Issue Information
-
#008438
-
0 - None Assigned
-
Fixed
Issue Confirmations
-
Yes (0)No (0)
0
When enable CELL_NOSTACK and create a instance the server crash. The crash ocurrs in the function "map_getcellp" in this line:
cell = m->cell[x + y*m->xs];
Here is the crash log. The crash ocurrs in the version: 15087
Regards.
cell = m->cell[x + y*m->xs];
Here is the crash log. The crash ocurrs in the version: 15087
#0 0x081260b5 in map_getcellp (m=0xb09950c8, x=10, y=307,
cellchk=CELL_CHKNOPASS) at map.c:2558
cell = <value optimized out>
#1 0x081472dd in npc_setcells (nd=0xb233207c) at npc.c:3226
m = <value optimized out>
x = <value optimized out>
y = <value optimized out>
xs = <value optimized out>
ys = <value optimized out>
i = -1332129592
j = 10
#2 0x0814e69c in npc_parse_duplicate (w1=0x82ef640 "0004@tower,12,309,0",
w2=0x82ef600 "duplicate(81FGate102tower)",
w3=0x82ef5c0 "81FGate102tower::dup_0_110001371", w4=0x82ef580 "45,2,2",
start=0x828d520 "- call from instancing subsystem -\n",
buffer=0x828d520 "- call from instancing subsystem -\n",
filepath=0x828bdaa "INSTANCING", options=0, retval=0x0) at npc.c:3091
x = 12
y = 309
dir = 0
m = 878
xs = 2
ys = 2
---Type <return> to continue, or q <return> to quit---
mapname = "0004@tower\000\bP\371#\b<\025\b\266\250a\257\277\364?\322\000<\025\b\266"
srcname = "81FGate102tower", '\000' <repeats 20 times>, "e\207\000\000\000\000\000\000\035Y\025\b\000\000\000\b\000\000\000\000e\207\000\000G\000\000\000\b\000\000\000\f\000\000\000\000\000\000\000\032P\017\b\b\000\000\000\377\377\377\377G\000\000\000\032P\017\b\b\000\000\000A\000\000\000i\000\000\000\000\000\000\000La\257\277\232b\257\277\000\000\000\000\004 \300\b@"
i = <value optimized out>
end = 0x828d542 "\n"
length = <value optimized out>
src_id = 110001371
nd = 0xb233207c
dnd = 0xb608153c
__FUNCTION__ = "npc_parse_duplicate"
#3 0x0814e048 in npc_duplicate4instance (snd=0xb608153c, m=878) at npc.c:3197
newname = "dup_0_110001371\000\204\000\000\000L\n\000"
__FUNCTION__ = "npc_duplicate4instance"
w1 = "0004@tower,12,309,0", '\000' <repeats 30 times>
w2 = "duplicate(81FGate102tower)\000)", '\000' <repeats 21 times>
w3 = "81FGate102tower::dup_0_110001371\000\060", '\000' <repeats 15 times>
w4 = "45,2,2", '\000' <repeats 43 times>
#4 0x0810ec87 in instance_map_npcsub (bl=0xb608153c, args=0xbfaf631c "n\003")
---Type <return> to continue, or q <return> to quit---
at instance.c:330
No locals.
#5 0x0812a320 in bl_vforeach (func=0x810ec60 <instance_map_npcsub>,
blockcount=0, max=2147483647, args=0xbfaf631c "n\003") at map.c:475
argscopy = 0xbfaf631c "n\003"
i = 16
returnCount = 16
#6 0x08135859 in map_vforeachinmap (func=0x810ec60 <instance_map_npcsub>,
m=677, type=128, args=0xbfaf631c "n\003") at map.c:527
i = 2500
returnCount = <value optimized out>
bsize = 2500
argscopy = 0xbfaf631c "n\003"
bl = 0x0
blockcount = 0
#7 0x08131030 in map_foreachinmap (func=0x810ec60 <instance_map_npcsub>,
m=677, type=128) at map.c:548
returnCount = 167048600
ap = 0xbfaf631c "n\003"
#8 0x0810d890 in instance_init (instance_id=0) at instance.c:359
i = 4
#9 0x0819fe26 in buildin_instance_init (st=0xb4747410) at script.c:16961
instance_id = 0
---Type <return> to continue, or q <return> to quit---
#10 0x081a8f21 in run_func (st=0xb4747410) at script.c:3783
data = 0xb7f4d98c
i = <value optimized out>
end_sp = <value optimized out>
func = 407
#11 0x081b68ea in run_script_main (st=0xb4747410) at script.c:4002
c = C_FUNC
cmdcount = 655032
gotocount = 2021
sd = <value optimized out>
stack = 0xb4794388
nd = <value optimized out>
#12 0x08151104 in npc_scriptcont (sd=0x9c4e898, id=110001274, closing=false)
at npc.c:1246
target = 0xb60ca1d4
#13 0x080eb80c in clif_parse_NpcSelectMenu (fd=10, sd=0x9c4e898)
at clif.c:11722
npc_id = 110001274
select = <value optimized out>
#14 0x080eb31e in clif_parse (fd=10) at clif.c:18426
parse_cmd_func = <value optimized out>
cmd = 184
packet_len = 7
---Type <return> to continue, or q <return> to quit---
sd = 0x9c4e898
pnum = 0
#15 0x0824a7ff in do_sockets (next=50) at socket.c:999
rfd = {fds_bits = {1024, 0 <repeats 31 times>}}
timeout = {tv_sec = 0, tv_usec = 17000}
ret = <value optimized out>
i = <value optimized out>
#16 0x08246d5f in main (argc=1, argv=0xbfaf6634) at core.c:256
next = <value optimized out>
retval = <value optimized out>
Regards.
Did you make sure the doesn't occur if you disable CELL_NOSTACK? If you just want to use the official no stacking feature you don't need the define enabled (only if want players and other units to be like walls).
If it crashes at:
cell = m->cell[x + y*m->xs];
Then the only reason can be that it accesses a cell not available in the cell array...
Which is strange because one row above it already checks for the coordinates not to be out of bounds. Hmmm.
Maybe the map is missing cells it should have? Or the map data isn't created at this point at all?
It tries to access cell x=10 y=307, does that cell exist on the map?
Basically there is an NPC at (12,309) and it scans the area 5x5 around it and already crashes at the first cell it scans.
If it crashes at:
cell = m->cell[x + y*m->xs];
Then the only reason can be that it accesses a cell not available in the cell array...
Which is strange because one row above it already checks for the coordinates not to be out of bounds. Hmmm.
Maybe the map is missing cells it should have? Or the map data isn't created at this point at all?
It tries to access cell x=10 y=307, does that cell exist on the map?
Basically there is an NPC at (12,309) and it scans the area 5x5 around it and already crashes at the first cell it scans.
If i disable "CELL_NOSTACK" the crash dind't ocurr.
The reproduction it's easy:
1) Enable #CELL_NOSTACK and compile.
2) Double login 2 chars and put in the same party.
3) Goto to the NPC "Tower Protection Stone" (e_tower,82,105,3) with both chars (if have a GM Account just @tonpc "e_tower,82,105,3" or use @recall)
4) Talk with the NPC with party leader and create a instance and ... map crash.
Regards.
The reproduction it's easy:
1) Enable #CELL_NOSTACK and compile.
2) Double login 2 chars and put in the same party.
3) Goto to the NPC "Tower Protection Stone" (e_tower,82,105,3) with both chars (if have a GM Account just @tonpc "e_tower,82,105,3" or use @recall)
4) Talk with the NPC with party leader and create a instance and ... map crash.
Regards.
I see that Herc has changed the mapcode a bit so that not all mapdata is available all the time and routes the calls through this function:
/* [Ind/Hercules] */
int map_sub_getcellp(struct map_data* m,int16 x,int16 y,cell_chk cellchk) {
map->cellfromcache(m);
m->getcellp = map->getcellp;
m->setcell = map->setcell;
return m->getcellp(m,x,y,cellchk);
}But in the debug code above it directly calls getcellp, that could also be the problem. Maybe Ind could tell us more.
Edited by Playtester, 15 November 2014 - 10:44 AM.
I'm unable to reproduce. I asked michieru to try and he did reproduce, makes me think some unknown type of environment variable is in play.
The "this map hasnt been used at all since boot so no need to keep its memory" thing isn't related at all (my certainty comes from comparing his call stack against the logic in place; if the cell data were "unloaded" it`d be addressed to 0xdeadbeaf which'd mean npc_setcells never gets to call anything -- thus it'd never reach map_getcellp)
The "this map hasnt been used at all since boot so no need to keep its memory" thing isn't related at all (my certainty comes from comparing his call stack against the logic in place; if the cell data were "unloaded" it`d be addressed to 0xdeadbeaf which'd mean npc_setcells never gets to call anything -- thus it'd never reach map_getcellp)
To reproduce it enable the cell feature on config and then try to do Endless tower ?
