Opened 14 years ago
Closed 14 years ago
#4946 closed defect (fixed)
LSL6: Segfault while leaving the penthouse
| Reported by: | DrMcCoy | Owned by: | bluegr |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCI |
| Version: | Keywords: | ||
| Cc: | Game: | Leisure Suit Larry 6 |
Description
Segfault while leaving the penthouse, in the lowres CD version of Leisure Suit Larry 6.
Backtrace: #0 0x0000000000b8cb0b in READ_UINT16 (segMan=0x19b6430, list=..., offset=0) at ./common/endian.h:172 #1 read_point (segMan=0x19b6430, list=..., offset=0) at engines/sci/engine/kpathing.cpp:273 #2 0x0000000000b8f310 in convert_polygon (s=0x1a089e0, polygon=...) at engines/sci/engine/kpathing.cpp:1102 #3 0x0000000000b90396 in Sci::kAvoidPath (s=0x1a089e0, argc=3, argv=0x1a17ea0) at engines/sci/engine/kpathing.cpp:1414 #4 0x0000000000bb1c9f in callKernelFunc (s=0x1a089e0, kernelCallNr=119, argc=3) at engines/sci/engine/vm.cpp:725 #5 0x0000000000bb4d01 in Sci::run_vm (s=0x1a089e0) at engines/sci/engine/vm.cpp:1393
(gdb) frame 1 #1 read_point (segMan=0x19b6430, list=..., offset=0) at engines/sci/engine/kpathing.cpp:273 273 point.x = (int16)READ_LE_UINT16(list_r.raw + offset * POLY_POINT_SIZE); (gdb) print list_r.raw $3 = (byte *) 0x0 (gdb) print list $4 = {segment = 61, offset = 0}
Ticket imported from: #3034501. Ticket imported from: bugs/4946.
Attachments (2)
Change History (10)
by , 14 years ago
| Attachment: | lsl6cdl.000 added |
|---|
comment:1 by , 14 years ago
| Summary: | SC, LSL6I: Segfault while leaving the penthouse → SC, LSL6: Segfault while leaving the penthouse |
|---|
comment:2 by , 14 years ago
| Summary: | SC, LSL6: Segfault while leaving the penthouse → SCI, LSL6: Segfault while leaving the penthouse |
|---|
comment:3 by , 14 years ago
comment:4 by , 14 years ago
| Component: | → Engine: SCI |
|---|---|
| Game: | → Leisure Suit Larry 6 |
comment:5 by , 14 years ago
| Summary: | SCI, LSL6: Segfault while leaving the penthouse → LSL6: Segfault while leaving the penthouse |
|---|
comment:6 by , 14 years ago
The warnings thrown are the actual cause of this. The actual issue is that the game tries to read a polygon from an invalid pointer when the elevator moves, and reads junk. I've changed the second warning in read_point() to an error, as an invalid pointer there is quite severe. It no longer segfaults, but we need to figure out where the game is trying to read from, or ignore the pathfinding calls for that script in that scene completely
comment:7 by , 14 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:8 by , 14 years ago
Fixed in rev #52174.
The problem was that game scripts freed a polygon related to pathfinding, and then referenced it again
I can replicate this issue which is occuring in Room 700 by leaving via the lift giving : WARNING: SegManager::dereference(): Attempt to dereference invalid pointer 0041:0000! WARNING: read_point(): Attempt to dereference invalid pointer 0041:0000! prior to segfault or via the dumbwaiter giving : WARNING: SegManager::dereference(): Attempt to dereference invalid pointer 003f:0000! WARNING: read_point(): Attempt to dereference invalid pointer 003f:0000! prior to segfault.
Attaching savegame from LSL Collection LSL6 version.
It is probably possible to complete the game, but only if you have everything for Shamara, before entering the Penthouse.