[FIXED] Server crash - Glibc

[Regnakhan]

Hello,

I feel a bit sorry I feel like complaining all the time, but I found this bug. It happened after using training dummies (I suppose ...).
The server is usually stable, but each time I try to use training dummies, it crashes at next World Save.

Here is the error :

*** glibc detected *** ./uox3: free(): invalid pointer: 0x10aeec1c ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x75ee2)[0xf747fee2]
./uox3[0x82ec966]
./uox3[0x82eca46]
./uox3[0x82ec9a1]
./uox3[0x82903f5]
./uox3[0x828f84f]
./uox3[0x825bf7b]
./uox3[0x80becc1]
./uox3[0x8226835]
./uox3[0x82551c1]
./uox3[0x822a2eb]
./uox3[0x806113d]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xf74234d3]
./uox3[0x8066981]
======= Memory map: ========
08048000-083a5000 r-xp 00000000 08:13 5397194 /opt/uox3/uox3
083a5000-083a6000 r--p 0035c000 08:13 5397194 /opt/uox3/uox3
083a6000-083ad000 rw-p 0035d000 08:13 5397194 /opt/uox3/uox3
083ad000-083b0000 rw-p 00000000 00:00 0
0a2f1000-111a4000 rw-p 00000000 00:00 0 [heap]
e3e00000-e3e21000 rw-p 00000000 00:00 0
e3e21000-e3f00000 ---p 00000000 00:00 0
e3ffb000-e3ffc000 ---p 00000000 00:00 0
e3ffc000-e4ba7000 rw-p 00000000 00:00 0
e4c9a000-e4dae000 rw-p 00000000 00:00 0
e4eb2000-e4fa2000 r--s 00000000 08:13 950310 /opt/uo/staidx5.mul
e4fa2000-e51dd000 r--s 00000000 08:13 950268 /opt/uo/statics5.mul
e51dd000-e612e000 r--s 00000000 08:13 950655 /opt/uo/map5.mul
e612e000-e618e000 r--s 00000000 08:13 950273 /opt/uo/staidx4.mul
e618e000-e62b2000 r--s 00000000 08:13 950278 /opt/uo/statics4.mul
e62b2000-e68d2000 r--s 00000000 08:13 950654 /opt/uo/map4.mul
e68d2000-e69c2000 r--s 00000000 08:13 950471 /opt/uo/staidx3.mul
e69c2000-e6bec000 r--s 00000000 08:13 950440 /opt/uo/statics3.mul
e6bec000-e7b3d000 r--s 00000000 08:13 950653 /opt/uo/map3.mul
e7b3d000-e7b6d000 r--s 00000000 08:13 950317 /opt/uo/stadif2.mul
e7b6d000-e7c16000 r--s 00000000 08:13 950372 /opt/uo/staidx2.mul
e7c16000-e7e6b000 r--s 00000000 08:13 950492 /opt/uo/statics2.mul
e7e6b000-e8930000 r--s 00000000 08:13 950651 /opt/uo/map2.mul
e8930000-e8a3a000 r--s 00000000 08:13 950535 /opt/uo/stadif1.mul
e8a3a000-e8f7a000 r--s 00000000 08:13 950426 /opt/uo/staidx1.mul
e8f7a000-ea27e000 r--s 00000000 08:13 950505 /opt/uo/statics1.mul
ea27e000-ef83f000 r--s 00000000 08:13 950649 /opt/uo/map1.mul
ef83f000-ef863000 r--s 00000000 08:13 950445 /opt/uo/stadif0.mul
ef863000-efda3000 r--s 00000000 08:13 950551 /opt/uo/staidx0.mul
efda3000-f10a6000 r--s 00000000 08:13 950346 /opt/uo/statics0.mul
f10a6000-f6667000 r--s 00000000 08:13 950647 /opt/uo/map0.mul
f6667000-f740a000 rw-p 00000000 00:00 0
f740a000-f75ad000 r-xp 00000000 08:13 3953163 /lib/i386-linux-gnu/libc-2.15.so
f75ad000-f75ae000 ---p 001a3000 08:13 3953163 /lib/i386-linux-gnu/libc-2.15.so
f75ae000-f75b0000 r--p 001a3000 08:13 3953163 /lib/i386-linux-gnu/libc-2.15.so
f75b0000-f75b1000 rw-p 001a5000 08:13 3953163 /lib/i386-linux-gnu/libc-2.15.so
f75b1000-f75b4000 rw-p 00000000 00:00 0
f75b4000-f75d0000 r-xp 00000000 08:13 3940340 /lib/i386-linux-gnu/libgcc_s.so.1
f75d0000-f75d1000 r--p 0001b000 08:13 3940340 /lib/i386-linux-gnu/libgcc_s.so.1
f75d1000-f75d2000 rw-p 0001c000 08:13 3940340 /lib/i386-linux-gnu/libgcc_s.so.1
f75d2000-f75fc000 r-xp 00000000 08:13 3953189 /lib/i386-linux-gnu/libm-2.15.so
f75fc000-f75fd000 r--p 00029000 08:13 3953189 /lib/i386-linux-gnu/libm-2.15.so
f75fd000-f75fe000 rw-p 0002a000 08:13 3953189 /lib/i386-linux-gnu/libm-2.15.so
f75fe000-f75ff000 rw-p 00000000 00:00 0
f75ff000-f76d7000 r-xp 00000000 08:13 5136172 /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f76d7000-f76d8000 ---p 000d8000 08:13 5136172 /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f76d8000-f76dc000 r--p 000d8000 08:13 5136172 /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f76dc000-f76dd000 rw-p 000dc000 08:13 5136172 /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f76dd000-f76e4000 rw-p 00000000 00:00 0
f76e4000-f76fb000 r-xp 00000000 08:13 3953185 /lib/i386-linux-gnu/libpthread-2.15.so
f76fb000-f76fc000 r--p 00016000 08:13 3953185 /lib/i386-linux-gnu/libpthread-2.15.so
f76fc000-f76fd000 rw-p 00017000 08:13 3953185 /lib/i386-linux-gnu/libpthread-2.15.so
f76fd000-f76ff000 rw-p 00000000 00:00 0
f771c000-f771f000 rw-p 00000000 00:00 0
f771f000-f7720000 r-xp 00000000 00:00 0 [vdso]
f7720000-f7740000 r-xp 00000000 08:13 3953191 /lib/i386-linux-gnu/ld-2.15.so
f7740000-f7741000 r--p 0001f000 08:13 3953191 /lib/i386-linux-gnu/ld-2.15.so
f7741000-f7742000 rw-p 00020000 08:13 3953191 /lib/i386-linux-gnu/ld-2.15.so
ffe9c000-ffebd000 rw-p 00000000 00:00 0 [stack

Thx for help

[Xuri]

Hm. What about archery buttes? Same issue, or work fine?

[Regnakhan]

I have the same issue with the Archery Buttes :

*** glibc detected *** ./uox3: munmap_chunk(): invalid pointer: 0x0f7d1f24 ***

Weird weird. I'm still investigating

[Xuri]

Booted up UOX3 in Ubuntu (using VirtualBox) and I think I managed to pinpoint the problem a bit closer, after some testing and tweaking and poking and prodding. What I found out was that UOX3 would give me a segmentation fault if I tried to use GetTag to retrieve custom tags containing strings!

By making the following change in UOXJSMethods.cpp, the crashes have seemed to stop for both training dummies and archery buttes (with no negative effects for Windows either, as far as I have been able to see):
Old:

Code: Select all

JSString *localJSString = JS_NewString( cx, (char*)localObject.m_StringValue.c_str(),localObject.m_StringValue.length() );

New:

Code: Select all

JSString *localJSString = JS_NewStringCopyN( cx, (char*)localObject.m_StringValue.c_str(),localObject.m_StringValue.length() );

I don't know WHY this seemingly fixes the problem, but I'll include this change in my next CVS update, and fingers crossed, this will fix the issue for you as well.

[Regnakhan]

Thank you, Xuri !

You're the man

[Regnakhan]

Tested on 0.99.2 and it is stable

Thanks a lot !

[Xuri]

Glad to hear it