All Projects FSSCP  wxFRED

View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002183FSSCPPlatform-Engine interactionpublic2010-04-16 06:072010-05-19 04:27
ReporterThe_E Assigned Toiss_mneur  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.6.12 RC2 
Fixed in Version3.6.12 
Summary0002183: Assertion from dbgheap.cpp line 1322
DescriptionWhile hunting the bug detailed in Mantis 2182, we ran into this, using the same mission.

Basically, when quitting the mission (by jumping out, or manually quitting), this Assertion happens.
Additional InformationCall Stack:


> fs2_open_3_6_13d_INF_SSE2.exe!_free_dbg_nolock(void * pUserData=0x0f153d28, int nBlockUse=1) Line 1322 + 0x30 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!_free_dbg(void * pUserData=0x0f153d28, int nBlockUse=1) Line 1265 + 0xd bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!_vm_free(void * ptr=0x0f153d28, char * filename=0x00ea7150, int line=571) Line 1757 + 0xb bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!training_mission_shutdown() Line 571 + 0x20 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!message_mission_shutdown() Line 604 C++
     fs2_open_3_6_13d_INF_SSE2.exe!game_level_close() Line 980 C++
     fs2_open_3_6_13d_INF_SSE2.exe!freespace_stop_mission() Line 1171 C++
     fs2_open_3_6_13d_INF_SSE2.exe!game_leave_state(int old_state=2, int new_state=1) Line 6140 C++
     fs2_open_3_6_13d_INF_SSE2.exe!gameseq_set_state(int new_state=1, int override=0) Line 275 + 0x19 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!game_process_event(int current_state=2, int event=4) Line 5637 + 0x9 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!gameseq_process_events() Line 395 + 0x19 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!game_main(char * cmdline=0x02993eb7) Line 7530 + 0x5 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!WinMain(HINSTANCE__ * hInst=0x00400000, HINSTANCE__ * hPrev=0x00000000, char * szCmdLine=0x02993eb7, int nCmdShow=10) Line 7610 + 0x9 bytes C++
     fs2_open_3_6_13d_INF_SSE2.exe!__tmainCRTStartup() Line 275 + 0x2c bytes C
     fs2_open_3_6_13d_INF_SSE2.exe!WinMainCRTStartup() Line 189 C
     kernel32.dll!76a23677()
     [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]
     ntdll.dll!77829d72()
     ntdll.dll!77829d45()
TagsNo tags attached.

Activities

2010-04-16 18:19

 

2183_fix.patch (1,931 bytes)    
Index: code/mission/missiontraining.cpp
===================================================================
--- code/mission/missiontraining.cpp	(revision 6056)
+++ code/mission/missiontraining.cpp	(working copy)
@@ -853,7 +853,7 @@
 
 // Goober5000 - removes current message from the queue
 void message_training_remove_from_queue(int idx)
-{	
+{
 	Training_message_queue[idx].length = -1;
 	Training_message_queue[idx].num = -1;
 	Training_message_queue[idx].timestamp = -1;
@@ -864,8 +864,30 @@
 		Training_message_queue[idx].special_message = NULL;
 	}
 
-	for (int j=idx+1; j<Training_message_queue_count; j++)
-		Training_message_queue[j - 1] = Training_message_queue[j];
+	Assert( Training_message_queue_count < TRAINING_MESSAGE_QUEUE_MAX );
+	for (int j=idx+1; j<=Training_message_queue_count; j++) {
+		if ( j < TRAINING_MESSAGE_QUEUE_MAX ) {
+			// move all higher messages down one index
+			Training_message_queue[j - 1] = Training_message_queue[j];
+		} else if ( j == TRAINING_MESSAGE_QUEUE_MAX ) {
+			/* We are supposed to slide down the message in the last index, but
+			because it is the last index, we just need to "copy" from invalid. */
+			Training_message_queue[TRAINING_MESSAGE_QUEUE_MAX - 1].length = -1;
+			Training_message_queue[TRAINING_MESSAGE_QUEUE_MAX - 1].num = -1;
+			Training_message_queue[TRAINING_MESSAGE_QUEUE_MAX - 1].timestamp = -1;
+			// Not a memory leak because we have already moved the pointer down,
+			// so it gets deleted later when expires.
+			Training_message_queue[TRAINING_MESSAGE_QUEUE_MAX - 1].special_message = NULL;
+		} else {
+			// Somthing has majorly messed up.
+			mprintf(("message_training_remove_from_queue(int idx=%d) {\n"
+				"j = %d; Training_message_queue_count = %d; "
+				"TRAINING_MESSAGE_QUEUE_MAX = %d\n",
+				idx, j, Training_message_queue_count,
+				TRAINING_MESSAGE_QUEUE_MAX));
+			Int3();
+		}
+	}
 	Training_message_queue_count--;
 }
2183_fix.patch (1,931 bytes)   

Goober5000

2010-04-19 03:45

administrator   ~0011890

Before I go over this, I want to catch Iss_Mneur on IRC to ask a few things.

iss_mneur

2010-04-19 04:42

developer   ~0011893

Last edited: 2010-04-19 04:42

 As requested by Goober5000, the mission that is attached to Bug 2182 will cause this bug to manifest at anytime after the camera jumps to third person. Doing anything that reloads the mission will cause this bug to manifest.

taylor

2010-05-08 04:34

administrator   ~0011940

Unless I'm missing something this patch was never added to SVN. Please *do not* resolve-fix bugs until they are fixed in SVN first.

iss_mneur

2010-05-08 04:51

developer   ~0011942

Yes, I am waiting for goober5000 to review the code. I have sent goober5000 a PM.

Goober5000

2010-05-15 22:52

administrator   ~0011964

I tested the mission, and my previous commit had fixed the issue. So I'm marking this fixed.

The_E

2010-05-16 02:44

administrator   ~0011968

Can not confirm this issue as fixed. The same mission, if left to run for a few minutes (without time compression or anything) before warpout, will cause a crash. Not the one initially reported, but an Int3() from missiontraining.cpp line 842 instead. Again, IssMneur's attached patch fixes the issue, so that one should be committed to both trunk and the 3.6.12 branch.

2010-05-16 02:50

 

crashtest2.fs2 (22,370 bytes)

iss_mneur

2010-05-16 02:55

developer   ~0011969

I also can confirm the bug has not been fixed in either trunk nor the 3.6.12 branch.

The bug in the original report is triggered from the escape menu, if you chose restart or quit. The Int3() is triggered when jumping out. Also, bug is unaffected by time compression. Also, bug can be triggered instantly after the camera jumps back (that is, you are back in the cockpit).

For you convenience, I have attached the mission that does not trigger the unrelated sun-bitmap assert. Like the other mission, it does require blueplanet.

Goober5000

2010-05-19 04:27

administrator   ~0011972

Okay, it's fixed now for real, in revision 6119-6120. Crediting Iss_Mneur because he figured out the underlying cause.

Issue History

Date Modified Username Field Change
2010-04-16 06:07 The_E New Issue
2010-04-16 18:19 iss_mneur File Added: 2183_fix.patch
2010-04-19 03:45 Goober5000 Note Added: 0011890
2010-04-19 03:45 Goober5000 Assigned To => iss_mneur
2010-04-19 03:45 Goober5000 Status new => assigned
2010-04-19 04:42 iss_mneur Note Added: 0011893
2010-04-19 04:42 iss_mneur Note Edited: 0011893
2010-05-08 03:17 The_E Status assigned => resolved
2010-05-08 03:17 The_E Resolution open => fixed
2010-05-08 04:34 taylor Note Added: 0011940
2010-05-08 04:34 taylor Status resolved => assigned
2010-05-08 04:34 taylor Resolution fixed => open
2010-05-08 04:51 iss_mneur Note Added: 0011942
2010-05-15 22:52 Goober5000 Note Added: 0011964
2010-05-15 22:52 Goober5000 Assigned To iss_mneur => Goober5000
2010-05-15 22:52 Goober5000 Status assigned => resolved
2010-05-15 22:52 Goober5000 Resolution open => fixed
2010-05-15 22:52 Goober5000 Fixed in Version => 3.6.12
2010-05-16 02:44 The_E Note Added: 0011968
2010-05-16 02:44 The_E Status resolved => feedback
2010-05-16 02:44 The_E Resolution fixed => reopened
2010-05-16 02:50 iss_mneur File Added: crashtest2.fs2
2010-05-16 02:55 iss_mneur Note Added: 0011969
2010-05-19 04:27 Goober5000 Note Added: 0011972
2010-05-19 04:27 Goober5000 Assigned To Goober5000 => iss_mneur
2010-05-19 04:27 Goober5000 Status feedback => resolved
2010-05-19 04:27 Goober5000 Resolution reopened => fixed