Bug#406234: crash after winning

Ariel asdebian at dsgml.com
Tue Feb 27 12:20:39 CET 2007 

On Tue, 27 Feb 2007, Bruno Ethvignot wrote:

> Ariel a écrit :
>> This bug is not so easy to debug if you have to win the game to trigger it! 
>> Otherwise I'd compile a debug version, and try it. (Is there a cheat mode?)

> Yes a debug/cheat mode exists!

That's very cool!

I compiled a debug version and tried to figure out what was going on. (I 
also had to change configure.ac and add -g to CXXFLAGS.)

I could not figure it out, but let me give you what I was able to find.

Also, I uncommented the printf in chaine.cpp line 143.


Here is a backtrace:
(gdb) bt
#0  0xb7c5c947 in raise () from /lib/tls/libc.so.6
#1  0xb7c5e0c9 in abort () from /lib/tls/libc.so.6
#2  0xb7c91fda in __libc_message () from /lib/tls/libc.so.6
#3  0xb7c9989f in _int_free () from /lib/tls/libc.so.6
#4  0xb7c99942 in free () from /lib/tls/libc.so.6
#5  0xb7e45361 in operator delete () from /usr/lib/libstdc++.so.6
#6  0xb7e453bd in operator delete[] () from /usr/lib/libstdc++.so.6
#7  0x0804c58d in _chaine::~_chaine ()
#8  0x0804d379 in _destroy_congra ()
#9  0x0806eb53 in main ()


And here is me single stepping through the function:


(gdb) s
~_chaine (this=0x8342210) at chaine.cpp:143
143       printf("_chaine::~_chaine() %i %s 2\n", pAscii_allocted, pAscii);
(gdb)
_chaine::~_chaine() 1 MOOARCKS                               2
144       if(pAscii && pAscii_allocted)
(gdb)
145         delete [] pAscii;
(gdb)
*** glibc detected *** free(): invalid pointer: 0x080aaa00 ***



The printf I uncommented makes output like this:



_chaine::~_chaine() 1 00000644 2
_chaine::~_chaine() 1 00001250 2
_chaine::~_chaine() 1 00002500 2
_chaine::~_chaine() 1 00005000 2
_chaine::~_chaine() 1 00010000 2
_chaine::~_chaine() 0     2
_chaine::~_chaine() 0 TLK 2
_chaine::~_chaine() 0 TLK 2
_chaine::~_chaine() 0 TLK 2
_chaine::~_chaine() 0 TLK 2
_chaine::~_chaine() 0 GAME 2
_chaine::~_chaine() 0 OVER 2
_chaine::~_chaine() 1 MOOARCKS                               2
*** glibc detected *** free(): invalid pointer: 0x080aaa00 ***



Notice how MOOARCKS has lots of spaces after it, before printing the 2, 
it's also the only one where pAscii_allocted is true.

The crash happens when trying to delete that pAscii string.

Hope this helps.

 	-Ariel

More information about the Pkg-games-devel mailing list