Re: DG-Script's crashing..

From: Chris Gilbert (chris@buzzbee.freeserve.co.uk)
Date: 05/31/00


The Merciless Lord of Everything wrote:
>
> Hiya All
>
> Finally, it seems I've nailed the problem down for crashing when editing
> new rooms. (And this while I was looking for something else, funny eh? :)
>
> It requires DG as first. Create a trigger that can be executed somewhat
> controlled (a command trigger is nice):
>
> -----
> %echo% trigger is starting
> wait 20s
> %echo% trigger ended
> -----
>
> Now, Fire up the trigger and before the 20 seconds ends, edit a NEW room
> (not one of the existing ones), wait for the crash (Or at least that is
> what I've been able to deduce).
>
> gdb shows:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x80cc0c3 in script_driver (go=0x40161970, trig=0x85e44c0, type=2,
> mode=1) at dg_scripts.c:2904
> 2904        if (!(sc = SCRIPT((struct room_data *) go))) {
> (gdb) bt
> #0  0x80cc0c3 in script_driver (go=0x40161970, trig=0x85e44c0, type=2,
> mode=1) at dg_scripts.c:2904
> #1  0x80c5fef in trig_wait_event (info=0x85e8380) at dg_scripts.c:489

hmm go looks like a string (it's got 8 hex numbers, most mem addresses
are only 7:

0x40161970 =
@\026\031p
nope maybe not, but it's definetly data, what's the contents of info
from frame?  A vague guess is that you're freeing the wait object before
you should, and it get reallocated.

> -----
> (More information on request)
>
> What I see as the problem is this:
>
> Trigger starts and runs on the existing world. While rediting, the world
> get's freed and everythign is reassigned (objs moved if needed and so on
> :). Trigger reaches end of pause, and continues on a room that no longer
> exist (It has been freed in the redit procedure), the result is a crash.

you have pointed out one of the big problems with dg scripts, that's why
lots of them have id's by storing a ptr into memory you risk that data
(a room in this case) moving.

try using a watch point on the contents of go.  If you do a break in
process_wait then add the watch point, and sit back and see where it's
getting altered (note that this can be CPU intensive, so I'd suggest
doing it on your own computer ;)  I suspect that something is freeing
that memory and it's getting reused of a buffer is overflowing into
it...

Chris


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/10/01 PDT