPmultiplayerpublic2013-12-03 11:26
ReporterFUBAR-BDHR Assigned Toniffiwan  
PriorityurgentSeverityblockReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.6.19 
Target Version3.7.0Fixed in Version3.7.0 
Summary0002864: Standalone ASSERTION: "handle >= 0" trying to unload head .ani file
DescriptionAppears to be trying to unload head .ani bitmaps which have a bitmap_id of -858993460. This is coming from message_init()in missionmessage.cpp line 695. Blows up on the first one of 11. All have the same -858993460 bitmap_id

    // this forces a reload of the AVI's and waves for builtin messages. Needed because the flic and
    // sound system also get reset between missions!
    for (i = 0; i < Num_builtin_avis; i++ ) {
        generic_anim_unload(&Message_avis[i].anim_data);
    }


Additional Informationr9668 with Kara's patch for 1863.


Stack

     fs2_open_3_6_19-DEBUG.exe!debug_int3(char * file=0x010f6904, int line=966) Line 768 C++
     fs2_open_3_6_19-DEBUG.exe!WinAssert(char * text=0x010f7dbc, char * filename=0x010f6f9c, int linenum=1837) Line 966 + 0x13 bytes C++
     fs2_open_3_6_19-DEBUG.exe!bm_release(int handle=-858993460, int clear_render_targets=0) Line 1837 + 0x1e bytes C++
> fs2_open_3_6_19-DEBUG.exe!generic_anim_unload(generic_anim * ga=0x057b09fc) Line 300 + 0xe bytes C++
     fs2_open_3_6_19-DEBUG.exe!messages_init() Line 695 + 0x17 bytes C++
     fs2_open_3_6_19-DEBUG.exe!game_level_init(int seed=-1) Line 1017 C++
     fs2_open_3_6_19-DEBUG.exe!game_start_mission() Line 1429 + 0x7 bytes C++
     fs2_open_3_6_19-DEBUG.exe!multi_sync_pre_do() Line 8037 C++
     fs2_open_3_6_19-DEBUG.exe!multi_sync_do() Line 7469 C++
     fs2_open_3_6_19-DEBUG.exe!game_do_state(int state=38) Line 6659 C++
     fs2_open_3_6_19-DEBUG.exe!gameseq_process_events() Line 405 + 0x14 bytes C++
     fs2_open_3_6_19-DEBUG.exe!game_main(char * cmdline=0x00152340) Line 7032 + 0x5 bytes C++
     fs2_open_3_6_19-DEBUG.exe!WinMain(HINSTANCE__ * hInst=0x00400000, HINSTANCE__ * hPrev=0x00000000, char * szCmdLine=0x00152340, int nCmdShow=1) Line 7101 + 0x9 bytes C++
     fs2_open_3_6_19-DEBUG.exe!__tmainCRTStartup() Line 263 + 0x2c bytes C
     fs2_open_3_6_19-DEBUG.exe!WinMainCRTStartup() Line 182 C
     kernel32.dll!7c81776f()
     [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]


Autos from generic_anim_unload()

- ga 0x057b09fc {filename=0x057b09fc "Head-TP1" first_frame=14251 num_frames=1 ...} generic_anim *
+ filename 0x057b09fc "Head-TP1" char [32]
        first_frame 14251 int
        num_frames 1 int
        keyframe 0 int
        keyoffset -858993460 int
        current_frame -858993460 int
        previous_frame -858993460 int
        direction 204 'Ì' unsigned char
        done_playing 0 unsigned char
        total_time 0.066666670 float
        anim_time 0.00000000 float
+ ani {animation=0xcccccccc instance=0xcccccccc bg_type='Ì' } generic_anim::<unnamed-tag>::<unnamed-type-ani>
+ eff {next_frame=-858993460 } generic_anim::<unnamed-tag>::<unnamed-type-eff>
        type 204 'Ì' unsigned char
        streaming 204 'Ì' unsigned char
+ buffer 0xcccccccc <Bad Ptr> unsigned char *
        height -858993460 int
        width -858993460 int
        bitmap_id -858993460 int
        use_hud_color true bool
        ga->bitmap_id -858993460 int
- ga->buffer 0xcccccccc <Bad Ptr> unsigned char *
            CXX0030: Error: expression cannot be evaluated
TagsNo tags attached.

Relationships

related to 0002866 resolvedMjnMixael Sounds played from event editor in FRED get extension added even if they have one 

Activities

FUBAR-BDHR

2013-05-03 19:42

developer  

2864_fs2_standalone.rar (65,139 bytes)

Echelon9

2013-05-04 23:50

developer   ~0015035

That particular value looks like an uninitialised or dummy value, as it has also been set for the height, width, keyoffset, current_frame and previous_frame

FUBAR-BDHR

2013-05-05 00:24

developer   ~0015036

Well whatever it is it is happening pretty regularly. 3 more standalones down today with the same issue.

FUBAR-BDHR

2013-05-08 08:03

developer   ~0015042

Getting the same thing trying to start a mission from the tech room in single player. Simple mission just the player and 1 send message event.

FUBAR-BDHR

2013-05-08 08:25

developer   ~0015044

Alright this gets even weirder same mission in both TBP and FS2. TBP gets the same crash as the standalone. FS2 no crash.

Attaching mission from both TBP and FS2.

FUBAR-BDHR

2013-05-08 08:30

developer  

2864.fs2 (3,412 bytes)

FUBAR-BDHR

2013-05-08 08:30

developer  

2864_TBP.fs2 (4,022 bytes)

niffiwan

2013-05-08 10:02

developer   ~0015045

I didn't get a crash in TBP when running 2864_TBP.fs & Zathras 2.6. I didn't hear any audio play for the message either. The audio played OK for the fs2 version.

I did get this warning on mission load though:
WARNING: "Invalid type "MF Tlez'iar" found in loadout of mission file...skipping" at parse/parselo.cpp:2814

FUBAR-BDHR

2013-05-08 19:51

developer   ~0015046

That weapon wasn't added until the 2.7 betas so that would be a valid warning for 2.6. As for the sound not playing that is probably because it's from a campaign you might not have. Of course it should not be an issue as you shouldn't even make it past the load screen. Crash occurs on about the second loading bar.

FUBAR-BDHR

2013-05-08 21:44

developer   ~0015047

Well strangely enough it seems like we are dealing with 2 different but possibly related bugs in the exact same spot.

To reproduce the TBP crash in retail simply extract Head-TP1a.ani, place in the hud directory, and rename to Head-TP1.ani. This will trigger the issue as now the name specified in message.tbl exists and is loaded. This makes the number of frames > 0 and it assumes the bitmaps have been loaded and tries to unload them.

As to why it's happening on the standalones as well it's probably because they use the same file for everything that is loaded. This would result in a file with one frame already being loaded.

niffiwan

2013-05-09 10:57

developer   ~0015049

Yup, that does it alright. I get a slightly different error, might just be due to OS differences.

ASSERTION FAILED: "be->handle == handle" at bmpman/bmpman.cpp:1850 Invalid bitmap handle number 9500 (expected 0) for cursorweb.ani passed to bm_release()

niffiwan

2013-05-14 09:03

developer   ~0015057

Last edited: 2013-05-18 04:53

I believe this was introduced by 9660, could you please test & confirm/deny this?

update: I suspect that in add_avi() we *don't* want to call "generic_anim_load()". add_avi() is only called when parsing messages.tbl "+AVI Name:" and the ani name here is not valid. i.e. string is Head-TP1, but the real ANI's to load are Head-TP1[abc].ani.

Regardless, when called here "generic_anim_load()" isn't working correctly anyway, ga->first_frame was approx 9 hundred thousand when I stepped through the loading of (shouldn't really exist) Head-TP1.ani
(update: ga->first_frame approx 9 hundred thousand is actually a valid value)

niffiwan

2013-05-15 05:51

developer   ~0015058

Echelon9 & The_E, this seems related to 9654 & 9660. Could you please provide some more background about those changes? e.g. what was the problem that BP was having that led to 9654?

The_E

2013-05-15 06:11

administrator   ~0015059

Last edited: 2013-05-15 06:12

The issue were infrequent crashes due to two things. One, the original function (pre-9654) was calling generic_anim_unload instead of generic_anim_load, and two, it did so with uninitialized parameters, which naturally caused badness. 9654 changed that to use generic_anim_load, but E9 forgot to fill in the filename field in the struct that that function expects as input, which I then corrected.

This issue, while it was discovered when E9 ran BP, was not specific to BP. It could literally happen anywhere, anytime.

niffiwan

2013-05-15 06:24

developer   ~0015060

thanks, that makes sense. The only thing is, that function is only called for messages.tbl entries and for them AFAIK the AVI name is not a valid filename. It needs a, b or c added to it before it becomes a valid ani filename. i.e. a generic_anim_unload or generic_anim_load is useless because normally the file should not exist.

niffiwan

2013-05-18 03:11

developer  

mantis2864-svn.patch (594 bytes)   
Index: code/mission/missionmessage.cpp
===================================================================
--- code/mission/missionmessage.cpp	(revision 9677)
+++ code/mission/missionmessage.cpp	(working copy)
@@ -310,6 +310,7 @@
 	}
 
 	// would have returned if a slot existed.
+	generic_anim_init( &extra.anim_data );
 	strcpy_s( extra.name, avi_name );
 	strcpy_s( extra.anim_data.filename, avi_name);
 	extra.num = -1;
@@ -332,6 +333,7 @@
 			return i;
 	}
 
+	generic_anim_init( &extra.anim_data );
 	strcpy_s( extra.name, wave_name );
 	extra.num = -1;
 	Message_waves.push_back(extra);
mantis2864-svn.patch (594 bytes)   

niffiwan

2013-05-18 03:23

developer   ~0015065

Last edited: 2013-05-18 05:28

ahhhh, uninitialised structs, we hates them preciousssssss

IOW, anim_data in message_extra wasn't being initialised. This could lead to crashes when unloading ani's, e.g. if buffer was a non-nullptr then generic_anim_unload could attempt to bm_release an invalid bitmap_id. The patch should deal all instances of message_extra in the code.

I've successfully tested the patch with 2864.fs2 & data/hud/Head_TP1.ani.
Also fixes crashes in WoD found as part of testing 0002837.

FUBAR-BDHR

2013-05-18 05:20

developer   ~0015066

Seems to be working in retail. Still having some issues in TBP (no crash but no ani either) but it might be data related so I'm trying to rule that out. In the meantime I'm going to update the standalones and see if they crash.

chief1983

2013-05-23 19:34

administrator   ~0015085

Any update here? Still getting crashes after patching?

FUBAR-BDHR

2013-05-23 20:09

developer   ~0015086

Well haven't seen a crash yet but I also haven't seen anyone actually using a standalone yet either.

niffiwan

2013-05-29 09:28

developer   ~0015092

Fix committed to trunk@9681.

niffiwan

2013-05-29 09:33

developer   ~0015093

Per IRC discussion with FUBAR, committed as it fixes the single player issue, but leaving mantis open until some more people use the standalones to give it a better test.

niffiwan

2013-09-27 01:19

developer   ~0015293

Has anyone seen this problem reoccur on any standalones recently?

Echelon9

2013-12-03 11:26

developer   ~0015492

This one looks fixed from my ASan testing of standalone servers.

Related Changesets

fs2open: trunk r9681

2013-05-29 06:26

niffiwan


Ported: N/A

Details Diff
Fix for mantis 2864: correctly init message_extra struct Affected Issues
0002864
mod - /trunk/fs2_open/code/mission/missionmessage.cpp Diff File

Issue History

Date Modified Username Field Change
2013-05-03 19:42 FUBAR-BDHR New Issue
2013-05-03 19:42 FUBAR-BDHR File Added: 2864_fs2_standalone.rar
2013-05-04 23:50 Echelon9 Note Added: 0015035
2013-05-05 00:24 FUBAR-BDHR Note Added: 0015036
2013-05-08 08:03 FUBAR-BDHR Note Added: 0015042
2013-05-08 08:03 FUBAR-BDHR Priority normal => urgent
2013-05-08 08:03 FUBAR-BDHR Severity minor => block
2013-05-08 08:25 FUBAR-BDHR Note Added: 0015044
2013-05-08 08:30 FUBAR-BDHR File Added: 2864.fs2
2013-05-08 08:30 FUBAR-BDHR File Added: 2864_TBP.fs2
2013-05-08 10:02 niffiwan Note Added: 0015045
2013-05-08 19:51 FUBAR-BDHR Note Added: 0015046
2013-05-08 21:44 FUBAR-BDHR Note Added: 0015047
2013-05-09 10:57 niffiwan Note Added: 0015049
2013-05-09 10:57 niffiwan Status new => confirmed
2013-05-13 21:01 chief1983 Target Version => 3.7.0
2013-05-14 09:02 niffiwan Assigned To => niffiwan
2013-05-14 09:02 niffiwan Status confirmed => assigned
2013-05-14 09:03 niffiwan Note Added: 0015057
2013-05-14 10:08 niffiwan Note Edited: 0015057
2013-05-14 10:08 niffiwan Note Edited: 0015057
2013-05-14 10:11 niffiwan Note Edited: 0015057
2013-05-15 05:51 niffiwan Note Added: 0015058
2013-05-15 06:11 The_E Note Added: 0015059
2013-05-15 06:12 The_E Note Edited: 0015059
2013-05-15 06:24 niffiwan Note Added: 0015060
2013-05-18 03:11 niffiwan File Added: mantis2864-svn.patch
2013-05-18 03:23 niffiwan Note Added: 0015065
2013-05-18 03:23 niffiwan Status assigned => code review
2013-05-18 04:53 niffiwan Note Edited: 0015057
2013-05-18 05:19 niffiwan Note Edited: 0015065
2013-05-18 05:19 niffiwan Note Edited: 0015065
2013-05-18 05:20 FUBAR-BDHR Note Added: 0015066
2013-05-18 05:23 niffiwan Note Edited: 0015065
2013-05-18 05:28 niffiwan Note Edited: 0015065
2013-05-20 05:26 niffiwan Relationship added related to 0002866
2013-05-23 19:34 chief1983 Note Added: 0015085
2013-05-23 20:09 FUBAR-BDHR Note Added: 0015086
2013-05-29 09:28 niffiwan Changeset attached => fs2open trunk r9681
2013-05-29 09:28 niffiwan Note Added: 0015092
2013-05-29 09:28 niffiwan Status code review => resolved
2013-05-29 09:28 niffiwan Resolution open => fixed
2013-05-29 09:33 niffiwan Note Added: 0015093
2013-05-29 09:33 niffiwan Status resolved => feedback
2013-05-29 09:33 niffiwan Resolution fixed => reopened
2013-09-27 01:19 niffiwan Note Added: 0015293
2013-12-03 09:42 Echelon9 Category graphics => multiplayer
2013-12-03 11:26 Echelon9 Note Added: 0015492
2013-12-03 11:26 Echelon9 Status feedback => resolved
2013-12-03 11:26 Echelon9 Fixed in Version => 3.7.0
2013-12-03 11:26 Echelon9 Resolution reopened => fixed