View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000559LDMud 3.3Portabilitypublic2008-08-09 17:452009-01-14 15:32
Reporterzesstra Assigned Tozesstra  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSMacOS XOS Version10.5.x
Target Version3.3.719Fixed in Version3.3.719 
Summary0000559: Crash in functionlist() (64 bit issue)
DescriptionThere is a crash in f_functionlist(), presumably on 64 bit systems.
As we had a reboot and major mudlib update (with plenty of own problems) today I hadn't had the time to look into it, but the crash occurs in line 1877:
1871 /* If its a cross-defined function, get the flags from
1872 * real definition and let j point to it.
1873 */
1874 if ( !~(flags | ~(NAME_INHERITED|NAME_CROSS_DEFINED) ) ) {
1875 active_flags |= NAME_CROSS_DEFINED;
1876 j = (long)CROSSDEF_NAME_OFFSET(flags);
1877 flags = fun[j];
1878 j += i;

CROSSDEF_NAME_OFFSET seems to calculate a wrong offset j (s. additional information as well).
Steps To ReproduceCompile the driver for an LP64 platform and execute
functionlist(find_object("/some/object"),RETURN_FUNCTION_NAME)
where /some/object should have some cross-defined inherited function.
Additional InformationProgram received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000503436e3c
0x00000001000a4224 in f_functionlist (sp=0x10017ff10) at object.c:1877
1877 flags = fun[j];
(gdb) bt full
#0 0x00000001000a4224 in f_functionlist (sp=0x10017ff10) at object.c:1877
    funstart = (fun_hdr_p) 0x10345e6a8 "\001"
    active_flags = 2148139008
    ob = (object_t *) 0x1034479a0
    mode_flags = 1
    prog = (program_t *) 0x103432380
    num_functions = 597
    vis_tags = 0x7fff5fbf9ca0 "\005\005\005\005\005\005\005\001\005\005\005\005\005", '\001' <repeats 12 times>, "\005\005\001\001\005\005\005\005\005\005\005\005\005\005", '\001' <repeats 29 times>, "\005\001", '\005' <repeats 16 times>, '\001' <repeats 24 times>, '\005' <repeats 11 times>, "\001", '\005' <repeats 18 times>, "\001", '\005' <repeats 19 times>, "\001\001\001\005", '\001' <repeats 11 times>, "\005\005\001\001\001\001\001\001\001\001\005\005\005\005\005\005\005\005\001\001\001\001\001\001\001"...
    list = (vector_t *) 0x104e52220
    svp = (svalue_t *) 0x104e544e0
    fun = (uint32 *) 0x1034373fc
    defprog = (program_t *) 0x103432380
    flags = 2148138640
    ixp = (short unsigned int *) 0x103436990
    i = 553
    j = 4294966928
[...]
TagsNo tags attached.

Relationships

related to 0000566 assignedzesstra LDMud 3.5 Replace Code-Defines by static inline functions 
child of 0000555 closed LDMud 3.5 Complete support for 64bit (LP64) architectures 

Activities

zesstra

2009-01-04 17:09

administrator   ~0000850

Ok... I had a second look:
(All on an LP64 machine -> sizeof(long)==8)

CROSSDEF_NAME_OFFSET is:
#define CROSSDEF_NAME_OFFSET(flags) \
     (((flags) & INHERIT_MASK) - ((INHERIT_MASK + 1) >> 1))

flags was 2215247613, so:
    (2215247613 & 262143) - ((262143 +1) >> 1)
which should be -259.
BUT: in functionlist() flags is a uint32, so the -259 are actually 4294967037. Now, these are implicitly converted to long, used for indexing and - ZAP.

Most other users of CROSSDEF_NAME_OFFSET use it with a signed int which result in the correct -259.

Gnomi pointed out an interesting part in interpret.c (setup_new_frame1() and eval_instruction()). It uses a uint32 flags as well, so the CROSSDEF_NAME_OFFSET define also calculates to 4294967037. BUT: in interpret.c the result is implicitly converted to signed int before using it. 4294967037 is larger than INT32_MAX, so during the conversion, it wraps around and is interpreted as -259 which again works (more by chance, I would say)...

So... Another case for not using defines. ;-)

zesstra

2009-01-14 15:32

administrator   ~0000891

This should be fixed by r2492. That patch introduces a properly typed CROSSDEF_NAME_OFFSET (and others).

Issue History

Date Modified Username Field Change
2008-08-09 17:45 zesstra New Issue
2008-08-14 14:18 zesstra Relationship added child of 0000555
2009-01-04 17:09 zesstra Note Added: 0000850
2009-01-04 17:10 zesstra Relationship added related to 0000566
2009-01-04 17:11 zesstra Status new => assigned
2009-01-04 17:11 zesstra Assigned To => zesstra
2009-01-08 05:05 zesstra Target Version => 3.3.719
2009-01-14 15:32 zesstra Note Added: 0000891
2009-01-14 15:32 zesstra Status assigned => resolved
2009-01-14 15:32 zesstra Fixed in Version => 3.3.719
2009-01-14 15:32 zesstra Resolution open => fixed