View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002339 | FSSCP | SEXPs | public | 2010-11-18 10:46 | 2010-11-29 10:28 |
| Reporter | Echelon9 | Assigned To | Echelon9 | ||
| Priority | normal | Severity | crash | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.6.13 | ||||
| Fixed in Version | 3.6.13 | ||||
| Summary | 0002339: Intermittent crashes in add_sexps | ||||
| Description | Intermittently been experiencing crashes on OS X, with a stack trace as per below. Reason: KERN_INVALID_ADDRESS at address: 0x1b34fff8 0x0031ad55 in add_sexps (n=1850) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:3510 3510 if ( Sexp_nodes[CAR(n)].value == SEXP_NAN ) Caused because CAR(1850) resolves to -1; which then crashes when -1 is used as an index into the Sexp_nodes array. (gdb) print Sexp_nodes[1850] $1 = { text = "10", '\0' <repeats 29 times>, op_index = -2, type = 1073741826, subtype = 2, first = -1, rest = 1851, value = -32765, flags = 1 } (gdb) print Sexp_nodes[1850].first $2 = -1 (gdb) print Sexp_nodes[-1] Cannot access memory at address 0x1b34ffc4 Reliably occurs in first mission of Apotheosis from BP:WiH and other missions occasionally. | ||||
| Additional Information | (gdb) bt #0 0x0031ad55 in add_sexps (n=1850) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:3510 0000001 0x00301a68 in eval_sexp (cur_node=1849, referenced_node=-1) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:17778 0000002 0x002ff998 in eval_sexp (cur_node=1852, referenced_node=-1) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:17761 0000003 0x00313159 in sexp_modify_variable (n=1848) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:22719 0000004 0x00301ef8 in eval_sexp (cur_node=1847, referenced_node=-1) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:17999 0000005 0x0031a0b4 in eval_when (n=1795, use_arguments=0) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:7426 0000006 0x0030220c in eval_sexp (cur_node=1791, referenced_node=-1) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/parse/sexp.cpp:18172 0000007 0x001e9d80 in mission_process_event (event=49) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/mission/missiongoals.cpp:913 0000008 0x001eb512 in mission_eval_goals () at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/mission/missiongoals.cpp:1062 0000009 0x00046eb5 in game_simulation_frame () at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:4226 0000010 0x0004897b in game_frame (paused=0) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:4663 #11 0x0004900a in game_do_frame () at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:5098 0000012 0x000491f6 in game_do_state (state=2) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:6889 0000013 0x000fb52d in gameseq_process_events () at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/gamesequence/gamesequence.cpp:407 0000014 0x00045cb6 in game_main (cmdline=0x2514e00 "") at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:7465 0000015 0x00045e52 in SDL_main (argc=1, argv=0x200a3e0) at /Users/*/Documents/Coding/fs2open/trunk/fs2_open/projects/Xcode/../../code/freespace2/freespace.cpp:7614 | ||||
| Tags | No tags attached. | ||||
|
|
mission_process_event (event=49) ----- (gdb) print Mission_events[49] $9 = { name = "change to subspace", '\0' <repeats 13 times>, formula = 1791, result = 0, repeat_count = 1, trigger_count = 1, interval = 1, timestamp = 0, score = 0, chain_delay = -1, flags = 0, objective_text = 0x0, objective_key_text = 0x0, count = 0, satisfied_time = 0, born_on_date = 0, team = -1 } eval_sexp (cur_node=1791, referenced_node=-1) ----- (gdb) print Sexp_nodes[1791] $10 = { text = "when", '\0' <repeats 27 times>, op_index = 146, type = 2, subtype = 1, first = -1, rest = 1795, value = 0, flags = 1 } eval_when (n=1795, use_arguments=0) ----- (gdb) print Sexp_nodes[1795] $8 = { text = '\0' <repeats 31 times>, op_index = -2, type = 1, subtype = 0, first = 1792, rest = 1798, value = -32765, flags = 1 } eval_sexp (cur_node=1847, referenced_node=-1) ----- (gdb) print Sexp_nodes[1847] $7 = { text = "modify-variable", '\0' <repeats 16 times>, op_index = 324, type = 2, subtype = 1, first = -1, rest = 1848, value = -32765, flags = 1 } sexp_modify_variable (n=1848) ----- (gdb) print Sexp_nodes[1848] $6 = { text = "10", '\0' <repeats 29 times>, op_index = -2, type = 1073741826, subtype = 2, first = -1, rest = 1852, value = -32765, flags = 1 } eval_sexp (cur_node=1852, referenced_node=-1) ----- (gdb) print Sexp_nodes[1852] $5 = { text = '\0' <repeats 31 times>, op_index = -2, type = 1, subtype = 0, first = 1849, rest = -1, value = -32765, flags = 1 } eval_sexp (cur_node=1849, referenced_node=-1) ----- (gdb) print Sexp_nodes[1849] $4 = { text = "+", '\0' <repeats 30 times>, op_index = 0, type = 2, subtype = 1, first = -1, rest = 1850, value = -32765, flags = 1 } add_sexps (n=1850) ----- (gdb) print Sexp_nodes[1850] $13 = { text = "10", '\0' <repeats 29 times>, op_index = -2, type = 1073741826, subtype = 2, first = -1, rest = 1851, value = -32765, flags = 1 } (gdb) print Sexp_variables[10] $15 = { type = 784, text = "400", '\0' <repeats 28 times>, variable_name = "sunsize", '\0' <repeats 24 times> } |
|
2010-11-21 03:40
|
mantis2239-add_sexps_fix.patch (1,397 bytes)
Index: code/parse/sexp.cpp
===================================================================
--- code/parse/sexp.cpp (revision 6759)
+++ code/parse/sexp.cpp (working copy)
@@ -3500,25 +3500,25 @@
int sum = 0, val;
if (n != -1) {
- if ( CAR(n) != -1)
+ if ( CAR(n) != -1) {
sum = eval_sexp( CAR(n) );
+ // be sure to check for the NAN value when doing arithmetic -- this value should
+ // get propagated to the next highest function.
+ if ( Sexp_nodes[CAR(n)].value == SEXP_NAN )
+ return SEXP_NAN;
+ else if ( Sexp_nodes[CAR(n)].value == SEXP_NAN_FOREVER )
+ return SEXP_NAN_FOREVER;
+ }
else
sum = atoi( CTEXT(n) );
- // be sure to check for the NAN value when doing arithmetic -- this value should
- // get propagated to the next highest function.
- if ( Sexp_nodes[CAR(n)].value == SEXP_NAN )
- return SEXP_NAN;
- else if ( Sexp_nodes[CAR(n)].value == SEXP_NAN_FOREVER )
- return SEXP_NAN_FOREVER;
-
while (CDR(n) != -1) {
val = eval_sexp( CDR(n) );
// be sure to check for the NAN value when doing arithmetic -- this value should
// get propagated to the next highest function.
if ( Sexp_nodes[CDR(n)].value == SEXP_NAN )
return SEXP_NAN;
- else if ( Sexp_nodes[CAR(n)].value == SEXP_NAN_FOREVER )
+ else if ( Sexp_nodes[CDR(n)].value == SEXP_NAN_FOREVER )
return SEXP_NAN_FOREVER;
sum += val;
n = CDR(n);
|
|
|
With assitance from The_E, proposed patch attached. |
|
|
Good catch. I believe this patch will do the job. |
|
|
I'm going to post this on the SCP internal and get a few more eyes over it. As we're patching one of the most fundamental SEXPs (the '+' operator) it could do with some comprehensive testing. |
|
|
Fixed in r6795 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-11-18 10:46 | Echelon9 | New Issue | |
| 2010-11-18 11:05 | Echelon9 | Category | graphics => scripting |
| 2010-11-18 11:05 | Echelon9 | Description Updated | |
| 2010-11-18 11:11 | Echelon9 | Description Updated | |
| 2010-11-20 20:05 | Echelon9 | Summary | Intermittent crashes around ade_obj<vec3d> / std::vector<light*, SCP_vm_allocator<light*> > => Intermittent crashes around sexp_modify_variable, eval_sexp and add_sexps |
| 2010-11-20 20:05 | Echelon9 | Description Updated | |
| 2010-11-20 20:05 | Echelon9 | Additional Information Updated | |
| 2010-11-20 20:08 | Echelon9 | Description Updated | |
| 2010-11-20 20:08 | Echelon9 | Additional Information Updated | |
| 2010-11-20 20:13 | Echelon9 | Note Added: 0012475 | |
| 2010-11-20 20:13 | Echelon9 | Reproducibility | random => sometimes |
| 2010-11-20 20:13 | Echelon9 | Category | scripting => SEXPs |
| 2010-11-20 20:19 | Echelon9 | Note Edited: 0012475 | |
| 2010-11-20 20:21 | Echelon9 | Description Updated | |
| 2010-11-21 03:03 | Echelon9 | Description Updated | |
| 2010-11-21 03:40 | Echelon9 | File Added: mantis2239-add_sexps_fix.patch | |
| 2010-11-21 03:41 | Echelon9 | Note Added: 0012476 | |
| 2010-11-21 03:42 | Echelon9 | Status | new => assigned |
| 2010-11-21 03:42 | Echelon9 | Assigned To | => Echelon9 |
| 2010-11-22 10:04 | Goober5000 | Note Added: 0012481 | |
| 2010-11-22 10:23 | Echelon9 | Note Added: 0012483 | |
| 2010-11-22 11:27 | Echelon9 | Summary | Intermittent crashes around sexp_modify_variable, eval_sexp and add_sexps => Intermittent crashes in add_sexps |
| 2010-11-22 11:27 | Echelon9 | Status | assigned => confirmed |
| 2010-11-29 10:28 | Echelon9 | Note Added: 0012491 | |
| 2010-11-29 10:28 | Echelon9 | Status | confirmed => resolved |
| 2010-11-29 10:28 | Echelon9 | Fixed in Version | => 3.6.13 |
| 2010-11-29 10:28 | Echelon9 | Resolution | open => fixed |
