Bug 237351 – Ur-quan crash when colliding with planet

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 237351 - Ur-quan crash when colliding with planet

Summary:	Ur-quan crash when colliding with planet

Status:	CLOSED INSUFFICIENT_DATA

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	uqm (Show other bugs)
Sub Component:
Version:	6
Hardware:	x86_64 Linux

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Konstantin Ryabitsev
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:	bzcl34nup
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2007-04-20 19:09 EDT by Jerry James
Modified:	2008-04-04 17:38 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-04-04 17:38:52 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jerry James 2007-04-20 19:09:54 EDT

Description of problem:
In Super Melee, I had just killed my opponent with a very badly damaged Chmmr. 
As the other ship was still exploding, I crashed into the planet.  As my
explosion started, the program crashed.  The backtrace provided by GDB is:
Core was generated by `/usr/games/uqm'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000004678cd in IncFrameIndex (FramePtr=0x2aaaac12aa00)
    at src/sc2code/libs/graphics/pixmap.c:150
150             if (FramePtr->Index < DrawablePtr->MaxIndex)
(gdb) bt
#0  0x00000000004678cd in IncFrameIndex (FramePtr=0x2aaaac12aa00)
    at src/sc2code/libs/graphics/pixmap.c:150
#1  0x0000000000433edd in animation_preprocess (ElementPtr=0x100ad90)
    at src/sc2code/ship.c:37
#2  0x000000000042cf57 in PreProcess (ElementPtr=0x100ad90)
    at src/sc2code/process.c:145
#3  0x000000000042d099 in ProcessCollisions (hSuccElement=0x100ad90, 
    ElementPtr=0x100a340, min_time=<value optimized out>, process_flags=2048)
    at src/sc2code/process.c:361
#4  0x000000000042dffd in RedrawQueue (clear=TRUE) at src/sc2code/process.c:656
#5  0x0000000000408015 in DoBattle (bs=0x40aa6800) at src/sc2code/battle.c:305
#6  0x000000000041679a in DoInput (pInputState=0x40aa6800, resetInput=FALSE)
    at src/sc2code/gameinp.c:356
#7  0x000000000040857b in Battle () at src/sc2code/battle.c:481
#8  0x000000000042786c in DoConfirmSettings (pMS=0x40aa6970)
    at src/sc2code/melee.c:2148
#9  0x000000000041679a in DoInput (pInputState=0x40aa6970, resetInput=TRUE)
    at src/sc2code/gameinp.c:356
#10 0x0000000000428404 in Melee () at src/sc2code/melee.c:3031
#11 0x000000000042eb0a in StartGame () at src/sc2code/restart.c:358
#12 0x000000000043a6b1 in Starcon2Main (threadArg=<value optimized out>)
    at src/sc2code/starcon.c:156
#13 0x00000000004a94cb in ThreadHelper (startInfo=0xee8480)
    at src/sc2code/libs/threads/sdl/sdlthreads.c:214
#14 0x0000003f2a010a37 in SDL_GetThreadID () from /usr/lib64/libSDL-1.2.so.0
#15 0x0000003f2a051fe9 in SDL_ThreadID () from /usr/lib64/libSDL-1.2.so.0
#16 0x0000003480a06305 in start_thread () from /lib64/libpthread.so.0
#17 0x000000347fecd50d in clone () from /lib64/libc.so.6
#18 0x0000000000000000 in ?? ()

The FramePtr is fine.  The problem is with the DrawablePtr:

(gdb) print DrawablePtr
$1 = (PDRAWABLE_DESC) 0x3800420060007100
(gdb) print *DrawablePtr
Cannot access memory at address 0x3800420060007100

In fact, the entire record pointed to by FramePtr appears to be random bytes.

Version-Release number of selected component (if applicable):
uqm-0.6.2-1.fc6

How reproducible:
Once.  I cannot reproduce this crash at will.

Steps to Reproduce:
1. Somehow arrange to crash into the planet and die while your opponent is still
exploding.
  
Actual results:
The program crashed with a segfault.

Expected results:
The program should not have crashed.

Additional info:

Comment 1 Bug Zapper 2008-04-04 02:55:05 EDT

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 2 Jerry James 2008-04-04 11:27:02 EDT

I don't know what to do with this one.  I could never reproduce it.  I had hoped
that somebody who understood the code would be able to infer what happened from
the backtrace and description, but clearly that didn't happen.

Comment 3 John Poelstra 2008-04-04 17:38:52 EDT

will close for now.  please reopen if you see issue again.  thanks for your
feedback.

Note You need to log in before you can comment on or make changes to this bug.