Bug#929513: marsshooter: Segfaults a few seconds after starting

Bernhard Übelacker bernhardu at mailbox.org
Tue May 28 10:05:29 BST 2019 

Control: tags -1 patch upstream



Dear Maintainer,
I tried to have a look at this crash and I think I found something.

It seems to be caused by this function in class NoSpecial:
        float radius() const {}

It is declared as returning float, but does not return a value.

In the build logs is also a warning visible [1].

See below an example debug session that shows before the call instruction
a proper backtrace, but one instruction later a completely different.

A package built with attached patch does not show this crash.
It tries to eliminate also some more of these missing returns.

Kind regards,
Bernhard





[1] https://buildd.debian.org/status/fetch.php?pkg=marsshooter&arch=amd64&ver=0.7.6-3&stamp=1532827287&raw=0

    cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/src && /usr/bin/c++   -I/<<PKGBUILDDIR>>/include  -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2   -o CMakeFiles/marsshooter.dir/Specials/specials.cpp.o -c /<<PKGBUILDDIR>>/src/Specials/specials.cpp
    In file included from /<<PKGBUILDDIR>>/src/Specials/NoSpecial.cpp:18:
    /<<PKGBUILDDIR>>/include/Specials/NoSpecial.hpp: In member function 'virtual float NoSpecial::radius() const':
    /<<PKGBUILDDIR>>/include/Specials/NoSpecial.hpp:35:31: warning: no return statement in function returning non-void [-Wreturn-type]
            float radius() const {}
                                ^
    [ 80%] Building CXX object src/CMakeFiles/marsshooter.dir/System/Color3f.cpp.o


[2]
benutzer at debian:~$ gdb -q --args marsshooter
Reading symbols from marsshooter...Reading symbols from /usr/lib/debug/.build-id/bf/d8237b92e187723721351090b278816250042c.debug...done.
done.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/source/marsshooter/orig/marsshooter-0.7.6
Source directories searched: /home/benutzer/source/marsshooter/orig/marsshooter-0.7.6:$cdir:$cwd
(gdb) b BotControllerChecks.cpp:96
Breakpoint 1 at 0x41cc1: file ./src/Controllers/BotControllerChecks.cpp, line 96.
(gdb) run
Starting program: /usr/games/marsshooter 
...
Searching for configuration file... Found /home/benutzer/.marsshooter/mars.cfg
Searching for data files... Found /usr/share/games/marsshooter/
Setting vertical sync not supported
[New Thread 0x7fffc1ffb700 (LWP 16916)]
Happy Gaming...

Thread 1 "marsshooter" hit Breakpoint 1, BotController::checkSpecial (this=0x555556023640) at ./src/Controllers/BotControllerChecks.cpp:96
96              float radius(ship()->currentSpecial_->radius());
(gdb) display/i $pc
1: x/i $pc
=> 0x555555595cc1 <BotController::checkSpecial()+97>:   mov    %rbx,%rdi
(gdb) nexti
0x0000555555595cc4      96              float radius(ship()->currentSpecial_->radius());
1: x/i $pc
=> 0x555555595cc4 <BotController::checkSpecial()+100>:  callq  0x555555598e00 <Controller::ship() const>
(gdb) stepi
Controller::ship (this=0x555556023640) at ./src/Controllers/Controller.cpp:102
102         return slave_->ship_;
1: x/i $pc
=> 0x555555598e00 <Controller::ship() const>:   mov    0x8(%rdi),%rax
(gdb) finish
Run till exit from #0  Controller::ship (this=0x555556023640) at ./src/Controllers/Controller.cpp:102
0x0000555555595cc9 in BotController::checkSpecial (this=0x555556023640) at ./src/Controllers/BotControllerChecks.cpp:96
96              float radius(ship()->currentSpecial_->radius());
1: x/i $pc
=> 0x555555595cc9 <BotController::checkSpecial()+105>:  mov    0x78(%rax),%rdi
Value returned is $1 = (Ship *) 0x555556022ea0
(gdb) print/x *$1->currentSpecial_
$2 = {_vptr.Special = 0x55555562eba8 <vtable for NoSpecial+16>, parent_ = 0x555556022ea0, timer_ = 0x0, type_ = 0x20, name_ = {static InvalidPos = 0xffffffffffffffff, m_string = "N\000\000\000o\000\000\000t\000\000\000h\000\000\000i\000\000\000n\000\000\000g\000\000\000"}}
(gdb) nexti
0x0000555555595ccd      96              float radius(ship()->currentSpecial_->radius());
1: x/i $pc
=> 0x555555595ccd <BotController::checkSpecial()+109>:  mov    (%rdi),%rax
(gdb) nexti
0x0000555555595cd0      96              float radius(ship()->currentSpecial_->radius());
1: x/i $pc
=> 0x555555595cd0 <BotController::checkSpecial()+112>:  callq  *0x10(%rax)
(gdb) bt
#0  0x0000555555595cd0 in BotController::checkSpecial (this=0x555556023640) at ./src/Controllers/BotControllerChecks.cpp:96
#1  0x0000555555594c12 in BotController::evaluate (this=<optimized out>) at ./src/Controllers/BotController.cpp:97
#2  0x0000555555607cfc in Team::evaluate (this=0x555556022600) at ./src/Teams/Team.cpp:102
#3  0x0000555555608b74 in teams::update () at ./src/Teams/teams.cpp:54
#4  0x000055555559d43c in Game::update (this=0x555555ff56b0) at ./src/Games/Game.cpp:104
#5  0x00005555555a0a67 in games::update () at ./src/Games/games.cpp:81
#6  0x00005555556050b9 in window::mainLoop () at ./src/System/window.cpp:191
#7  0x0000555555590363 in main (argc=1, argv=0x7fffffffe5f8) at ./src/main.cpp:86
(gdb) stepi
std::_Vector_base<Ship*, std::allocator<Ship*> >::_M_deallocate (this=<synthetic pointer>, __n=<optimized out>, __p=0x555556023640) at /usr/include/c++/8/bits/stl_vector.h:300
warning: Source file is more recent than executable.
300           _M_deallocate(pointer __p, size_t __n)
1: x/i $pc
=> 0x55555558ded6 <Shocker::activate() const+4294542326>:       cmpq   $0x0,0x10(%rsp)
(gdb) bt
#0  std::_Vector_base<Ship*, std::allocator<Ship*> >::_M_deallocate (this=<synthetic pointer>, __n=<optimized out>, __p=0x555556023640) at /usr/include/c++/8/bits/stl_vector.h:300
#1  std::_Vector_base<Ship*, std::allocator<Ship*> >::~_Vector_base (this=<synthetic pointer>, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/stl_vector.h:285
#2  std::vector<Ship*, std::allocator<Ship*> >::~vector (this=<synthetic pointer>, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/stl_vector.h:570
#3  Shocker::activate (this=0x555555595c9b <BotController::checkSpecial()+59>) at ./src/Specials/Shocker.cpp:70
#4  0x3f69c4a943c79c1c in ?? ()
#5  0x43c391afbed0b1fe in ?? ()
#6  0x4438b1f2c2fab74b in ?? ()
#7  0xbd61a8e1435e69e2 in ?? ()
#8  0x40cc0c88bff83c4e in ?? ()
#9  0x3f2d067fc002cb24 in ?? ()
#10 0x3c34871b41be55e4 in ?? ()
#11 0x40cc66cc3ec696a5 in ?? ()
#12 0x3f800000bfd3f09f in ?? ()
#13 0x64138a6ddba1ea00 in ?? ()
#14 0x0000555555633b90 in ?? ()
#15 0x0000555556019b18 in ?? ()
#16 0x0000555555ff56b0 in ?? ()
#17 0x00007fffffffe3a0 in ?? ()
#18 0x00007fffffffe5f0 in ?? ()
#19 0x0000000000000000 in ?? ()

More information about the Pkg-games-devel mailing list