Bug 186513

Summary:	lincity-ng-1.0.2-3.fc5 crashes when clicking on the map
Product:	[Fedora] Fedora	Reporter:	Stewart Adam <s.adam>
Component:	lincity-ng	Assignee:	Tom "spot" Callaway <tcallawa>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	5	CC:	extras-qa
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	1.0.3-1	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-04-20 13:07:59 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Stewart Adam 2006-03-23 23:38:28 UTC

Description of problem:
When clicking on the map the game crashes with a SDL segfault. It happened in
the FC4 release and the FC5 release. I've also tried using the official SDL rpm
package, as for another game this once fixed a similar problem. Still a no-go.

Version-Release number of selected component (if applicable):
I included all SDL stuff, too, as it's an SDL problem it seems.
lincity-ng-1.0.2-3.fc5
lincity-ng-data-1.0.2-3.fc5
SDL_net-1.2.5-8.fc5
SDL_image-1.2.4-5.fc5
SDL_ttf-2.0.7-4.fc5
SDL_mixer-1.2.6-6.fc5
SDL_gfx-2.0.13-4.fc5
perl-SDL-2.1.2-5.fc5
SDL_sound-1.0.1-1
SDL-1.2.9-5.2.1

How reproducible:
Always

Steps to Reproduce:
1. Start a new game in Lincity (or continue an old one)
2. 
3. Click anywhere on the grass or water or trees. Buildings are OK.
  
Actual results:
Game crashes with an SDL segmentation fault error message (See below for more
details)

Expected results:
Game should run, if in the "Query" tool then show info about the tile and not crash

Additional info:
-- [ Start ] My Terminal's Output --

[admin@DellLin ~]$ lincity-ng
Starting lincity-ng (version 1.0.2)...
[/boot/data/admin/.lincity] is in the search path.
[/usr/share/lincity-ng] is in the search path.
LINCITY_HOME: /usr/share/lincity-ng
OpenGL Mode 1024x768
Fatal signal: Segmentation Fault (SDL Parachute Deployed)
[admin@DellLin ~]$

-- [ End ] My Terminal Output --
Please get this solved ASAP, it's a great game and it's a shame not being able
to play it!

Firewing1

Comment 1 Tom "spot" Callaway 2006-03-24 23:31:05 UTC

Turns out this is an issue with the code being compiled with -O3. When I
recompile using standard $RPM_OPT_FLAGS (aka, -O2...), this bug goes away.

1.0.2-4 should resolve this bug for all releases, please reopen if it does not.

Comment 2 Stewart Adam 2006-03-27 02:13:12 UTC

Nope, still happening:

-- [ Start ] My Terminal's Output --
[admin@DellLin ~]$ lincity-ng
Starting lincity-ng (version 1.0.2)...
[/boot/data/admin/.lincity] is in the search path.
[/usr/share/lincity-ng] is in the search path.
LINCITY_HOME: /usr/share/lincity-ng
OpenGL Mode 1024x768
Fatal signal: Segmentation Fault (SDL Parachute Deployed)
[admin@DellLin ~]$ rpm -q --changelog lincity-ng
* Fri Mar 24 2006 Tom "spot" Callaway <tcallawa> 1.0.2-4
- -O3 optimization makes the code cry
..... snip .....
-- [ END ] My Terminal's Output --
Not sure why. From source package it works.
Firewing1

Comment 3 Tom "spot" Callaway 2006-03-29 16:55:49 UTC

Damn. This is a confusing one.

When I build the 1.0.2-4 SRPM locally in mock for FC-5, it generates a binary
that does not crash.

When I build the 1.0.2-4 branch in the FE buildsystem, it generates a binary
that does crash as this bug describes.

This is the diff between the buildsystem binary and the mock binary, when
they're run through eu-readelf -a:

--- buildsystem/elf.all 2006-03-29 10:44:39.000000000 -0600
+++ mock/elf.all        2006-03-29 10:44:29.000000000 -0600
@@ -35,10 +35,10 @@
 [11] .plt                 PROGBITS     0804c6c4 0046c4 001210  4 AX     0   0 4
 [12] .text                PROGBITS     0804d8e0 0058e0 098b5c  0 AX     0   0 1 6
 [13] .fini                PROGBITS     080e643c 09e43c 00001c  0 AX     0   0 4
-[14] .rodata              PROGBITS     080e6460 09e460 009818  0 A      0   0 3 2
-[15] .eh_frame_hdr        PROGBITS     080efc78 0a7c78 002a2c  0 A      0   0 4
-[16] .eh_frame            PROGBITS     080f26a4 0aa6a4 00b494  0 A      0   0 4
-[17] .gcc_except_table    PROGBITS     080fdb38 0b5b38 00bcca  0 A      0   0 4
+[14] .rodata              PROGBITS     080e6460 09e460 0097d8  0 A      0   0 3 2
+[15] .eh_frame_hdr        PROGBITS     080efc38 0a7c38 002a2c  0 A      0   0 4
+[16] .eh_frame            PROGBITS     080f2664 0aa664 00b494  0 A      0   0 4
+[17] .gcc_except_table    PROGBITS     080fdaf8 0b5af8 00bcca  0 A      0   0 4
 [18] .ctors               PROGBITS     0810a000 0c2000 0000c8  0 WA     0   0 4
 [19] .dtors               PROGBITS     0810a0c8 0c20c8 000008  0 WA     0   0 4
 [20] .jcr                 PROGBITS     0810a0d0 0c20d0 000004  0 WA     0   0 4
@@ -46,7 +46,7 @@
 [22] .got                 PROGBITS     0810a204 0c2204 000004  4 WA     0   0 4
 [23] .got.plt             PROGBITS     0810a208 0c2208 00048c  4 WA     0   0 4
 [24] .data                PROGBITS     0810a6a0 0c26a0 000754  0 WA     0   0 3 2
-[25] .bss                 NOBITS       0810ae00 0c2df4 07edd0  0 WA     0   0 3 2
+[25] .bss                 NOBITS       0810ae00 0c2df4 07ede4  0 WA     0   0 3 2
 [26] .gnu_debuglink       PROGBITS     00000000 0c2df4 000018  0        0   0 4
 [27] .shstrtab            STRTAB       00000000 0c2e0c 0000ed  0        0   0 1

@@ -55,11 +55,11 @@
   PHDR           0x000034 0x08048034 0x08048034 0x000100 0x000100 R E 0x4
   INTERP         0x000134 0x08048134 0x08048134 0x000013 0x000013 R   0x1
        [Requesting program interpreter: /lib/ld-linux.so.2]
-  LOAD           0x000000 0x08048000 0x08048000 0x0c1802 0x0c1802 R E 0x1000
-  LOAD           0x0c2000 0x0810a000 0x0810a000 0x000df4 0x07fbd0 RW  0x1000
+  LOAD           0x000000 0x08048000 0x08048000 0x0c17c2 0x0c17c2 R E 0x1000
+  LOAD           0x0c2000 0x0810a000 0x0810a000 0x000df4 0x07fbe4 RW  0x1000
   DYNAMIC        0x0c20d4 0x0810a0d4 0x0810a0d4 0x000130 0x000130 RW  0x4
   NOTE           0x000148 0x08048148 0x08048148 0x000020 0x000020 R   0x4
-  GNU_EH_FRAME   0x0a7c78 0x080efc78 0x080efc78 0x002a2c 0x002a2c R   0x4
+  GNU_EH_FRAME   0x0a7c38 0x080efc38 0x080efc38 0x002a2c 0x002a2c R   0x4
   GNU_STACK      0x000000 0x00000000 0x00000000 0x000000 0x000000 RW  0x4

  Section to Segment mapping:
@@ -509,7 +509,7 @@
    56: 00000000     36 FUNC    GLOBAL DEFAULT    UNDEF fprintf (4)
    57: 00000000    215 FUNC    GLOBAL DEFAULT    UNDEF getenv (4)
    58: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glVertex3f
-   59: 080a6810    180 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_EPKS3_RKS6_
+   59: 080ae230    180 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_EPKS3_RKS6_
    60: 00000000    330 FUNC    GLOBAL DEFAULT    UNDEF _ZNSt13basic_filebufIcSt
11char_traitsIcEE4openEPKcSt13_Ios_Openmode (3)
    61: 00000000     24 FUNC    GLOBAL DEFAULT    UNDEF PHYSFS_fileLength
    62: 00000000     68 FUNC    GLOBAL DEFAULT    UNDEF xmlTextReaderMoveToFirst
Attribute
@@ -583,7 +583,7 @@
   130: 0810b020     16 OBJECT  WEAK   DEFAULT       25 _ZTTSt14basic_ofstreamIc
St11char_traitsIcEE (3)
   131: 00000000    250 FUNC    GLOBAL DEFAULT    UNDEF __cxa_allocate_exception
@CXXABI_1.3 (2)
   132: 00000000    105 FUNC    GLOBAL DEFAULT    UNDEF TTF_CloseFont
-  133: 0804dae0     42 FUNC    WEAK   DEFAULT       12 _ZNSsC1IPcEET_S1_RKSaIcE
+  133: 080507a0     42 FUNC    WEAK   DEFAULT       12 _ZNSsC1IPcEET_S1_RKSaIcE
   134: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glVertex2f
   135: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glTexParameteri
   136: 00000000    107 FUNC    GLOBAL DEFAULT    UNDEF SDL_UnlockSurface
@@ -684,7 +684,7 @@
   231: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glBindTexture
   232: 00000000    140 FUNC    GLOBAL DEFAULT    UNDEF opendir (4)
   233: 00000000     59 FUNC    GLOBAL DEFAULT    UNDEF snprintf (4)
-  234: 0806bf40    130 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_ERKS6_S8_
+  234: 08084450    130 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_ERKS6_S8_
   235: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glEnable
   236: 00000000    123 FUNC    GLOBAL DEFAULT    UNDEF boxRGBA
   237: 0804d414     53 FUNC    GLOBAL DEFAULT    UNDEF __cxa_pure_virtual@CXXAB
I_1.3 (2)
@@ -709,7 +709,7 @@
   256: 00000000    124 FUNC    GLOBAL DEFAULT    UNDEF xmlTextReaderNext
   257: 00000000     22 FUNC    GLOBAL DEFAULT    UNDEF PHYSFS_getBaseDir
   258: 00000000    420 FUNC    GLOBAL DEFAULT    UNDEF free (4)
-  259: 08189bd0      0 NOTYPE  GLOBAL DEFAULT      ABS _end
+  259: 08189be4      0 NOTYPE  GLOBAL DEFAULT      ABS _end
   260: 00000000    229 FUNC    GLOBAL DEFAULT    UNDEF getcwd (4)
   261: 00000000     66 FUNC    GLOBAL DEFAULT    UNDEF Mix_PlayMusic
   262: 0804d574     15 FUNC    GLOBAL DEFAULT    UNDEF _ZTv0_n12_NSoD1Ev@GLIBCX
X_3.4 (3)

They're really close, but not identical, as they should be.

Comment 4 Michael Schwendt 2006-04-06 12:37:06 UTC

Different observation here:

Program received signal SIGSEGV, Segmentation fault.
0x080563a1 in mps_right (x=100, y=59) at src/lincity-ng/MpsInterface.cpp:376
/usr/src/debug/lincity-ng-1.0.2/src/lincity-ng/MpsInterface.cpp:376:10360:beg:0
x80563a1

100% reproducible. Steps:

1. Start new game.
2. Press middle mouse-button on any position x >= 100

[...]

Brief look at the code revealed this what looks very broken to me.

src/lincity-ng/MpsInterface.cpp does:

    p = (MP_INFO(x,y).flags & FLAG_FIRE_COVER) ? _("Yes") : _("No");

The MP_INFO macro accesses the world map:

    src/lincity/engglobs.h:#define MP_INFO(x,y)   map.info[x][y]

Which in turn is defined as an array of size 100x100, so no surprise
that x>=100 leads to problems:

src/lincity/lin-city.h:#define WORLD_SIDE_LEN 100

struct map_struct
{
    short type[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    short group[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    int pollution[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    Map_Point_Info info[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
};
typedef struct map_struct Map;

Comment 5 Michael Schwendt 2006-04-18 22:28:33 UTC

Segmentation fault when clicking on map
https://developer.berlios.de/bugs/?func=detailbug&bug_id=6093&group_id=2929


News

15. April 2006 - Release 1.0.3 uploaded. See Download/Installation.

Comment 6 Tom "spot" Callaway 2006-04-19 22:15:37 UTC

1.0.3 resolves this for me. Can some of you test the 1.0.3 package in the Extras
repo and confirm that this is resolved on your systems as well?

Comment 7 Stewart Adam 2006-04-19 22:37:30 UTC

Which repo is it in? All I can see in extras & extras-development is 1.0.2 .
Firewing1

Comment 8 Tom "spot" Callaway 2006-04-20 03:28:56 UTC

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 lincity-ng              i386       1.0.3-1.fc6      extras-development  351 k
Updating for dependencies:
 lincity-ng-data         i386       1.0.3-1.fc6      extras-development   25 M

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)
Total download size: 26 M
Is this ok [y/N]:

Comment 9 Tom "spot" Callaway 2006-04-20 13:07:59 UTC

Closing this out, as several people have reported that the issue is now gone.
Reopen if necessary.