View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002864 | FSSCP | multiplayer | public | 2013-05-03 19:42 | 2013-12-03 11:26 |
| Reporter | FUBAR-BDHR | Assigned To | niffiwan | ||
| Priority | urgent | Severity | block | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.6.19 | ||||
| Target Version | 3.7.0 | Fixed in Version | 3.7.0 | ||
| Summary | 0002864: Standalone ASSERTION: "handle >= 0" trying to unload head .ani file | ||||
| Description | Appears to be trying to unload head .ani bitmaps which have a bitmap_id of -858993460. This is coming from message_init()in missionmessage.cpp line 695. Blows up on the first one of 11. All have the same -858993460 bitmap_id // this forces a reload of the AVI's and waves for builtin messages. Needed because the flic and // sound system also get reset between missions! for (i = 0; i < Num_builtin_avis; i++ ) { generic_anim_unload(&Message_avis[i].anim_data); } | ||||
| Additional Information | r9668 with Kara's patch for 1863. Stack fs2_open_3_6_19-DEBUG.exe!debug_int3(char * file=0x010f6904, int line=966) Line 768 C++ fs2_open_3_6_19-DEBUG.exe!WinAssert(char * text=0x010f7dbc, char * filename=0x010f6f9c, int linenum=1837) Line 966 + 0x13 bytes C++ fs2_open_3_6_19-DEBUG.exe!bm_release(int handle=-858993460, int clear_render_targets=0) Line 1837 + 0x1e bytes C++ > fs2_open_3_6_19-DEBUG.exe!generic_anim_unload(generic_anim * ga=0x057b09fc) Line 300 + 0xe bytes C++ fs2_open_3_6_19-DEBUG.exe!messages_init() Line 695 + 0x17 bytes C++ fs2_open_3_6_19-DEBUG.exe!game_level_init(int seed=-1) Line 1017 C++ fs2_open_3_6_19-DEBUG.exe!game_start_mission() Line 1429 + 0x7 bytes C++ fs2_open_3_6_19-DEBUG.exe!multi_sync_pre_do() Line 8037 C++ fs2_open_3_6_19-DEBUG.exe!multi_sync_do() Line 7469 C++ fs2_open_3_6_19-DEBUG.exe!game_do_state(int state=38) Line 6659 C++ fs2_open_3_6_19-DEBUG.exe!gameseq_process_events() Line 405 + 0x14 bytes C++ fs2_open_3_6_19-DEBUG.exe!game_main(char * cmdline=0x00152340) Line 7032 + 0x5 bytes C++ fs2_open_3_6_19-DEBUG.exe!WinMain(HINSTANCE__ * hInst=0x00400000, HINSTANCE__ * hPrev=0x00000000, char * szCmdLine=0x00152340, int nCmdShow=1) Line 7101 + 0x9 bytes C++ fs2_open_3_6_19-DEBUG.exe!__tmainCRTStartup() Line 263 + 0x2c bytes C fs2_open_3_6_19-DEBUG.exe!WinMainCRTStartup() Line 182 C kernel32.dll!7c81776f() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] Autos from generic_anim_unload() - ga 0x057b09fc {filename=0x057b09fc "Head-TP1" first_frame=14251 num_frames=1 ...} generic_anim * + filename 0x057b09fc "Head-TP1" char [32] first_frame 14251 int num_frames 1 int keyframe 0 int keyoffset -858993460 int current_frame -858993460 int previous_frame -858993460 int direction 204 'Ì' unsigned char done_playing 0 unsigned char total_time 0.066666670 float anim_time 0.00000000 float + ani {animation=0xcccccccc instance=0xcccccccc bg_type='Ì' } generic_anim::<unnamed-tag>::<unnamed-type-ani> + eff {next_frame=-858993460 } generic_anim::<unnamed-tag>::<unnamed-type-eff> type 204 'Ì' unsigned char streaming 204 'Ì' unsigned char + buffer 0xcccccccc <Bad Ptr> unsigned char * height -858993460 int width -858993460 int bitmap_id -858993460 int use_hud_color true bool ga->bitmap_id -858993460 int - ga->buffer 0xcccccccc <Bad Ptr> unsigned char * CXX0030: Error: expression cannot be evaluated | ||||
| Tags | No tags attached. | ||||
|
|
|
|
|
That particular value looks like an uninitialised or dummy value, as it has also been set for the height, width, keyoffset, current_frame and previous_frame |
|
|
Well whatever it is it is happening pretty regularly. 3 more standalones down today with the same issue. |
|
|
Getting the same thing trying to start a mission from the tech room in single player. Simple mission just the player and 1 send message event. |
|
|
Alright this gets even weirder same mission in both TBP and FS2. TBP gets the same crash as the standalone. FS2 no crash. Attaching mission from both TBP and FS2. |
|
|
|
|
|
|
|
|
I didn't get a crash in TBP when running 2864_TBP.fs & Zathras 2.6. I didn't hear any audio play for the message either. The audio played OK for the fs2 version. I did get this warning on mission load though: WARNING: "Invalid type "MF Tlez'iar" found in loadout of mission file...skipping" at parse/parselo.cpp:2814 |
|
|
That weapon wasn't added until the 2.7 betas so that would be a valid warning for 2.6. As for the sound not playing that is probably because it's from a campaign you might not have. Of course it should not be an issue as you shouldn't even make it past the load screen. Crash occurs on about the second loading bar. |
|
|
Well strangely enough it seems like we are dealing with 2 different but possibly related bugs in the exact same spot. To reproduce the TBP crash in retail simply extract Head-TP1a.ani, place in the hud directory, and rename to Head-TP1.ani. This will trigger the issue as now the name specified in message.tbl exists and is loaded. This makes the number of frames > 0 and it assumes the bitmaps have been loaded and tries to unload them. As to why it's happening on the standalones as well it's probably because they use the same file for everything that is loaded. This would result in a file with one frame already being loaded. |
|
|
Yup, that does it alright. I get a slightly different error, might just be due to OS differences. ASSERTION FAILED: "be->handle == handle" at bmpman/bmpman.cpp:1850 Invalid bitmap handle number 9500 (expected 0) for cursorweb.ani passed to bm_release() |
|
|
I believe this was introduced by 9660, could you please test & confirm/deny this? update: I suspect that in add_avi() we *don't* want to call "generic_anim_load()". add_avi() is only called when parsing messages.tbl "+AVI Name:" and the ani name here is not valid. i.e. string is Head-TP1, but the real ANI's to load are Head-TP1[abc].ani. Regardless, when called here "generic_anim_load()" isn't working correctly anyway, ga->first_frame was approx 9 hundred thousand when I stepped through the loading of (shouldn't really exist) Head-TP1.ani (update: ga->first_frame approx 9 hundred thousand is actually a valid value) |
|
|
Echelon9 & The_E, this seems related to 9654 & 9660. Could you please provide some more background about those changes? e.g. what was the problem that BP was having that led to 9654? |
|
|
The issue were infrequent crashes due to two things. One, the original function (pre-9654) was calling generic_anim_unload instead of generic_anim_load, and two, it did so with uninitialized parameters, which naturally caused badness. 9654 changed that to use generic_anim_load, but E9 forgot to fill in the filename field in the struct that that function expects as input, which I then corrected. This issue, while it was discovered when E9 ran BP, was not specific to BP. It could literally happen anywhere, anytime. |
|
|
thanks, that makes sense. The only thing is, that function is only called for messages.tbl entries and for them AFAIK the AVI name is not a valid filename. It needs a, b or c added to it before it becomes a valid ani filename. i.e. a generic_anim_unload or generic_anim_load is useless because normally the file should not exist. |
|
|
mantis2864-svn.patch (594 bytes)
Index: code/mission/missionmessage.cpp =================================================================== --- code/mission/missionmessage.cpp (revision 9677) +++ code/mission/missionmessage.cpp (working copy) @@ -310,6 +310,7 @@ } // would have returned if a slot existed. + generic_anim_init( &extra.anim_data ); strcpy_s( extra.name, avi_name ); strcpy_s( extra.anim_data.filename, avi_name); extra.num = -1; @@ -332,6 +333,7 @@ return i; } + generic_anim_init( &extra.anim_data ); strcpy_s( extra.name, wave_name ); extra.num = -1; Message_waves.push_back(extra); |
|
|
ahhhh, uninitialised structs, we hates them preciousssssss IOW, anim_data in message_extra wasn't being initialised. This could lead to crashes when unloading ani's, e.g. if buffer was a non-nullptr then generic_anim_unload could attempt to bm_release an invalid bitmap_id. The patch should deal all instances of message_extra in the code. I've successfully tested the patch with 2864.fs2 & data/hud/Head_TP1.ani. Also fixes crashes in WoD found as part of testing 0002837. |
|
|
Seems to be working in retail. Still having some issues in TBP (no crash but no ani either) but it might be data related so I'm trying to rule that out. In the meantime I'm going to update the standalones and see if they crash. |
|
|
Any update here? Still getting crashes after patching? |
|
|
Well haven't seen a crash yet but I also haven't seen anyone actually using a standalone yet either. |
|
|
Fix committed to trunk@9681. |
|
|
Per IRC discussion with FUBAR, committed as it fixes the single player issue, but leaving mantis open until some more people use the standalones to give it a better test. |
|
|
Has anyone seen this problem reoccur on any standalones recently? |
|
|
This one looks fixed from my ASan testing of standalone servers. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-05-03 19:42 | FUBAR-BDHR | New Issue | |
| 2013-05-03 19:42 | FUBAR-BDHR | File Added: 2864_fs2_standalone.rar | |
| 2013-05-04 23:50 | Echelon9 | Note Added: 0015035 | |
| 2013-05-05 00:24 | FUBAR-BDHR | Note Added: 0015036 | |
| 2013-05-08 08:03 | FUBAR-BDHR | Note Added: 0015042 | |
| 2013-05-08 08:03 | FUBAR-BDHR | Priority | normal => urgent |
| 2013-05-08 08:03 | FUBAR-BDHR | Severity | minor => block |
| 2013-05-08 08:25 | FUBAR-BDHR | Note Added: 0015044 | |
| 2013-05-08 08:30 | FUBAR-BDHR | File Added: 2864.fs2 | |
| 2013-05-08 08:30 | FUBAR-BDHR | File Added: 2864_TBP.fs2 | |
| 2013-05-08 10:02 | niffiwan | Note Added: 0015045 | |
| 2013-05-08 19:51 | FUBAR-BDHR | Note Added: 0015046 | |
| 2013-05-08 21:44 | FUBAR-BDHR | Note Added: 0015047 | |
| 2013-05-09 10:57 | niffiwan | Note Added: 0015049 | |
| 2013-05-09 10:57 | niffiwan | Status | new => confirmed |
| 2013-05-13 21:01 | chief1983 | Target Version | => 3.7.0 |
| 2013-05-14 09:02 | niffiwan | Assigned To | => niffiwan |
| 2013-05-14 09:02 | niffiwan | Status | confirmed => assigned |
| 2013-05-14 09:03 | niffiwan | Note Added: 0015057 | |
| 2013-05-14 10:08 | niffiwan | Note Edited: 0015057 | |
| 2013-05-14 10:08 | niffiwan | Note Edited: 0015057 | |
| 2013-05-14 10:11 | niffiwan | Note Edited: 0015057 | |
| 2013-05-15 05:51 | niffiwan | Note Added: 0015058 | |
| 2013-05-15 06:11 | The_E | Note Added: 0015059 | |
| 2013-05-15 06:12 | The_E | Note Edited: 0015059 | |
| 2013-05-15 06:24 | niffiwan | Note Added: 0015060 | |
| 2013-05-18 03:11 | niffiwan | File Added: mantis2864-svn.patch | |
| 2013-05-18 03:23 | niffiwan | Note Added: 0015065 | |
| 2013-05-18 03:23 | niffiwan | Status | assigned => code review |
| 2013-05-18 04:53 | niffiwan | Note Edited: 0015057 | |
| 2013-05-18 05:19 | niffiwan | Note Edited: 0015065 | |
| 2013-05-18 05:19 | niffiwan | Note Edited: 0015065 | |
| 2013-05-18 05:20 | FUBAR-BDHR | Note Added: 0015066 | |
| 2013-05-18 05:23 | niffiwan | Note Edited: 0015065 | |
| 2013-05-18 05:28 | niffiwan | Note Edited: 0015065 | |
| 2013-05-20 05:26 | niffiwan | Relationship added | related to 0002866 |
| 2013-05-23 19:34 | chief1983 | Note Added: 0015085 | |
| 2013-05-23 20:09 | FUBAR-BDHR | Note Added: 0015086 | |
| 2013-05-29 09:28 | niffiwan | Changeset attached | => fs2open trunk r9681 |
| 2013-05-29 09:28 | niffiwan | Note Added: 0015092 | |
| 2013-05-29 09:28 | niffiwan | Status | code review => resolved |
| 2013-05-29 09:28 | niffiwan | Resolution | open => fixed |
| 2013-05-29 09:33 | niffiwan | Note Added: 0015093 | |
| 2013-05-29 09:33 | niffiwan | Status | resolved => feedback |
| 2013-05-29 09:33 | niffiwan | Resolution | fixed => reopened |
| 2013-09-27 01:19 | niffiwan | Note Added: 0015293 | |
| 2013-12-03 09:42 | Echelon9 | Category | graphics => multiplayer |
| 2013-12-03 11:26 | Echelon9 | Note Added: 0015492 | |
| 2013-12-03 11:26 | Echelon9 | Status | feedback => resolved |
| 2013-12-03 11:26 | Echelon9 | Fixed in Version | => 3.7.0 |
| 2013-12-03 11:26 | Echelon9 | Resolution | reopened => fixed |
