Stargus

Segmentation fault in ConvertTileset / calloc

Bug #956775 reported by Ildar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Stargus
Expired
Undecided
Unassigned

Bug Description

My SC distro is not standard. And I get SIGSEGV:
...
extracted: tileset\Jungle.cv5 (1806, 82056 bytes)
extracted: tileset\Jungle.vf4 (1808, 161472 bytes)

Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=0x7ffff7479e80, bytes=5177344) at malloc.c:4709
4709 set_head(remainder, remainder_size | PREV_INUSE);
(gdb) bt
#0 _int_malloc (av=0x7ffff7479e80, bytes=5177344) at malloc.c:4709
#1 0x00007ffff718d642 in __libc_calloc (n=<value optimized out>,
    elem_size=<value optimized out>) at malloc.c:4066
#2 0x000000000040922a in ConvertTile (mini=0x675db0 "", mega=0x7ea040 "",
    msize=161472, map=0x811710 "", mapl=82056, wp=0x7fffffffda84,
    hp=0x7fffffffda80) at /tmp/stargus_2.2.6.orig/startool.cpp:3101
#3 0x000000000040955a in ConvertTileset (listfile=0x424e20 "tileset\\Jungle",
    file=0x424e12 "jungle/jungle") at /tmp/stargus_2.2.6.orig/startool.cpp:3163
#4 0x000000000040c98a in main (argc=3, argv=0x7fffffffe418)
    at /tmp/stargus_2.2.6.orig/startool.cpp:4242
(gdb)

Can you help? Any hints?

Revision history for this message
Pali (pali) wrote :

#0 _int_malloc (av=0x7ffff7479e80, bytes=5177344) at malloc.c:4709
#1 0x00007ffff718d642 in __libc_calloc (n=<value optimized out>, elem_size=<value optimized out>) at malloc.c:4066

Install debug symbols for your libc. I need to know arguments passed to calloc (<value optimized out> is not enought).

Changed in stargus:
status: New → Incomplete
Revision history for this message
Ildar (ildar-users) wrote :

> Install debug symbols for your libc.
It is installed indeed. Otherwise we wouldn't see the #0 _int_malloc staff.

> I need to know arguments passed to calloc (<value optimized out> is not enought).
Ok. I did this:
$ diff startool.cpp{.ORIG,}
3101c3101
< image = (unsigned char *)calloc(1, height * width);
---
> printf(">>>DEBUG: calloc(1,%d)<<< ",height * width); fflush(stdout); image = (unsigned char *)calloc(1, height * width);

And get this:
> extracted: tileset\Jungle.cv5 (1806, 82056 bytes)
> extracted: tileset\Jungle.vf4 (1808, 161472 bytes)
> >>>DEBUG: calloc(1,5177344)<<< Segmentation fault
 $

Please note (again), I got a non-standard SC distribution. (the mpq is definitely modified externally).

Revision history for this message
Joris Dauphin (joris-dauphin) wrote :

> DEBUG: calloc(1, 5177344)<<< Segmentation fault

~5 Mb on the stack... it is a lot.
we should use a std::vector<unsigned char> image;
image.resize(height * width)

Revision history for this message
Pali (pali) wrote :

Nope, calloc allocate memory in heap (as malloc). So this is correct usage. Seems like some memory leaks or not enought free memory...

Revision history for this message
Ildar (ildar-users) wrote :

> Seems like some memory leaks or not enought free memory...
I don't think so. Glibc should _return_ a error code in such cases, not SEGFAULT.
This looks like a memory corruption.

Revision history for this message
Pali (pali) wrote :

Can you try to start binary valgrind? Maybe it show something more...

Revision history for this message
Joris Dauphin (joris-dauphin) wrote :

I confounded with alloca...

What is your type of modifications in mpq ?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Stargus because there has been no activity for 60 days.]

Changed in stargus:
status: Incomplete → Expired
Revision history for this message
Pali (pali) wrote :

Ok, this is written in linux malloc manpage:

Crashes in malloc(), calloc(), realloc(), or free() are almost always related to heap corruption, such as overflowing an allocated chunk or freeing the same pointer twice.

Ildar, what OS do you have? Also please run startool under valgrind. It will print all memory corruptions.

And can somebody other reproduce this bug?

Changed in stargus:
status: Expired → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Stargus because there has been no activity for 60 days.]

Changed in stargus:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.