[svn2637] Lua error leading to crash in stackDump

[yufra]

I was running a Shalore Temporal Warden in the Rhaloren Camp and had noticed some strange slowing, particularly when trying to run (would take significant fractions of a second per step instead of the normal zip-zip-zoom). Then I started battling a mean looking elven guard and wham... crash. Here is the last thing my TW saw...

crash.jpg (208.72 KiB) Viewed 572 times

And here is the last bit of the stdout. The first thing I noticed is the "Fyndhorn hits Fyndhorn" bit, but that is because the Bleeding Edge talent is missing the src being passed to the effect and I'll address that in another thread. It looks like the shield deactivate is being called twice, and the second time with eff as nil. The screenshot shows the damage shield was set to expire anyway, but that shouldn't matter. Well this is one to track down later since I don't think it is related to the VERY bizarre stuff below...

Code: Select all

[ATTACK] attacking with	iron longsword
[COMBAT DAMAGE] power(0.915542) totstat(32.000000) talent_mod(1.000000)
[ATTACK] to 	Fyndhorn	 :: 	14.648668044799	2	4	::	1
checkHit	13	8.35
=> chance to hit	66.583762469013
[LOG]	Mean looking elven guard misses Fyndhorn.
[PROJECTOR] starting dam	6.522830523257
[PROJECTOR] after difficulty dam	6.522830523257
[PROJECTOR] res	1.8571428571429	0.98142857142857	 on dam	6.522830523257
[PROJECTOR] after resists dam	6.4016922421108
[PROJECTOR] final dam	6.4016922421108
[LOG]	Fyndhorn hits Fyndhorn for #aaaaaa#6.40 physical damage#LAST#.
[LOG]	Your shield crumbles under the damage!
[LOG]	The shield around Fyndhorn crumbles.
removeTempVal	damage_shield	50	 :=: 	400
delTmpVal	damage_shield	50
[LOG]	The shield around Fyndhorn crumbles.
Lua Error: /data/timed_effects.lua:1055: attempt to index local 'eff' (a nil value)
	At [C]:-1 
	At /data/timed_effects.lua:1055 deactivate
	At /engine/interface/ActorTemporaryEffects.lua:152 removeEffect
	At /engine/interface/ActorTemporaryEffects.lua:81 timedEffects
	At /mod/class/Actor.lua:243 act
	At /mod/class/Player.lua:204 act
	At /engine/GameEnergyBased.lua:73 tick
	At /engine/GameTurnBased.lua:44 tick
	At /mod/class/Game.lua:635 

The VERY last bit of the stdout is a stack dump that makes a whole lot of sense... Why are there two stack dumps, one empty and one showing garbage? Well the garbage one is easy to understand... look at the negative indices!

Code: Select all

 ----------------  Stack Dump ----------------
--------------- Stack Dump Finished ---------------
 ----------------  Stack Dump ----------------
-1: 7?A\270\213\301\322]\301A\270\213\301\232c\301A\324\324\363\3007?A\261\364\300\376w*BZ\237\233\301<P;B\336\233\301<P;B\207\352r\301o\203*B\207\352r\301\256B\256\250\302\321zB\256\250\302?B\214\302\256B\341\333\302{\232>|\213\241\300c @|\213\241\300\252!@$\3235\300{\232>$J6\300)\270°\247&\302\\353°\247&\302\\353\302\343\332\302?\302\343Z\302\340-B\312i­\372	B\312i\302\3610
B&F\302\340-B\375\234\302\375\204\301\242\244@\220\243\312\300\242\244@Jw\312\300t
\353@\375\204\301s\352@?A_\256\313\301\266>PA?\313\301\266>PA8\362\251\301\201
A8\362\251\301_4\323\301oXB`\271\301\242\205B`\271\301oRB\252\371\322\301oRBh?\371A\377\366\301<~\371A\377\366\301\353\213	BPL\302\353\213	B\272\345!\302\323=\240A?\274\240A\302.V\302A\322\334!\302.V\302A\326wQB\225\343<A
\207bB7\332:A\243DbBe\200A\326wQBe\200A\230\216D\302\352oL@\265\2537\302IG@\313\3017\302_\236\314@\230\216D\302_\236\314@\354u\203AkH\223@\206\235AkH\223@\206\235A?\371@\345[\203A/I\372@\346-?=u A\247|y@\212 A\247|y@;\275SAM\2772?;\275SA\364C4\302\300\370;\302\367\211'\302$\274<\302'w+\302\363+3\302\364C4\302\363+3\302%I|\301x\360'\302\360Y\301x\360'\302\360Y\301\253#\302,H}\301©\212\301@f\245\276\212\370Af\245\276\212\370Ag+8@_\301@GH9@?\365\300
\247 \302a\300\255\300\224\242 \302a\300\255\300\307\325\302\313&\364\300\307\325\302\374P+B!\311\335?]/<B\311\327?\311<B\262?@\374P+B\262?@\303BLf\204A^\256B
 \204A?B\346\377\225A\303B\346\377\225Aj\274'B\262\214B7\2118B\262\214B7\2118BY"B%''B=\254"B\342\325\277\210v\362?\267\256\320?\210v\362?\246\322?\272>\203@\342\325\277\203@{e`A7\322\362@\366\353\231ACO\362@X?AP\234LA{e`AP\234LAp\201\356A6\246\371\301\205
B6\246\371\301:(B&\250\317\301p\201\356A\234\320\301i1\301'\354\274\301\344\372\300I\363\274\301h\314\373\300\214R\243\301i1\301\214R\243\301\343\207\305\301\207\357 \302\300_\233\301\373\377 \302H\356\233\301\272"\302\343\207\305\301\272"\302v\265V\302\357\354(\277\251\350E\302\357\354(\277\251\350E?\221b@R\333V\302jfk@\204\207\300\214\261\224A\260p?\251?A\260p?Dd\276ATx\206\300Dd\276A>uA$e&\300s\250nA$e&\300s\250nA\260g&@\244oA)\250'@\261AW\252\214\301,jA\244\207\214\301,jA\334E\301\344\370A\334E\301"W\216\300\337\376\300x\355C??\300@z@?\365\3152@"W\216\300\365\3152@\310#)\302(\366A\2675¨\367A\2675?MB\204)?MB\200\365\353\301^\266'B\204\343\331\3016	(B\204\343\331\301\3260B}\353\301\3260B\217\341\375\300\231?\300$.\300;\214\300J\366.\300\210\246T?\217\341\375\300\210\246T?d\245\367=B\201$B\225@\221$B\225@\341]-Bb\204,>\341]-B\262\262?B\363u\253@HB\363u\253@HB]\334\361@h\221?Bz\364@Y\366\264A'\315\326A\364\217\316A'\315\326A\364\217\316A\302f\360AP\255\264AD\204\360A\225\254'\301\371?\300\300\362\350\300\371?\300\300\362\350\300\355"\300\246\346'\301\230\374!\300\303}aA\204\262B
\261\222A?B|X\222AQB\303}aAQB?A\365HB\242l\244A\365HB\242l\244A\302B\207~\202A\262B\312~\307\300U\251K\302\3000B\300U\251K\302(\356;\300>\307>\302\312~\307\300\210\334>\302O\363\361A\234\340\235\301u\306B\234\340\235\301\321B\340\367\213\301O\363\361AG\214\301 // 0
-2: A // 0
-3: \200$B // 0
Program received signal:  “EXC_BAD_ACCESS”.
sharedlibrary apply-load-rules all

And here is the backtrace. I don't think this will be too helpful since I suspect the bug is the presence of negative indices in stackDump to begin with.

Code: Select all

(gdb) bt
#0  0x948942b0 in strlen ()
#1  0x9489ec60 in __vfprintf ()
#2  0x9489d3d9 in __vfprintf ()
#3  0x948bb25b in vfprintf_l ()
#4  0x949056cf in printf ()
#5  0x0006a6a0 in stackDump (L=0x4c4010) at src/main.c:102
#6  0x0006a79b in docall (L=0x4c4010, narg=2, nret=0) at src/main.c:123
#7  0x0006b4d6 in call_draw (nb_keyframes=2) at src/main.c:316
#8  0x0006b960 in on_redraw () at src/main.c:391
#9  0x0006cef0 in tengine_main (argc=1, argv=0x4082c0) at src/main.c:866
#10 0x00044c05 in -[SDLMain applicationDidFinishLaunching:] (self=0x60c440, _cmd=0x98982502, note=0x613d50) at src/mac/SDLMain.m:213
#11 0x935fc4df in _nsnote_callback ()
#12 0x95648793 in __CFXNotificationPost ()
#13 0x9564819a in _CFXNotificationPostNotification ()
#14 0x935f1384 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
#15 0x935fe789 in -[NSNotificationCenter postNotificationName:object:] ()
#16 0x9913f422 in -[NSApplication _postDidFinishNotification] ()
#17 0x9913f332 in -[NSApplication _sendFinishLaunchingNotification] ()
#18 0x992964ed in -[NSApplication(NSAppleEventHandling) _handleAEOpen:] ()
#19 0x9929610d in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] ()
#20 0x936317a4 in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] ()
#21 0x93631568 in _NSAppleEventManagerGenericHandler ()
#22 0x94406f58 in aeDispatchAppleEvent ()
#23 0x94406e57 in dispatchEventAndSendReply ()
#24 0x94406d61 in aeProcessAppleEvent ()
#25 0x921d3389 in AEProcessAppleEvent ()
#26 0x9910f9ca in _DPSNextEvent ()
#27 0x9910efce in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#28 0x990d1247 in -[NSApplication run] ()
#29 0x000449ef in CustomApplicationMain (argc=1, argv=0xbffff6f0) at src/mac/SDLMain.m:150
#30 0x00044d23 in main (argc=1, argv=0xbffff6f0) at src/mac/SDLMain.m:244

So the indexing "i" variable in stackDump was negative... no clue how that happened. I've set a breakpoint there for future debugging, but I am not sure how to reproduce the stackDump right now. I am going to keep the debug session open so I can poke at it under more direction.

[darkgod]

The lua error provoked bad C code to run.

I fixed ActorTemporaryEffects:removeEffect() to not be able to remove efefcts not existing (which was a bug) so this case should not happen.
Still the C code is wonky