| Anonymous | Login | 2024-11-21 15:43 UTC |  |
| My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001248 | VCMI | Mechanics - Battles | public | 2013-03-24 13:20 | 2022-04-12 08:41 | ||||
| Reporter | dev-random | ||||||||
| Assigned To | beegee | ||||||||
| Priority | normal | Severity | crash | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 0.92 | ||||||||
| Target Version | Fixed in Version | 0.94b | |||||||
| Summary | 0001248: std::bad_alloc when opening spellbook in combat | ||||||||
| Description | In certain conditions, game crashes when user tries to open spellbook in combat. | ||||||||
| Steps To Reproduce | 1. Have 2 heroes, one with large spellbook (>36 spells) and one with moderate one (13 to 23 spells, I guess. Bug is not reproducible with one-page spellbook.) 2. Use spellbook in combat by first hero, leaving it on 3rd+ page 3. Try to use spellbook in combat by second hero 4. Game crashes. | ||||||||
| Additional Information | Debugging info: Catchpoint 1 (exception thrown), 0x000003fff4940f20 in __cxa_throw () from /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/libstdc++.so.6 (gdb) bt #0 0x000003fff4940f20 in __cxa_throw () from /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/libstdc++.so.6 #1 0x000003fff48d91e2 in std::__throw_bad_alloc() () from /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/libstdc++.so.6 0000002 0x000002aaaad94e39 in allocate (__n=18446744073709551607, this=0x3ffe1494450) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/ext/new_allocator.h:90 0000003 _M_allocate (__n=18446744073709551607, this=0x3ffe1494450) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/bits/stl_vector.h:150 0000004 _M_range_initialize<__gnu_cxx::__normal_iterator<SpellID*, std::vector<SpellID> > > (__last=..., __first=..., this=0x3ffe1494450) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/bits/stl_vector.h:1111 0000005 _M_initialize_dispatch<__gnu_cxx::__normal_iterator<SpellID*, std::vector<SpellID> > > (__last=..., __first=..., this=0x3ffe1494450) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/bits/stl_vector.h:1091 0000006 std::vector<SpellID, std::allocator<SpellID> >::vector<__gnu_cxx::__normal_iterator<SpellID*, std::vector<SpellID> > > (this=0x3ffe1494450, __first=..., __last=..., __a=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/bits/stl_vector.h:340 0000007 0x000002aaaad8d31a in CSpellWindow::computeSpellsPerArea (this=0x3ffdd239800) at /var/tmp/portage/games-strategy/heroes3-vcmi-0.92/work/0.92/client/CSpellWindow.cpp:408 0000008 0x000002aaaad9214b in CSpellWindow::CSpellWindow (this=0x3ffdd239800, _myHero=<optimized out>, _myInt=<optimized out>, openOnBattleSpells=<optimized out>) at /var/tmp/portage/games-strategy/heroes3-vcmi-0.92/work/0.92/client/CSpellWindow.cpp:215 [cut] (gdb) up 7 0000007 0x000002aaaad8d31a in CSpellWindow::computeSpellsPerArea (this=0x3ffdd239800) at /var/tmp/portage/games-strategy/heroes3-vcmi-0.92/work/0.92/client/CSpellWindow.cpp:408 408 spellsCurSite = std::vector<SpellID>(spellsCurSite.begin() + currentPage*12, spellsCurSite.end()); (gdb) list 403 std::sort(spellsCurSite.begin(), spellsCurSite.end(), spellsorter); 404 if(selectedTab == 4) 405 { 406 if(spellsCurSite.size() > 12) 407 { 408 spellsCurSite = std::vector<SpellID>(spellsCurSite.begin() + currentPage*12, spellsCurSite.end()); 409 if(spellsCurSite.size() > 12) 410 { 411 spellsCurSite.erase(spellsCurSite.begin()+12, spellsCurSite.end()); 412 } (gdb) p spellsCurSite $1 = std::vector of length 15, capacity 16 = {{num = SpellID::MAGIC_ARROW}, {num = SpellID::BLOODLUST}, {num = SpellID::CURSE}, {num = SpellID::CURE}, { num = SpellID::DISPEL}, {num = SpellID::PROTECTION_FROM_WATER}, {num = SpellID::SLOW}, {num = SpellID::DISRUPTING_RAY}, {num = SpellID::LIGHTNING_BOLT}, { num = SpellID::PRECISION}, {num = SpellID::PROTECTION_FROM_AIR}, {num = SpellID::REMOVE_OBSTACLE}, {num = SpellID::DESTROY_UNDEAD}, { num = SpellID::LAND_MINE}, {num = SpellID::MIRTH}} (gdb) p currentPage $2 = 2 '\002' (gdb) down 3 0000004 _M_range_initialize<__gnu_cxx::__normal_iterator<SpellID*, std::vector<SpellID> > > (__last=..., __first=..., this=0x3ffe1494450) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/include/g++-v4/bits/stl_vector.h:1111 1111 this->_M_impl._M_start = this->_M_allocate(__n); (gdb) p __n $3 = 18446744073709551607 In other words: length of original vector is 15 (in my case) and code tries to copy items from 24th to last. That means negative length (-9) which turns into huge unsigned number causing std::bad_alloc. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-03-24 13:20 | dev-random | New Issue | |
| 2013-11-03 18:17 | beegee | Note Added: 0004110 | |
| 2013-11-03 18:17 | beegee | Status | new => resolved |
| 2013-11-03 18:17 | beegee | Fixed in Version | => 0.94b |
| 2013-11-03 18:17 | beegee | Resolution | open => fixed |
| 2013-11-03 18:17 | beegee | Assigned To | => beegee |
| 2022-04-12 08:41 | Povelitel | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2024 MantisBT Team |
 |