MantisBT - VCMI
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002678VCMIMechanics - Adventure Mappublic2017-05-20 12:272017-06-10 05:12
Reporter0nedef 
Assigned ToAVS 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version0.99 
Target VersionFixed in Version1.next 
Summary0002678: Using Town Portal causes game crash
DescriptionBasically this is a re-report of issue 0002183. Whenever Town Portal is used, the game crashes. What data do you need to reproduce/debug?
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
has duplicate 0002183closed AVS Crash when using town portal spell 
has duplicate 0002691resolved AVS Game crashes when the advanced town gate spell is used and user selects a town 
Attached Fileszip asdf.zip (1,050,888) 2017-05-23 04:49
https://bugs.vcmi.eu/file_download.php?file_id=2688&type=bug
log gdb_backtrace.log (28,585) 2017-05-23 18:16
https://bugs.vcmi.eu/file_download.php?file_id=2689&type=bug
txt VCMI_Client_log.txt (114,596) 2017-05-23 18:16
https://bugs.vcmi.eu/file_download.php?file_id=2690&type=bug
txt VCMI_Server_log.txt (105,438) 2017-05-23 18:16
https://bugs.vcmi.eu/file_download.php?file_id=2691&type=bug
log archlinux-gdb_backtrace.log (27,639) 2017-05-23 19:42
https://bugs.vcmi.eu/file_download.php?file_id=2692&type=bug
txt archlinux-VCMI_Server_log.txt (103,674) 2017-05-23 19:42
https://bugs.vcmi.eu/file_download.php?file_id=2693&type=bug
txt archlinux-VCMI_Client_log.txt (113,951) 2017-05-23 19:42
https://bugs.vcmi.eu/file_download.php?file_id=2694&type=bug
? valgrind.log.xz (340,124) 2017-05-24 02:23
https://bugs.vcmi.eu/file_download.php?file_id=2695&type=bug
? ubu1604-valgrind.log.xz (802,172) 2017-05-24 03:00
https://bugs.vcmi.eu/file_download.php?file_id=2696&type=bug
? ubu1604-valgrind-origins.log.xz (1,079,216) 2017-05-24 16:22
https://bugs.vcmi.eu/file_download.php?file_id=2697&type=bug
? archlinux-valgrind.log.xz (347,028) 2017-05-24 18:06
https://bugs.vcmi.eu/file_download.php?file_id=2698&type=bug
Issue History
Date ModifiedUsernameFieldChange
2017-05-20 12:270nedefNew Issue
2017-05-20 12:30WarmongerNote Added: 0007016
2017-05-20 12:580nedefNote Added: 0007017
2017-05-22 22:16SXXNote Added: 0007019
2017-05-22 22:18SXXNote Edited: 0007019bug_revision_view_page.php?bugnote_id=7019#r3341
2017-05-23 04:490nedefFile Added: asdf.zip
2017-05-23 04:500nedefNote Added: 0007021
2017-05-23 10:19AVSNote Added: 0007022
2017-05-23 10:19AVSAssigned To => AVS
2017-05-23 10:19AVSStatusnew => feedback
2017-05-23 12:450nedefNote Added: 0007023
2017-05-23 12:450nedefStatusfeedback => assigned
2017-05-23 12:470nedefNote Edited: 0007023bug_revision_view_page.php?bugnote_id=7023#r3343
2017-05-23 12:52AVSNote Added: 0007024
2017-05-23 18:160nedefFile Added: gdb_backtrace.log
2017-05-23 18:160nedefFile Added: VCMI_Client_log.txt
2017-05-23 18:160nedefFile Added: VCMI_Server_log.txt
2017-05-23 18:180nedefNote Added: 0007025
2017-05-23 19:420nedefFile Added: archlinux-gdb_backtrace.log
2017-05-23 19:420nedefFile Added: archlinux-VCMI_Server_log.txt
2017-05-23 19:420nedefFile Added: archlinux-VCMI_Client_log.txt
2017-05-23 19:450nedefNote Added: 0007026
2017-05-23 19:59AVSNote Added: 0007027
2017-05-24 02:230nedefFile Added: valgrind.log.xz
2017-05-24 02:240nedefNote Added: 0007028
2017-05-24 03:000nedefFile Added: ubu1604-valgrind.log.xz
2017-05-24 03:000nedefNote Edited: 0007028bug_revision_view_page.php?bugnote_id=7028#r3345
2017-05-24 03:010nedefNote Edited: 0007028bug_revision_view_page.php?bugnote_id=7028#r3346
2017-05-24 06:30AVSNote Added: 0007029
2017-05-24 16:220nedefFile Added: ubu1604-valgrind-origins.log.xz
2017-05-24 16:270nedefNote Added: 0007030
2017-05-24 16:39AVSNote Added: 0007031
2017-05-24 16:42AVSNote Added: 0007032
2017-05-24 16:48AVSNote Added: 0007033
2017-05-24 18:060nedefFile Added: archlinux-valgrind.log.xz
2017-05-25 17:11AVSNote Added: 0007041
2017-05-25 17:11AVSStatusassigned => resolved
2017-05-25 17:11AVSFixed in Version => 1.next
2017-05-25 17:11AVSResolutionopen => fixed
2017-05-25 17:12AVSRelationship addedhas duplicate 0002183
2017-05-25 19:120nedefNote Added: 0007042
2017-06-10 05:12AVSRelationship addedhas duplicate 0002691

Notes
(0007016)
Warmonger   
2017-05-20 12:30   
Savegame for sure.
(0007017)
0nedef   
2017-05-20 12:58   
Nginx throws a 413 Entity Too Large. http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size [^]

Once that's cleared up, I'll be happy to upload.
(0007019)
SXX   
2017-05-22 22:16   
(edited on: 2017-05-22 22:18)
Yep I fixed problem with uploads, but please upload saves in archive.
(0007021)
0nedef   
2017-05-23 04:50   
Save file uploaded. The spell's available on the Adela hero.
(0007022)
AVS   
2017-05-23 10:19   
Unable to reproduce in windows. May be bug is target dependent. What is your OS and CPU arch?
SXX, please test this under Linux.
(0007023)
0nedef   
2017-05-23 12:45   
(edited on: 2017-05-23 12:47)
Running this on Archlinux amd64, specifically using this PKGBUILD: https://aur.archlinux.org/packages/vcmi/ [^]

What other outputs will prove helpful?
(0007024)
AVS   
2017-05-23 12:52   
"VCMI_Client_log.txt", "VCMI_Server_log.txt", gdb backtrace
(0007025)
0nedef   
2017-05-23 18:18   
Attached files are replicated on daily builds from the PPA for Ubuntu 16.04. Will get around to Archlinux when possible.
(0007026)
0nedef   
2017-05-23 19:45   
Uploaded Archlinux log and backtrace, but a brief skim suggests this is simply a Linux-specific issue.
(0007027)
AVS   
2017-05-23 19:59   
It would be also helpful to see valgrind memcheck log
(0007028)
0nedef   
2017-05-24 02:24   
(edited on: 2017-05-24 03:01)
Attached output from `valgrind --leak-check=yes --show-leak-kinds=all --time-stamp=yes --error-limit=no vcmiclient`. I do have to point out that running vcmiclient under valgrind replicates the issue only on daily builds for Ubuntu 16.04, but not Archlinux.
(0007029)
AVS   
2017-05-24 06:30   
Please repeat valgring run with --track-origins=yes
(0007030)
0nedef   
2017-05-24 16:27   
Uploaded valgrind log for Ubuntu dailies, still working on replicating it on Archlinux. Oddly enough, the bug doesn't always occur with valgrind attached.
(0007031)
AVS   
2017-05-24 16:39   
Please upload Archlinux track-origins log too. Ubuntu log shows nothing and Archlinux log shows something useful. The fact that with valgrind on Archlinux it do not crash does not mean that bug is not reproduced.
(0007032)
AVS   
2017-05-24 16:42   
==00:00:01:57.190 9903== Conditional jump or move depends on uninitialised value(s)
==00:00:01:57.190 9903== at 0x53DAF5: select (GUIClasses.cpp:1719)
==00:00:01:57.190 9903== by 0x53DAF5: CObjectListWindow::CItem::CItem(CObjectListWindow*, unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) (GUIClasses.cpp:1714)
==00:00:01:57.190 9903== by 0x53DC3B: CObjectListWindow::genItem(unsigned long) (GUIClasses.cpp:1786)
==00:00:01:57.190 9903== by 0x4D64BC: operator() (functional:2127)
==00:00:01:57.190 9903== by 0x4D64BC: CObjectList::createItem(unsigned long) (ObjectLists.cpp:42)
==00:00:01:57.190 9903== by 0x4D6725: CListBox::reset() (ObjectLists.cpp:128)
==00:00:01:57.190 9903== by 0x4D6EF8: CListBox::CListBox(std::function<CIntObject* (unsigned long)>, std::function<void (CIntObject*)>, Point, Point, unsigned long, unsigned long, unsigned long, int, Rect) (ObjectLists.cpp:102)
==00:00:01:57.190 9903== by 0x5458AC: CObjectListWindow::init(CIntObject*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) (GUIClasses.cpp:1779)
==00:00:01:57.190 9903== by 0x545D61: CObjectListWindow::CObjectListWindow(std::vector<int, std::allocator<int> > const&, CIntObject*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::function<void (int)>) (GUIClasses.cpp:1743)
==00:00:01:57.191 9903== by 0x52708D: CSpellWindow::SpellArea::clickLeft(boost::logic::tribool, bool) (CSpellWindow.cpp:720)
==00:00:01:57.191 9903== by 0x49B787: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:308)
==00:00:01:57.191 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:01:57.191 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:01:57.191 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:01:57.191 9903==
==00:00:02:00.225 9903== Conditional jump or move depends on uninitialised value(s)
==00:00:02:00.225 9903== at 0x53DD17: CObjectListWindow::changeSelection(unsigned long) (GUIClasses.cpp:1801)
==00:00:02:00.225 9903== by 0x49B787: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:308)
==00:00:02:00.225 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:00.225 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:00.225 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:00.225 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:00.225 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:00.225 9903==
==00:00:02:00.226 9903== Conditional jump or move depends on uninitialised value(s)
==00:00:02:00.226 9903== at 0x53DDCD: CObjectListWindow::changeSelection(unsigned long) (GUIClasses.cpp:1810)
==00:00:02:00.226 9903== by 0x49B787: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:308)
==00:00:02:00.226 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:00.226 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:00.226 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:00.226 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:00.226 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:00.226 9903==
==00:00:02:01.584 9903== Invalid read of size 8
==00:00:02:01.584 9903== at 0x524399: operator() (CSpellWindow.cpp:710)
==00:00:02:01.584 9903== by 0x524399: std::_Function_handler<void (int), CSpellWindow::SpellArea::clickLeft(boost::logic::tribool, bool)::{lambda(int)0000004}>::_M_invoke(std::_Any_data const&, int&&) (functional:1731)
==00:00:02:01.584 9903== by 0x53EBD8: operator() (functional:2127)
==00:00:02:01.584 9903== by 0x53EBD8: CObjectListWindow::elementSelected() (GUIClasses.cpp:1795)
==00:00:02:01.584 9903== by 0x4B85BC: operator() (functional:2127)
==00:00:02:01.584 9903== by 0x4B85BC: operator()<> (FunctionList.h:62)
==00:00:02:01.584 9903== by 0x4B85BC: CButton::onButtonClicked() (Buttons.cpp:163)
==00:00:02:01.584 9903== by 0x4A1843: CKeyShortcut::keyPressed(SDL_KeyboardEvent const&) (CIntObject.cpp:352)
==00:00:02:01.584 9903== by 0x49AF1E: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:215)
==00:00:02:01.584 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:01.584 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:01.584 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:01.584 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:01.584 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:01.584 9903== Address 0x45e3b8b0 is 144 bytes inside an unallocated block of size 192 in arena "client"
==00:00:02:01.584 9903==
==00:00:02:01.608 9903== Invalid read of size 8
==00:00:02:01.608 9903== at 0x5243A0: operator() (CSpellWindow.cpp:710)
==00:00:02:01.608 9903== by 0x5243A0: std::_Function_handler<void (int), CSpellWindow::SpellArea::clickLeft(boost::logic::tribool, bool)::{lambda(int)0000004}>::_M_invoke(std::_Any_data const&, int&&) (functional:1731)
==00:00:02:01.608 9903== by 0x53EBD8: operator() (functional:2127)
==00:00:02:01.608 9903== by 0x53EBD8: CObjectListWindow::elementSelected() (GUIClasses.cpp:1795)
==00:00:02:01.608 9903== by 0x4B85BC: operator() (functional:2127)
==00:00:02:01.608 9903== by 0x4B85BC: operator()<> (FunctionList.h:62)
==00:00:02:01.608 9903== by 0x4B85BC: CButton::onButtonClicked() (Buttons.cpp:163)
==00:00:02:01.608 9903== by 0x4A1843: CKeyShortcut::keyPressed(SDL_KeyboardEvent const&) (CIntObject.cpp:352)
==00:00:02:01.608 9903== by 0x49AF1E: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:215)
==00:00:02:01.608 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:01.608 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:01.608 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:01.608 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:01.608 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:01.608 9903== Address 0x185ac6b0 is 448 bytes inside an unallocated block of size 464 in arena "client"
==00:00:02:01.608 9903==
==00:00:02:01.640 9903== Invalid read of size 8
==00:00:02:01.640 9903== at 0x5243BE: operator() (CSpellWindow.cpp:711)
==00:00:02:01.640 9903== by 0x5243BE: std::_Function_handler<void (int), CSpellWindow::SpellArea::clickLeft(boost::logic::tribool, bool)::{lambda(int)0000004}>::_M_invoke(std::_Any_data const&, int&&) (functional:1731)
==00:00:02:01.640 9903== by 0x53EBD8: operator() (functional:2127)
==00:00:02:01.640 9903== by 0x53EBD8: CObjectListWindow::elementSelected() (GUIClasses.cpp:1795)
==00:00:02:01.640 9903== by 0x4B85BC: operator() (functional:2127)
==00:00:02:01.640 9903== by 0x4B85BC: operator()<> (FunctionList.h:62)
==00:00:02:01.640 9903== by 0x4B85BC: CButton::onButtonClicked() (Buttons.cpp:163)
==00:00:02:01.640 9903== by 0x4A1843: CKeyShortcut::keyPressed(SDL_KeyboardEvent const&) (CIntObject.cpp:352)
==00:00:02:01.641 9903== by 0x49AF1E: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:215)
==00:00:02:01.641 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:01.641 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:01.641 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:01.641 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:01.641 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:01.641 9903== Address 0x45e3b8b0 is 144 bytes inside an unallocated block of size 192 in arena "client"
==00:00:02:01.641 9903==
==00:00:02:01.668 9903== Invalid read of size 8
==00:00:02:01.668 9903== at 0x5243C5: operator() (CSpellWindow.cpp:711)
==00:00:02:01.668 9903== by 0x5243C5: std::_Function_handler<void (int), CSpellWindow::SpellArea::clickLeft(boost::logic::tribool, bool)::{lambda(int)0000004}>::_M_invoke(std::_Any_data const&, int&&) (functional:1731)
==00:00:02:01.668 9903== by 0x53EBD8: operator() (functional:2127)
==00:00:02:01.669 9903== by 0x53EBD8: CObjectListWindow::elementSelected() (GUIClasses.cpp:1795)
==00:00:02:01.669 9903== by 0x4B85BC: operator() (functional:2127)
==00:00:02:01.669 9903== by 0x4B85BC: operator()<> (FunctionList.h:62)
==00:00:02:01.669 9903== by 0x4B85BC: CButton::onButtonClicked() (Buttons.cpp:163)
==00:00:02:01.669 9903== by 0x4A1843: CKeyShortcut::keyPressed(SDL_KeyboardEvent const&) (CIntObject.cpp:352)
==00:00:02:01.669 9903== by 0x49AF1E: CGuiHandler::handleEvent(SDL_Event*) (CGuiHandler.cpp:215)
==00:00:02:01.669 9903== by 0x49C055: CGuiHandler::handleEvents() (CGuiHandler.cpp:182)
==00:00:02:01.669 9903== by 0x61B3F0: CPlayerInterface::update() (CPlayerInterface.cpp:1636)
==00:00:02:01.669 9903== by 0x49C6E6: CGuiHandler::renderFrame() (CGuiHandler.cpp:414)
==00:00:02:01.669 9903== by 0x444A56: mainLoop (CMT.cpp:1243)
==00:00:02:01.669 9903== by 0x444A56: main (CMT.cpp:510)
==00:00:02:01.669 9903== Address 0x185ac6b0 is 448 bytes inside an unallocated block of size 464 in arena "client"
(0007033)
AVS   
2017-05-24 16:48   
^ is useful information from arch log
But without track-origins it just duplicates backtrace
(0007041)
AVS   
2017-05-25 17:11   
Should be fixed in https://github.com/vcmi/vcmi/commit/f370cdf1c79c912b6716a4c7adc694f625abcf1b [^]
(0007042)
0nedef   
2017-05-25 19:12   
Just rebuilt it from git develop - looks like it solved the issue.