Opened 9 years ago

Closed 9 years ago

#4946 closed defect (fixed)

LSL6: Segfault while leaving the penthouse

Reported by: DrMcCoy Owned by: bluegr
Priority: normal Component: Engine: SCI
Keywords: Cc:
Game: Leisure Suit Larry 6

Description

Segfault while leaving the penthouse, in the lowres CD version of Leisure Suit Larry 6.

Backtrace:
#0 0x0000000000b8cb0b in READ_UINT16 (segMan=0x19b6430, list=..., offset=0) at ./common/endian.h:172
#1 read_point (segMan=0x19b6430, list=..., offset=0) at engines/sci/engine/kpathing.cpp:273
#2 0x0000000000b8f310 in convert_polygon (s=0x1a089e0, polygon=...) at engines/sci/engine/kpathing.cpp:1102
#3 0x0000000000b90396 in Sci::kAvoidPath (s=0x1a089e0, argc=3, argv=0x1a17ea0) at engines/sci/engine/kpathing.cpp:1414
#4 0x0000000000bb1c9f in callKernelFunc (s=0x1a089e0, kernelCallNr=119, argc=3) at engines/sci/engine/vm.cpp:725
#5 0x0000000000bb4d01 in Sci::run_vm (s=0x1a089e0) at engines/sci/engine/vm.cpp:1393

(gdb) frame 1
#1 read_point (segMan=0x19b6430, list=..., offset=0) at engines/sci/engine/kpathing.cpp:273
273 point.x = (int16)READ_LE_UINT16(list_r.raw + offset * POLY_POINT_SIZE);
(gdb) print list_r.raw
$3 = (byte *) 0x0
(gdb) print list
$4 = {segment = 61, offset = 0}

Ticket imported from: #3034501. Ticket imported from: bugs/4946.

Attachments (2)

lsl6cdl.000 (38.5 KB ) - added by DrMcCoy 9 years ago.
lsl6.000 (24.3 KB ) - added by digitall 9 years ago.
LSL Collection LSL6 Savegame Room 700

Download all attachments as: .zip

Change History (10)

by DrMcCoy, 9 years ago

Attachment: lsl6cdl.000 added

comment:1 by DrMcCoy, 9 years ago

Summary: SC, LSL6I: Segfault while leaving the penthouseSC, LSL6: Segfault while leaving the penthouse

comment:2 by DrMcCoy, 9 years ago

Summary: SC, LSL6: Segfault while leaving the penthouseSCI, LSL6: Segfault while leaving the penthouse

comment:3 by digitall, 9 years ago

I can replicate this issue which is occuring in Room 700
by leaving via the lift giving :
WARNING: SegManager::dereference(): Attempt to dereference invalid pointer 0041:0000!
WARNING: read_point(): Attempt to dereference invalid pointer 0041:0000!
prior to segfault or via the dumbwaiter giving :
WARNING: SegManager::dereference(): Attempt to dereference invalid pointer 003f:0000!
WARNING: read_point(): Attempt to dereference invalid pointer 003f:0000!
prior to segfault.

Attaching savegame from LSL Collection LSL6 version.

It is probably possible to complete the game, but only if you have everything for Shamara, before entering the Penthouse.

by digitall, 9 years ago

Attachment: lsl6.000 added

LSL Collection LSL6 Savegame Room 700

comment:4 by sev-, 9 years ago

Component: Engine: SCI
Game: Leisure Suit Larry 6

comment:5 by fingolfin, 9 years ago

Summary: SCI, LSL6: Segfault while leaving the penthouseLSL6: Segfault while leaving the penthouse

comment:6 by bluegr, 9 years ago

The warnings thrown are the actual cause of this. The actual issue is that the game tries to read a polygon from an invalid pointer when the elevator moves, and reads junk. I've changed the second warning in read_point() to an error, as an invalid pointer there is quite severe. It no longer segfaults, but we need to figure out where the game is trying to read from, or ignore the pathfinding calls for that script in that scene completely

comment:7 by bluegr, 9 years ago

Owner: set to bluegr
Resolution: fixed
Status: newclosed

comment:8 by bluegr, 9 years ago

Fixed in rev #52174.

The problem was that game scripts freed a polygon related to pathfinding, and then referenced it again

Note: See TracTickets for help on using tickets.