MantisBT - VCMI
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001144VCMIGUI - Otherpublic2012-10-27 14:112014-05-30 17:41
Reportercirdan 
Assigned ToWarmonger 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSlinuxOS Version
Product Version0.9 
Target VersionFixed in Version0.91 
Summary0001144: Crash when casting expert town portal
DescriptionI'm consistently getting crashes in the client when trying to cast expert town portal. I've tracked it down to CObjectListWindow::changeSelection, where a couple of braces seems to be missing. The attached patch should fix this.
Steps To ReproduceCast expert town portal.
Additional Information
TagsNo tags attached.
Relationships
Attached Filesdiff colw.diff (380) 2012-10-27 14:11
https://bugs.vcmi.eu/file_download.php?file_id=1151&type=bug
Issue History
Date ModifiedUsernameFieldChange
2012-10-27 14:11cirdanNew Issue
2012-10-27 14:11cirdanFile Added: colw.diff
2012-10-27 14:15WarmongerNote Added: 0003189
2012-10-27 14:15WarmongerAssigned To => Warmonger
2012-10-27 14:15WarmongerStatusnew => assigned
2012-10-27 14:22cirdanNote Added: 0003190
2012-10-27 14:32WarmongerNote Added: 0003191
2012-10-27 14:57cirdanNote Added: 0003192
2012-10-27 17:01WarmongerNote Added: 0003193
2012-10-27 17:01WarmongerStatusassigned => resolved
2012-10-27 17:01WarmongerFixed in Version => 0.91
2012-10-27 17:01WarmongerResolutionopen => fixed
2014-05-30 17:41beegeeStatusresolved => closed

Notes
(0003189)
Warmonger   
2012-10-27 14:15   
Strange, I just used latest trunk and expert TP worked well (VCMI_Tests_2011b, give Tome of Earth to Inteus).
(0003190)
cirdan   
2012-10-27 14:22   
CObjectListWindow::changeSelection uses a boost iterator, so it may depend on the internal data representation boost, or the compiler, or whatever, uses for std::list. There is certainly a check for 'item' not to be null, so I assume that it can be null under some circumstances, but the check does not extend to the second use of item->index, due to the missing braces (the indentation suggests that they should be there), and that's where gdb shows I'm getting the crashes.
(0003191)
Warmonger   
2012-10-27 14:32   
I agree, but need to investigate more. Any specific conditions or possible town selection?
(0003192)
cirdan   
2012-10-27 14:57   
Sorry, I should have given you more information. When I select expert town portal for casting, the town selection window appears as normal. Then, as soon as I click on any town (just the name of the town, to select it), the client crashes. Running the client from gdb shows that the crash comes from CObjectListWindow::changeSelection. Specifically, there is always an iteration in the loop in which 'element' is cast to a null 'item'; this null 'item' is not dereferenced in the first item->index check, which is protected by the 'if', but it is on the second, leading to the crash. I don't know why a null 'item' appears in the list, but it certainly does.

Since I can get the client to crash every single time I try (without my patch), just let me know if you need any more information, or want me to try something.

In case it is useful, I'm running VCMI 0.9 self-compiled on linux with GCC 4.7 and boost 1.51.
(0003193)
Warmonger   
2012-10-27 17:01   
I added patch as it is in r2995, but still this issue needs investigation.