MantisBT - VCMI
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002324VCMIOtherpublic2015-11-05 10:122022-09-16 19:41
Reporterjosch 
Assigned ToSXX 
PrioritynormalSeveritycrashReproducibilityalways
StatusassignedResolutionopen 
Platformamd64OSDebianOS Versionunstable
Product Version0.98 
Target VersionFixed in Version 
Summary0002324: Segfault when buying spellbook
DescriptionI got the following bug for vcmi 0.98 on the Debian bug tracker which I'm also to reproduce myself:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797363 [^]

I attached the savegame that produced this problem but you can also find links to the savegame in above bugreport.
Steps To ReproduceI moved the hero near the city to the city.
I then bought a spell building and tried to buy a spellbook for the hero.
Additional Informationthe backtrace (line numbers correspond to vcmi 0.98):

Core was generated by `/usr/games/vcmiclient'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 PutArtifact::applyGs (this=this@entry=0x7fb070b2c2c0, gs=gs@entry=0x7fb07f472ae0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/lib/NetPacksLib.cpp:901
901 art->putAt(al);
(gdb) bt
#0 PutArtifact::applyGs (this=this@entry=0x7fb070b2c2c0, gs=gs@entry=0x7fb07f472ae0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/lib/NetPacksLib.cpp:901
#1 0x00007fb0a6c4b3ef in CApplyOnGS<PutArtifact>::applyOnGS (this=<optimized out>, gs=0x7fb07f472ae0, pack=0x7fb070b2c2c0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/lib/CGameState.cpp:71
0000002 0x00007fb0a6c04998 in CGameState::apply (this=0x7fb07f472ae0, pack=pack@entry=0x7fb070b2c2c0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/lib/CGameState.cpp:2164
0000003 0x00007fb0a74fbc56 in CClient::handlePack (this=this@entry=0x7fb07ef998e0, pack=0x7fb070b2c2c0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/client/Client.cpp:649
0000004 0x00007fb0a74fc038 in CClient::run (this=0x7fb07ef998e0) at /build/vcmi-t5ndlM/vcmi-0.98+dfsg/client/Client.cpp:176
0000005 0x00007fb0a5cdeaea in ?? () from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.55.0
0000006 0x00007fb0a5abc0a4 in start_thread (arg=0x7fb082da5700) at pthread_create.c:309
0000007 0x00007fb0a221d07d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
TagsNo tags attached.
Relationships
related to 0001960closed SXX Crash turn AI 
Attached Fileszip crash-when-buying-spellbook.zip (1,243,114) 2015-11-05 10:12
https://bugs.vcmi.eu/file_download.php?file_id=2391&type=bug
txt 0002324_vcmiclient_bt.txt (2,799) 2015-11-05 14:10
https://bugs.vcmi.eu/file_download.php?file_id=2392&type=bug
Issue History
Date ModifiedUsernameFieldChange
2015-11-05 10:12joschNew Issue
2015-11-05 10:12joschFile Added: crash-when-buying-spellbook.zip
2015-11-05 14:10SXXFile Added: 0002324_vcmiclient_bt.txt
2015-11-05 14:12SXXNote Added: 0006073
2015-12-21 20:05SXXNote Added: 0006200
2016-07-22 13:59AVSAssigned To => AVS
2016-07-22 13:59AVSStatusnew => confirmed
2016-09-12 13:03SXXAssigned ToAVS => SXX
2016-09-12 13:03SXXStatusconfirmed => assigned
2016-09-12 13:04SXXRelationship addedrelated to 0001960
2022-03-14 22:55PovelitelNote Added: 0008070
2022-07-04 05:35joschNote Added: 0008299
2022-09-16 19:41PovelitelNote Added: 0008349

Notes
(0006073)
SXX   
2015-11-05 14:12   
Just in case attached full crash log from 6c33417 (0.98 release).
It's about the same (with different line numbers) on develop.
(0006200)
SXX   
2015-12-21 20:05   
Sadly I didn't manage to find out why that happen, but it's reproducible up to current git.
(0008070)
Povelitel   
2022-03-14 22:55   
I can confirm this. Reproducible
(0008299)
josch   
2022-07-04 05:35   
Still reproducible with current git HEAD. Here is a bigger backtrace:

#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1 0x00007ffff5497546 in __GI_abort () at abort.c:79
0000002 0x00007ffff549742f in __assert_fail_base
    (fmt=0x7ffff560ddf8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff7d50070 "static_cast<si32>(oInfo.vector->size()) > idAsNumber", file=0x7ffff7d50040 "./lib/mapping/../serializer/CSerializer.h", line=116, function=<optimized out>) at assert.c:92
0000003 0x00007ffff54a6222 in __GI___assert_fail
    (assertion=0x7ffff7d50070 "static_cast<si32>(oInfo.vector->size()) > idAsNumber", file=0x7ffff7d50040 "./lib/mapping/../serializer/CSerializer.h", line=116, function=0x7ffff7d54658 "T* CSerializer::getVectorItemFromId(const VectorizedObjectInfo<T, U>&, U) const [with T = CArtifactInstance; U = ArtifactInstanceID]") at assert.c:101
0000004 0x00007ffff797f6f7 in CSerializer::getVectorItemFromId<CArtifactInstance, ArtifactInstanceID>(VectorizedObjectInfo<CArtifactInstance, ArtifactInstanceID> const&, ArtifactInstanceID) const
    (this=<optimized out>, oInfo=<optimized out>, id=...)
    at ./lib/mapping/../serializer/CSerializer.h:111
0000005 CSerializer::getVectorItemFromId<CArtifactInstance, ArtifactInstanceID>(VectorizedObjectInfo<CArtifactInstance, ArtifactInstanceID> const&, ArtifactInstanceID) const
    (oInfo=<optimized out>, this=<optimized out>, oInfo=..., id=...)
    at ./lib/mapping/../serializer/CSerializer.h:111
0000006 BinaryDeserializer::load<CArtifactInstance*, 0>(CArtifactInstance*&)
    (this=0x7fff900bc800, data=@0x7fff8c57c320: 0x0)
    at ./lib/mapping/../serializer/BinaryDeserializer.h:272
0000007 0x00007ffff7a7b201 in BinaryDeserializer::operator&<CArtifactInstance*>(CArtifactInstance*&)
    (t=@0x7fff8c57c320: 0x0, this=0x7fff900bc800)
    at ./lib/registerTypes/../serializer/BinaryDeserializer.h:185
0000008 ConstTransitivePtr<CArtifactInstance>::serialize<BinaryDeserializer>(BinaryDeserializer&, int)
    (version=<optimized out>, h=..., this=0x7fff8c57c320)
    at ./lib/registerTypes/../ConstTransitivePtr.h:75
0000009 BinaryDeserializer::load<ConstTransitivePtr<CArtifactInstance>, 0>(ConstTransitivePtr<CArtifactInstance>&) (data=..., this=0x7fff900bc800)
    at ./lib/registerTypes/../serializer/BinaryDeserializer.h:206
0000010 BinaryDeserializer::operator&<ConstTransitivePtr<CArtifactInstance> >(ConstTransitivePtr<CArtifactInstance>&) (t=..., this=0x7fff900bc800)
    at ./lib/registerTypes/../serializer/BinaryDeserializer.h:185
0000011 PutArtifact::serialize<BinaryDeserializer>(BinaryDeserializer&, int)
    (version=<optimized out>, h=..., this=0x7fff8c57c2f0) at ./lib/registerTypes/../NetPacks.h:960
0000012 BinaryDeserializer::CPointerLoader<PutArtifact>::loadPtr(CLoaderBase&, void*, unsigned int) const (this=<optimized out>, ar=..., data=0x7fff96a25fb0, pid=<optimized out>)
    at ./lib/registerTypes/../serializer/BinaryDeserializer.h:155
0000013 0x00007ffff7ba26ff in BinaryDeserializer::load<CPack*, 0>(CPack*&)
    (this=this@entry=0x7fff900bc800, data=@0x7fff96a25fb0: 0x7fff8c57c2f0)
    at ./lib/serializer/BinaryDeserializer.h:322
0000014 0x00007ffff7b97ab1 in BinaryDeserializer::operator&<CPack*>(CPack*&)
    (t=@0x7fff96a25fb0: 0x7fff8c57c2f0, this=0x7fff900bc800)
    at ./lib/serializer/BinaryDeserializer.h:185
0000015 CConnection::retrievePack() (this=0x7fff900bc7d0) at ./lib/serializer/Connection.cpp:206
0000016 0x00005555558b0d14 in CServerHandler::threadHandleConnection() (this=0x555555e47d40)
    at /usr/include/c++/11/bits/shared_ptr_base.h:1295
0000017 0x00007ffff59fb347 in () at /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.74.0
0000018 0x00007ffff59d6d80 in start_thread (arg=0x7fff96a27640) at pthread_create.c:481
0000019 0x00007ffff556f76f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(0008349)
Povelitel   
2022-09-16 19:41   
We talked about this, and came to the conclusion that broken saves are to blame.
If you install the new version and start playing now, and try to capture the city, then everything will be fine.
At least I did it under Windows many times and it didn't crash.