Bug 186513 - lincity-ng-1.0.2-3.fc5 crashes when clicking on the map
lincity-ng-1.0.2-3.fc5 crashes when clicking on the map
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: lincity-ng (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tom "spot" Callaway
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-23 18:38 EST by Stewart Adam
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.0.3-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-20 09:07:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stewart Adam 2006-03-23 18:38:28 EST
Description of problem:
When clicking on the map the game crashes with a SDL segfault. It happened in
the FC4 release and the FC5 release. I've also tried using the official SDL rpm
package, as for another game this once fixed a similar problem. Still a no-go.

Version-Release number of selected component (if applicable):
I included all SDL stuff, too, as it's an SDL problem it seems.
lincity-ng-1.0.2-3.fc5
lincity-ng-data-1.0.2-3.fc5
SDL_net-1.2.5-8.fc5
SDL_image-1.2.4-5.fc5
SDL_ttf-2.0.7-4.fc5
SDL_mixer-1.2.6-6.fc5
SDL_gfx-2.0.13-4.fc5
perl-SDL-2.1.2-5.fc5
SDL_sound-1.0.1-1
SDL-1.2.9-5.2.1

How reproducible:
Always

Steps to Reproduce:
1. Start a new game in Lincity (or continue an old one)
2. 
3. Click anywhere on the grass or water or trees. Buildings are OK.
  
Actual results:
Game crashes with an SDL segmentation fault error message (See below for more
details)

Expected results:
Game should run, if in the "Query" tool then show info about the tile and not crash

Additional info:
-- [ Start ] My Terminal's Output --

[admin@DellLin ~]$ lincity-ng
Starting lincity-ng (version 1.0.2)...
[/boot/data/admin/.lincity] is in the search path.
[/usr/share/lincity-ng] is in the search path.
LINCITY_HOME: /usr/share/lincity-ng
OpenGL Mode 1024x768
Fatal signal: Segmentation Fault (SDL Parachute Deployed)
[admin@DellLin ~]$

-- [ End ] My Terminal Output --
Please get this solved ASAP, it's a great game and it's a shame not being able
to play it!

Firewing1
Comment 1 Tom "spot" Callaway 2006-03-24 18:31:05 EST
Turns out this is an issue with the code being compiled with -O3. When I
recompile using standard $RPM_OPT_FLAGS (aka, -O2...), this bug goes away.

1.0.2-4 should resolve this bug for all releases, please reopen if it does not.
Comment 2 Stewart Adam 2006-03-26 21:13:12 EST
Nope, still happening:

-- [ Start ] My Terminal's Output --
[admin@DellLin ~]$ lincity-ng
Starting lincity-ng (version 1.0.2)...
[/boot/data/admin/.lincity] is in the search path.
[/usr/share/lincity-ng] is in the search path.
LINCITY_HOME: /usr/share/lincity-ng
OpenGL Mode 1024x768
Fatal signal: Segmentation Fault (SDL Parachute Deployed)
[admin@DellLin ~]$ rpm -q --changelog lincity-ng
* Fri Mar 24 2006 Tom "spot" Callaway <tcallawa@redhat.com> 1.0.2-4
- -O3 optimization makes the code cry
..... snip .....
-- [ END ] My Terminal's Output --
Not sure why. From source package it works.
Firewing1
Comment 3 Tom "spot" Callaway 2006-03-29 11:55:49 EST
Damn. This is a confusing one.

When I build the 1.0.2-4 SRPM locally in mock for FC-5, it generates a binary
that does not crash.

When I build the 1.0.2-4 branch in the FE buildsystem, it generates a binary
that does crash as this bug describes.

This is the diff between the buildsystem binary and the mock binary, when
they're run through eu-readelf -a:

--- buildsystem/elf.all 2006-03-29 10:44:39.000000000 -0600
+++ mock/elf.all        2006-03-29 10:44:29.000000000 -0600
@@ -35,10 +35,10 @@
 [11] .plt                 PROGBITS     0804c6c4 0046c4 001210  4 AX     0   0 4
 [12] .text                PROGBITS     0804d8e0 0058e0 098b5c  0 AX     0   0 1 6
 [13] .fini                PROGBITS     080e643c 09e43c 00001c  0 AX     0   0 4
-[14] .rodata              PROGBITS     080e6460 09e460 009818  0 A      0   0 3 2
-[15] .eh_frame_hdr        PROGBITS     080efc78 0a7c78 002a2c  0 A      0   0 4
-[16] .eh_frame            PROGBITS     080f26a4 0aa6a4 00b494  0 A      0   0 4
-[17] .gcc_except_table    PROGBITS     080fdb38 0b5b38 00bcca  0 A      0   0 4
+[14] .rodata              PROGBITS     080e6460 09e460 0097d8  0 A      0   0 3 2
+[15] .eh_frame_hdr        PROGBITS     080efc38 0a7c38 002a2c  0 A      0   0 4
+[16] .eh_frame            PROGBITS     080f2664 0aa664 00b494  0 A      0   0 4
+[17] .gcc_except_table    PROGBITS     080fdaf8 0b5af8 00bcca  0 A      0   0 4
 [18] .ctors               PROGBITS     0810a000 0c2000 0000c8  0 WA     0   0 4
 [19] .dtors               PROGBITS     0810a0c8 0c20c8 000008  0 WA     0   0 4
 [20] .jcr                 PROGBITS     0810a0d0 0c20d0 000004  0 WA     0   0 4
@@ -46,7 +46,7 @@
 [22] .got                 PROGBITS     0810a204 0c2204 000004  4 WA     0   0 4
 [23] .got.plt             PROGBITS     0810a208 0c2208 00048c  4 WA     0   0 4
 [24] .data                PROGBITS     0810a6a0 0c26a0 000754  0 WA     0   0 3 2
-[25] .bss                 NOBITS       0810ae00 0c2df4 07edd0  0 WA     0   0 3 2
+[25] .bss                 NOBITS       0810ae00 0c2df4 07ede4  0 WA     0   0 3 2
 [26] .gnu_debuglink       PROGBITS     00000000 0c2df4 000018  0        0   0 4
 [27] .shstrtab            STRTAB       00000000 0c2e0c 0000ed  0        0   0 1

@@ -55,11 +55,11 @@
   PHDR           0x000034 0x08048034 0x08048034 0x000100 0x000100 R E 0x4
   INTERP         0x000134 0x08048134 0x08048134 0x000013 0x000013 R   0x1
        [Requesting program interpreter: /lib/ld-linux.so.2]
-  LOAD           0x000000 0x08048000 0x08048000 0x0c1802 0x0c1802 R E 0x1000
-  LOAD           0x0c2000 0x0810a000 0x0810a000 0x000df4 0x07fbd0 RW  0x1000
+  LOAD           0x000000 0x08048000 0x08048000 0x0c17c2 0x0c17c2 R E 0x1000
+  LOAD           0x0c2000 0x0810a000 0x0810a000 0x000df4 0x07fbe4 RW  0x1000
   DYNAMIC        0x0c20d4 0x0810a0d4 0x0810a0d4 0x000130 0x000130 RW  0x4
   NOTE           0x000148 0x08048148 0x08048148 0x000020 0x000020 R   0x4
-  GNU_EH_FRAME   0x0a7c78 0x080efc78 0x080efc78 0x002a2c 0x002a2c R   0x4
+  GNU_EH_FRAME   0x0a7c38 0x080efc38 0x080efc38 0x002a2c 0x002a2c R   0x4
   GNU_STACK      0x000000 0x00000000 0x00000000 0x000000 0x000000 RW  0x4

  Section to Segment mapping:
@@ -509,7 +509,7 @@
    56: 00000000     36 FUNC    GLOBAL DEFAULT    UNDEF fprintf@GLIBC_2.0 (4)
    57: 00000000    215 FUNC    GLOBAL DEFAULT    UNDEF getenv@GLIBC_2.0 (4)
    58: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glVertex3f
-   59: 080a6810    180 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_EPKS3_RKS6_
+   59: 080ae230    180 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_EPKS3_RKS6_
    60: 00000000    330 FUNC    GLOBAL DEFAULT    UNDEF _ZNSt13basic_filebufIcSt
11char_traitsIcEE4openEPKcSt13_Ios_Openmode@GLIBCXX_3.4 (3)
    61: 00000000     24 FUNC    GLOBAL DEFAULT    UNDEF PHYSFS_fileLength
    62: 00000000     68 FUNC    GLOBAL DEFAULT    UNDEF xmlTextReaderMoveToFirst
Attribute
@@ -583,7 +583,7 @@
   130: 0810b020     16 OBJECT  WEAK   DEFAULT       25 _ZTTSt14basic_ofstreamIc
St11char_traitsIcEE@GLIBCXX_3.4 (3)
   131: 00000000    250 FUNC    GLOBAL DEFAULT    UNDEF __cxa_allocate_exception
@CXXABI_1.3 (2)
   132: 00000000    105 FUNC    GLOBAL DEFAULT    UNDEF TTF_CloseFont
-  133: 0804dae0     42 FUNC    WEAK   DEFAULT       12 _ZNSsC1IPcEET_S1_RKSaIcE
+  133: 080507a0     42 FUNC    WEAK   DEFAULT       12 _ZNSsC1IPcEET_S1_RKSaIcE
   134: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glVertex2f
   135: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glTexParameteri
   136: 00000000    107 FUNC    GLOBAL DEFAULT    UNDEF SDL_UnlockSurface
@@ -684,7 +684,7 @@
   231: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glBindTexture
   232: 00000000    140 FUNC    GLOBAL DEFAULT    UNDEF opendir@GLIBC_2.0 (4)
   233: 00000000     59 FUNC    GLOBAL DEFAULT    UNDEF snprintf@GLIBC_2.0 (4)
-  234: 0806bf40    130 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_ERKS6_S8_
+  234: 08084450    130 FUNC    WEAK   DEFAULT       12 _ZStplIcSt11char_traitsI
cESaIcEESbIT_T0_T1_ERKS6_S8_
   235: 00000000      0 FUNC    GLOBAL DEFAULT    UNDEF glEnable
   236: 00000000    123 FUNC    GLOBAL DEFAULT    UNDEF boxRGBA
   237: 0804d414     53 FUNC    GLOBAL DEFAULT    UNDEF __cxa_pure_virtual@CXXAB
I_1.3 (2)
@@ -709,7 +709,7 @@
   256: 00000000    124 FUNC    GLOBAL DEFAULT    UNDEF xmlTextReaderNext
   257: 00000000     22 FUNC    GLOBAL DEFAULT    UNDEF PHYSFS_getBaseDir
   258: 00000000    420 FUNC    GLOBAL DEFAULT    UNDEF free@GLIBC_2.0 (4)
-  259: 08189bd0      0 NOTYPE  GLOBAL DEFAULT      ABS _end
+  259: 08189be4      0 NOTYPE  GLOBAL DEFAULT      ABS _end
   260: 00000000    229 FUNC    GLOBAL DEFAULT    UNDEF getcwd@GLIBC_2.0 (4)
   261: 00000000     66 FUNC    GLOBAL DEFAULT    UNDEF Mix_PlayMusic
   262: 0804d574     15 FUNC    GLOBAL DEFAULT    UNDEF _ZTv0_n12_NSoD1Ev@GLIBCX
X_3.4 (3)

They're really close, but not identical, as they should be.
Comment 4 Michael Schwendt 2006-04-06 08:37:06 EDT
Different observation here:

Program received signal SIGSEGV, Segmentation fault.
0x080563a1 in mps_right (x=100, y=59) at src/lincity-ng/MpsInterface.cpp:376
/usr/src/debug/lincity-ng-1.0.2/src/lincity-ng/MpsInterface.cpp:376:10360:beg:0
x80563a1

100% reproducible. Steps:

1. Start new game.
2. Press middle mouse-button on any position x >= 100

[...]

Brief look at the code revealed this what looks very broken to me.

src/lincity-ng/MpsInterface.cpp does:

    p = (MP_INFO(x,y).flags & FLAG_FIRE_COVER) ? _("Yes") : _("No");

The MP_INFO macro accesses the world map:

    src/lincity/engglobs.h:#define MP_INFO(x,y)   map.info[x][y]

Which in turn is defined as an array of size 100x100, so no surprise
that x>=100 leads to problems:

src/lincity/lin-city.h:#define WORLD_SIDE_LEN 100

struct map_struct
{
    short type[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    short group[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    int pollution[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
    Map_Point_Info info[WORLD_SIDE_LEN][WORLD_SIDE_LEN];
};
typedef struct map_struct Map;
Comment 5 Michael Schwendt 2006-04-18 18:28:33 EDT
Segmentation fault when clicking on map
https://developer.berlios.de/bugs/?func=detailbug&bug_id=6093&group_id=2929


News

15. April 2006 - Release 1.0.3 uploaded. See Download/Installation. 
Comment 6 Tom "spot" Callaway 2006-04-19 18:15:37 EDT
1.0.3 resolves this for me. Can some of you test the 1.0.3 package in the Extras
repo and confirm that this is resolved on your systems as well?
Comment 7 Stewart Adam 2006-04-19 18:37:30 EDT
Which repo is it in? All I can see in extras & extras-development is 1.0.2 .
Firewing1
Comment 8 Tom "spot" Callaway 2006-04-19 23:28:56 EDT
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 lincity-ng              i386       1.0.3-1.fc6      extras-development  351 k
Updating for dependencies:
 lincity-ng-data         i386       1.0.3-1.fc6      extras-development   25 M

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       2 Package(s)
Remove       0 Package(s)
Total download size: 26 M
Is this ok [y/N]:
Comment 9 Tom "spot" Callaway 2006-04-20 09:07:59 EDT
Closing this out, as several people have reported that the issue is now gone.
Reopen if necessary.

Note You need to log in before you can comment on or make changes to this bug.