ULTIMA6: segfault during gc in Ultima 6

[TheCycoONE]

I've been seeing somewhat frequent crashes in Ultima 6 using a version compiled from the master branch on git (529fdca7eaccd48be3f2e081164713106c9702b6) that do not 'appear' to be related to particular actions.

I am using archlinuxarm on an aarch64 system, running sway-wm.

I took a core dump, and included the backtrace below:

Core was generated by `scummvm'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000aaaab0a6be54 in Ultima::Nuvie::U6LList::start (this=0x7) at engines/ultima/nuvie/misc/u6_list.cpp:223
223             cur = head;
[Current thread is 1 (Thread 0xffff908d55d0 (LWP 50713))]
(gdb) bt
#0  0x0000aaaab0a6be54 in Ultima::Nuvie::U6LList::start() (this=0x7) at engines/ultima/nuvie/misc/u6_list.cpp:223
#1  0x0000aaaab0a1f498 in Ultima::Nuvie::delete_obj(Ultima::Nuvie::Obj*) (obj=0xaaaac4e23bf0)
    at engines/ultima/nuvie/core/obj_manager.cpp:2037
#2  0x0000aaaab0a1f4c8 in Ultima::Nuvie::delete_obj(Ultima::Nuvie::Obj*) (obj=0xaaaac4a4a6f0)
    at engines/ultima/nuvie/core/obj_manager.cpp:2041
#3  0x0000aaaab0a846e4 in Ultima::Nuvie::nscript_obj_gc(lua_State*) (L=0xaaaac42d20d0) at engines/ultima/nuvie/script/script.cpp:1779
#4  0x0000aaaab1529930 in luaD_precall(lua_State*, lua_TValue*, int) (L=0xaaaac42d20d0, func=0xaaaac4e23bd0, nresults=0)
    at common/lua/ldo.cpp:344
#5  0x0000aaaab1529c24 in luaD_call(lua_State*, lua_TValue*, int) (L=0xaaaac42d20d0, func=0xaaaac4e23bd0, nResults=0)
    at common/lua/ldo.cpp:401
#6  0x0000aaaab152c500 in GCTM(lua_State*) (L=0xaaaac42d20d0) at common/lua/lgc.cpp:465
#7  0x0000aaaab152cb3c in singlestep(lua_State*) (L=0xaaaac42d20d0) at common/lua/lgc.cpp:592
#8  0x0000aaaab152cc0c in luaC_step(lua_State*) (L=0xaaaac42d20d0) at common/lua/lgc.cpp:615
#9  0x0000aaaab1523090 in lua_pushcclosure(lua_State*, int (*)(lua_State*), int)
    (L=0xaaaac42d20d0, fn=0xaaaab0a7f1e4 <Ultima::Nuvie::lua_error_handler(lua_State*)>, n=0) at common/lua/lapi.cpp:492
#10 0x0000aaaab0a83290 in Ultima::Nuvie::Script::call_function(char const*, int, int, bool)
    (this=0xaaaac472f6f0, func_name=0xaaaab1b8f730 "actor_int_adj", num_args=1, num_return=1, print_stacktrace=true)
    at engines/ultima/nuvie/script/script.cpp:1352
#11 0x0000aaaab0a827c8 in Ultima::Nuvie::Script::call_actor_int_adj(Ultima::Nuvie::Actor*) (this=0xaaaac472f6f0, actor=0xaaaac4cac820)
    at engines/ultima/nuvie/script/script.cpp:1177
#12 0x0000aaaab0ab3500 in Ultima::Nuvie::ActorView::display_actor_stats() (this=0xaaaac4802400)
    at engines/ultima/nuvie/views/actor_view.cpp:224
#13 0x0000aaaab0ab2a50 in Ultima::Nuvie::ActorView::Display(bool) (this=0xaaaac4802400, full_redraw=false)
    at engines/ultima/nuvie/views/actor_view.cpp:119
#14 0x0000aaaab0a37ecc in Ultima::Nuvie::GUI::Display() (this=0xaaaac441fb40) at engines/ultima/nuvie/gui/gui.cpp:192
#15 0x0000aaaab0a12314 in Ultima::Nuvie::Game::play() (this=0xaaaac3c43df0) at engines/ultima/nuvie/core/game.cpp:654
#16 0x0000aaaab09f4634 in Ultima::Nuvie::NuvieEngine::run() (this=0xaaaac4011160) at engines/ultima/nuvie/nuvie.cpp:179
#17 0x0000aaaaae6c5c28 in runGame(Plugin const*, OSystem&, Common::String const&) (plugin=0xaaaac36e9760, system=..., edebuglevels=...)
    at base/main.cpp:307
#18 0x0000aaaaae6c6d38 in scummvm_main(int, char const* const*) (argc=1, argv=0xffffc5b983d8) at base/main.cpp:594
#19 0x0000aaaaae6c351c in main(int, char**) (argc=1, argv=0xffffc5b983d8) at backends/platform/sdl/posix/posix-main.cpp:45

[somaen]

We should fix this before the 2.9.0 release.

[mduggan]

I ran U6 with address sanitizer for a while but didn't see any issues appear, it's quite possible this is already fixed - it's an old report and the code has seen a lot of fixes since then.

[bluegr]

Thanks @mduggan! Closing as outdated