Crash in GL context with tUD's Serpent release

jengelh · Post by **jengelh** » Sat Nov 27, 2010 20:47

When trying to play The Ultimate Doomer's serpent.zip, I get a crash when rotating the player leftwards from its fixed starting position (the "roll your characteristics" switch). I have not seen this with other wads yet.
What I have determined so far:
* It does take some CXXFLAGS to trigger it: g++ CXXFLAGS="-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -funwind-tables -fasynchronous-unwind-tables" (since I let gzdoom build with the distro's tools, these get added.)
* Of course, Valgrind spews a lot of "read from uninitialized memory" warnings (svn1107), so that certainly is a sign that something's wrong. It's specifically GL code that is affected, plain zdoom was pretty much error-clean last time I ran that.
[spoiler]

Code: Select all

==6679== Memcheck, a memory error detector
==6679== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==6679== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==6679== Command: ./gzdoom -iwad /usr/share/zdoom/hexen.wad -file /home/jengelh/dmaps/SP/serpent.wad /home/jengelh/dmaps/SP/serpent.pk3 -width 320 -height 200 -warp 1 +fullscreen 0 -nosound -nomusic
==6679== 
GZDoom v1.5.6 - SVN revision 0 - SDL version
Compiled on Nov 27 2010

M_LoadDefaults: Load system defaults.
Gameinfo scan took 647 ms
W_Init: Init WADfiles.
 adding /home/jengelh/code_nosov/zdoom/gzdoom/dobj/gzdoom.pk4, 563 lumps
 adding /usr/share/zdoom/hexen.wad, 4270 lumps
 adding /home/jengelh/dmaps/SP/serpent.wad, 351 lumps
 adding /home/jengelh/dmaps/SP/serpent.pk3, 5633 lumps
I_Init: Setting up machine state.
CPU Vendor ID: GenuineIntel
  Family 6, Model 11, Stepping 1
  Features: MMX SSE
V_Init: allocate screen.
S_Init: Setting up sound.
ST_Init: Init startup screen.
P_Init: Checking cmd-line parameters...
G_ParseMapInfo: Load map definitions.
S_InitData: Load sound definitions.
Texman.Init: Init texture manager.
ParseTeamInfo: Load team definitions.
LoadActors: Load actor definitions.
R_Init: Init Hexen refresh subsystem.
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x8408BC5: FInternalLightAssociation::FInternalLightAssociation(FLightAssociation*) (gl_dynlight.cpp:974)
# 974: if (strlen(asso->FrameName())==5 || asso->FrameName()[5]=='0')
==6679==    by 0x8408CA8: gl_InitializeActorLights() (gl_dynlight.cpp:1021)
==6679==    by 0x84096D8: gl_ParseDefs() (gl_dynlight.cpp:1341)
==6679==    by 0x82DD292: R_Init() (r_main.cpp:761)
==6679==    by 0x81DA557: D_DoomMain() (d_main.cpp:2195)
==6679==    by 0x81A1B68: main (i_main.cpp:324)
==6679== 
DecalLibrary: Load decals.
M_Init: Init menus.
P_Init: Init Playloop state.
ParseSBarInfo: Loading default status bar definition.
ParseSBarInfo: Loading custom status bar definition.
D_CheckNetGame: Checking network game status.
player 1 of 1 (1 nodes)
Occlusion query enabled.
Resolution: 320 x 200



+MAP01 - lystern harbour

==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x82891DD: P_SpawnMapThing(FMapThing*, int) (p_mobj.cpp:4423)
# 4423: if (mthing->Conversation > 0)
==6679==    by 0x8297EAB: SpawnMapThing(int, FMapThing*, int) (p_setup.cpp:1602)
==6679==    by 0x82987E2: P_SpawnThings(int) (p_setup.cpp:1741)
==6679==    by 0x829E1A6: P_SetupLevel(char*, int) (p_setup.cpp:3980)
==6679==    by 0x81FFD3F: G_DoLoadLevel(int, bool) (g_level.cpp:875)
==6679==    by 0x81FF05F: G_InitNew(char const*, bool) (g_level.cpp:447)
==6679==    by 0x81DAAB3: D_DoomMain() (d_main.cpp:2334)
==6679==    by 0x81A1B68: main (i_main.cpp:324)
==6679== 
61 map sections found
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x49A58AE: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49A5EBD: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49A6969: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49737B4: SDL_PumpEvents (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x819F983: CenterMouse() (i_input.cpp:160)
# This one may not be so important
==6679==    by 0x819FD0F: I_CheckNativeMouse() (i_input.cpp:273)
==6679==    by 0x81A03F9: I_StartTic() (i_input.cpp:471)
==6679==    by 0x81DEAD4: NetUpdate() (d_net.cpp:932)
==6679==    by 0x81E05FE: TryRunTics() (d_net.cpp:1691)
==6679==    by 0x81D7A36: D_DoomLoop() (d_main.cpp:985)
==6679==    by 0x81DAAEC: D_DoomMain() (d_main.cpp:2348)
==6679==    by 0x81A1B68: main (i_main.cpp:324)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x49A58D2: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49A5EBD: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49A6969: ??? (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x49737B4: SDL_PumpEvents (in /usr/lib/libSDL-1.2.so.0.11.3)
==6679==    by 0x819F983: CenterMouse() (i_input.cpp:160)
==6679==    by 0x819FD0F: I_CheckNativeMouse() (i_input.cpp:273)
==6679==    by 0x81A03F9: I_StartTic() (i_input.cpp:471)
==6679==    by 0x81DEAD4: NetUpdate() (d_net.cpp:932)
==6679==    by 0x81E05FE: TryRunTics() (d_net.cpp:1691)
==6679==    by 0x81D7A36: D_DoomLoop() (d_main.cpp:985)
==6679==    by 0x81DAAEC: D_DoomMain() (d_main.cpp:2348)
==6679==    by 0x81A1B68: main (i_main.cpp:324)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83E18C0: vertex_t::GetClipAngle() (gl_clipper.h:146)
# 146: return angletime == Clipper::anglecache? viewangle : (angletime = Clipper::anglecache, viewangle = R_PointToPseudoAngle(viewx, viewy, x,y));
==6679==    by 0x83E0BB0: AddLine(seg_t*) (gl_bsp.cpp:116)
==6679==    by 0x83E1096: AddLines(subsector_t*, sector_t*) (gl_bsp.cpp:322)
==6679==    by 0x83E12E5: DoSubsector(subsector_t*) (gl_bsp.cpp:438)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83E18C0: vertex_t::GetClipAngle() (gl_clipper.h:146)
==6679==    by 0x83E0BC0: AddLine(seg_t*) (gl_bsp.cpp:117)
==6679==    by 0x83E1096: AddLines(subsector_t*, sector_t*) (gl_bsp.cpp:322)
==6679==    by 0x83E12E5: DoSubsector(subsector_t*) (gl_bsp.cpp:438)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83E18C0: vertex_t::GetClipAngle() (gl_clipper.h:146)
==6679==    by 0x83E0BB0: AddLine(seg_t*) (gl_bsp.cpp:116)
==6679==    by 0x83E1075: AddLines(subsector_t*, sector_t*) (gl_bsp.cpp:318)
==6679==    by 0x83E12E5: DoSubsector(subsector_t*) (gl_bsp.cpp:438)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679== 
==6679== Source and destination overlap in memcpy(0x96aa200, 0x96aa180, 132)
==6679==    at 0x4028115: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==6679==    by 0x83D5F01: FHardwareTexture::LoadImage(unsigned char*, int, int, unsigned int&, int, bool, int) (gl_hwtexture.cpp:157)
# 157: memcpy(scaledbuffer + rw * h * 4, scaledbuffer + rw * (h-1) * 4, w*4 + 4);
==6679==    by 0x83D6884: FHardwareTexture::CreateTexture(unsigned char*, int, int, bool, int, int, int) (gl_hwtexture.cpp:405)
==6679==    by 0x83DA224: FGLTexture::BindPatch(int, int, int, int) (gl_material.cpp:500)
==6679==    by 0x83DB0EB: FMaterial::BindPatch(int, int) (gl_material.cpp:893)
==6679==    by 0x83F16F1: GLSprite::Draw(int) (gl_sprite.cpp:206)
==6679==    by 0x83E61D4: GLDrawList::DoDraw(int, int) (gl_drawinfo.cpp:719)
==6679==    by 0x83E6226: GLDrawList::DoDrawSorted(SortNode*) (gl_drawinfo.cpp:740)
==6679==    by 0x83E62FB: GLDrawList::DrawSorted() (gl_drawinfo.cpp:768)
==6679==    by 0x83FCD16: FGLRenderer::RenderTranslucent() (gl_scene.cpp:548)
==6679==    by 0x83FCE12: FGLRenderer::DrawScene(bool) (gl_scene.cpp:590)
==6679==    by 0x83FDCB2: FGLRenderer::ProcessScene(bool) (gl_scene.cpp:855)
==6679== 

The view is now loaded. Turning 90 deg left gives the crash then (when used w/o valgrind):

==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83EB61F: GLFlat::PutFlat(bool) (gl_flats.cpp:465)
# 465: bool masked = gltexture->isMasked() && ((renderflags&SSRF_RENDER3DPLANES) || stack);
==6679==    by 0x83EA526: GLFlat::Process(sector_t*, int, bool) (gl_flats.cpp:525)
==6679==    by 0x83EAAF9: GLFlat::ProcessSector(sector_t*) (gl_flats.cpp:683)
==6679==    by 0x83D2083: FGLRenderer::ProcessSector(sector_t*) (gl_renderer.cpp:177)
==6679==    by 0x83E1442: DoSubsector(subsector_t*) (gl_bsp.cpp:483)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679==    by 0x83E158E: gl_RenderBSPNode(void*) (gl_bsp.cpp:546)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83E18C0: vertex_t::GetClipAngle() (gl_clipper.h:146)
==6679==    by 0x83E0BB0: AddLine(seg_t*) (gl_bsp.cpp:116)
==6679==    by 0x83E0ED6: PolySubsector(subsector_t*) (gl_bsp.cpp:228)
==6679==    by 0x83E0F81: RenderPolyBSPNode(void*) (gl_bsp.cpp:266)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E1004: AddPolyobjs(subsector_t*) (gl_bsp.cpp:288)
==6679==    by 0x83E103D: AddLines(subsector_t*, sector_t*) (gl_bsp.cpp:307)
==6679==    by 0x83E12E5: DoSubsector(subsector_t*) (gl_bsp.cpp:438)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679== 
==6679== Conditional jump or move depends on uninitialised value(s)
==6679==    at 0x83E18C0: vertex_t::GetClipAngle() (gl_clipper.h:146)
==6679==    by 0x83E0BC0: AddLine(seg_t*) (gl_bsp.cpp:117)
==6679==    by 0x83E0ED6: PolySubsector(subsector_t*) (gl_bsp.cpp:228)
==6679==    by 0x83E0F81: RenderPolyBSPNode(void*) (gl_bsp.cpp:266)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E0F2F: RenderPolyBSPNode(void*) (gl_bsp.cpp:253)
==6679==    by 0x83E1004: AddPolyobjs(subsector_t*) (gl_bsp.cpp:288)
==6679==    by 0x83E103D: AddLines(subsector_t*, sector_t*) (gl_bsp.cpp:307)
==6679==    by 0x83E12E5: DoSubsector(subsector_t*) (gl_bsp.cpp:438)
==6679==    by 0x83E15E7: gl_RenderBSPNode(void*) (gl_bsp.cpp:560)
==6679==

[/spoiler]

Post by **Graf Zahl** » Sat Nov 27, 2010 21:56

The Valgrind stuff is useless for tracking down this particular problem. Most of what gets listed is basically harmless. Yes, there may be some uninitialized data but it can't possibly cause a crash. The worst that would happen is some glitched graphics for a single frame.

How about a crash log?

jengelh · Post by **jengelh** » Sun Nov 28, 2010 1:30

Preliminary output. Out of bounds access.
[spoiler]

Code: Select all

+MAP01 - lystern harbour

61 map sections found

# added a printf in the function
[...]
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd610
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd5b0
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd5b0
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd640
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd640
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd520
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd520
void GLFlat::PutFlat(bool) light=0 masked=0 foggy=0 list=5 list=5 0x9c6b120
void GLDrawList::AddFlat(GLFlat*): this=0x9c6b120 flat=0xafffd550
void GLFlat::PutFlat(bool) light=0 masked=240 foggy=0 list=1058437396 list=1058437396 0xd30b10a4
void GLDrawList::AddFlat(GLFlat*): this=0xd30b10a4 flat=0xafffd550

Program received signal SIGSEGV, Segmentation fault.
GLDrawList::AddFlat (this=0x9ac44b2c, flat=0xafffd580)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_drawinfo.cpp:868
868             drawitems.Push(GLDrawItem(GLDIT_FLAT,flats.Push(*flat)));
(gdb) p *this
Cannot access memory at address 0x9ac44b2c
(gdb) p *flat
$1 = {sector = 0xa3ba05f8, sub = 0x0, dz = 0, z = -1620.01733, gltexture = 
    0x9c7c7a0, Colormap = {LightColor = {{{b = 255 '\377', g = 255 '\377', r = 
    255 '\377', a = 0 '\000'}, d = 16777215}}, FadeColor = {{{b = 0 '\000', 
          g = 0 '\000', r = 0 '\000', a = 0 '\000'}, d = 0}}, colormap = 0, 
    blendfactor = 0}, renderstyle = STYLE_Translucent, alpha = 1, plane = {
    texture = {texnum = 9208}, plane = {a = 29309, b = 0, c = -58617, d = 
    -94961464, ic = -73271}, texheight = -94961464, xoffs = 0, yoffs = 0, 
    xscale = 65536, yscale = 65536, angle = 0}, lightlevel = 160, stack = 84, 
  foggy = false, ceiling = true, renderflags = 2 '\002', vboindex = 108732, 
  vboheight = -63014, dynlightindex = -1556803800}
(gdb) bt
#0  GLDrawList::AddFlat (this=0x9ac44b2c, flat=0xafffd580)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_drawinfo.cpp:868
#1  0x0832c927 in PutFlat (this=0xafffd580, model=0xa3ba05f8, whichplane=1, 
    fog=false)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_flats.cpp:484
#2  GLFlat::Process (this=0xafffd580, model=0xa3ba05f8, whichplane=1, fog=
    false)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_flats.cpp:525
#3  0x0832cd43 in GLFlat::ProcessSector (this=0xafffd580, frontsector=
    0xa3ba05f8)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_flats.cpp:683
#4  0x08319ce1 in FGLRenderer::ProcessSector (this=0x9106c88, fakesector=
    0xa3ba05f8)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/renderer/gl_renderer.cpp:177
#5  0x08324932 in DoSubsector (sub=<value optimized out>)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:483
#6  0x08324afa in gl_RenderBSPNode (node=0xa3c7f285)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:560
---Type <return> to continue, or q <return> to quit---
#7  0x08324ac6 in gl_RenderBSPNode (node=0xa3273068)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#8  0x08324ac6 in gl_RenderBSPNode (node=0xa32730a4)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#9  0x08324ac6 in gl_RenderBSPNode (node=0xa327320c)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#10 0x08324ac6 in gl_RenderBSPNode (node=0xa3273b30)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#11 0x08324ac6 in gl_RenderBSPNode (node=0xa3273ba8)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#12 0x08324ac6 in gl_RenderBSPNode (node=0xa3273be4)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#13 0x08324ac6 in gl_RenderBSPNode (node=0xa3273c20)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#14 0x08324ac6 in gl_RenderBSPNode (node=0xa32997e0)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#15 0x08324ac6 in gl_RenderBSPNode (node=0xa32e7d8c)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_bsp.cpp:546
#16 0x0833ad18 in FGLRenderer::CreateScene (this=0x9106c88)
---Type <return> to continue, or q <return> to quit---
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_scene.cpp:319
#17 0x0833b773 in FGLRenderer::DrawScene (this=0x9106c88, toscreen=true)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_scene.cpp:572
#18 0x0833c566 in FGLRenderer::ProcessScene (this=0x9106c88, toscreen=true)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_scene.cpp:855
#19 0x0833c952 in FGLRenderer::RenderViewpoint (this=0x9106c88, camera=
    0x9a93210, bounds=0x0, fov=90, ratio=1.60000002, fovratio=1.60000002, 
    mainview=true, toscreen=true)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_scene.cpp:944
#20 0x0833cc05 in FGLRenderer::RenderView (this=0x9106c88, player=0x8525600)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/scene/gl_scene.cpp:1059
#21 0x0834c312 in OpenGLFrameBuffer::RenderView (this=0x86367c0, player=
    0x8525600)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/gl/system/gl_framebuffer.cpp:619
#22 0x08162dfd in D_Display ()
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/d_main.cpp:741
#23 0x08163d8a in D_DoomLoop ()
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/d_main.cpp:989
---Type <return> to continue, or q <return> to quit---
#24 0x08166360 in D_DoomMain ()
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/d_main.cpp:2348
#25 0x08137e10 in main (argc=16, argv=0xafffee34)
    at /home/jengelh/code_nosov/zdoom/gzdoom/src/sdl/i_main.cpp:324
(gdb)

[/spoiler]
I am also observing that - even while things go smooth - GLFlat::stack has values other than 0 or 1... which is very suspect too.

EDIT: Valgrind was right. Though it did not seem to print the use of GLFlat::stack in GLFlat::PutFlat, if it says anything about Reading uninitialized memory, I'm all ears. Undefined behavior does not necessarily mean "just a few visual glitches". This change fixed the crash for me:

Code: Select all

diff --git a/src/gl/renderer/gl_renderer.cpp b/src/gl/renderer/gl_renderer.cpp
index 42d710b..7522509 100644
--- a/src/gl/renderer/gl_renderer.cpp
+++ b/src/gl/renderer/gl_renderer.cpp
@@ -174,6 +174,7 @@ void FGLRenderer::ProcessParticle(particle_t *part, sector_t *sector)
 void FGLRenderer::ProcessSector(sector_t *fakesector)
 {
        GLFlat glflat;
+       memset(&glflat, 0, sizeof(glflat));
        glflat.ProcessSector(fakesector);
 }

Post by **Graf Zahl** » Sun Nov 28, 2010 10:41

That might fix the uninitialized memory but it still doesn't explain why it crashed. Even with the random data the crash is in a place where it only can happen if something got corrupted elsewhere.

jengelh · Post by **jengelh** » Sun Nov 28, 2010 15:54

Graf Zahl wrote:That might fix the uninitialized memory but it still doesn't explain why it crashed.

Oh I though it did.

GLFlat::stack was uninitialized and happened to take on random values, such as 240. (It seems that) The optimizer has seen that it was uninitialized (this only triggered on -O1 and up), therefore made its optimizations the standard permitted it to. The assignment

Code: Select all

bool masked = gltexture->isMasked() && ((renderflags & SSRF_RENDER3DPLANES) || stack);

logically also took on an undefined value (240 in my case), and then

Code: Select all

list = list_indices[light][masked][foggy];

basically initiated the an out-of-bounds request that happened to hit mapped, but still uninitialized memory, therefore, the value of "list" was undefined too, and GLDrawList::AddFlat's

Code: Select all

drawitems.Push(GLDrawItem(GLDIT_FLAT,flats.Push(*flat)));

then finally went to access unmapped memory.

Hope that helps.

Post by **Graf Zahl** » Sun Nov 28, 2010 16:42

Then GCC's code generator is doing some really wonky stuff here.

It should never - ever! - assign a value other than 0 or 1 to a boolean variable from an expression like this. And the array needs to be valid for both 0 and 1. With MSVC all it did was to use the 'masked' array instead of the 'regular' one. No real harm done. The worst I could provoke with this error was to draw flats using a masked texture with alpha testing on instead of off.

(Not that this really surprises me with all the horror stories I read about the GCC optimizer...)

jengelh · Post by **jengelh** » Mon Nov 29, 2010 21:17

Then GCC's code generator is doing some really wonky stuff here.

For "a = b || c" (bool a, int b, bool c), GCC-4.5 produces this for i586:

Code: Select all

  b8 01 00 00 00          mov    a,0x1
  83 7d 08 01             test   b,b
  75 05                   jne    .L2
  0f b6 44 24 1f          movzx  a,c
.L2:
  /* result is now in a */

This looks legit to me. By declaring c (our "stack" member variable) as bool, you guaranteed that it would only ever have values 0/1, if it was assigned to with C statements as a bool.

Post by **Graf Zahl** » Mon Nov 29, 2010 21:57

Well, at least the underlying problem was something that had to be fixed anyway. I still don't see the benefits of code optimizations that this easily can screw up though.

DRD Team

Crash in GL context with tUD's Serpent release

Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release

Re: Crash in GL context with tUD's Serpent release