View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000803 | LDMud 3.3 | Runtime | public | 2012-04-13 04:29 | 2012-12-05 19:24 |
| Reporter | manongjohn | Assigned To | zesstra | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | unable to reproduce | ||
| Platform | Linux | OS | Ubuntu | OS Version | 10.04.4 LTS |
| Product Version | 3.3.719 | ||||
| Summary | 0000803: Mud crashes when 0 value sent to sprintf() for non-int fields | ||||
| Description | When a 0 value is passed as parameter to sprintf() for a non-int field (well at least string and float fields), the mud immediately stops. | ||||
| Steps To Reproduce | lpc return sprintf("%s", 0) or lpc return sprintf("%.1f", 0) | ||||
| Tags | No tags attached. | ||||
| Attached Files | t-0000803.c (270 bytes)
#include "/inc/base.inc"
void run_test()
{
mixed value = 0;
msg("\nRunning test for #0000803:\n"
"--------------------------\n");
catch(sprintf(">>> %25s", value));
shutdown(0);
}
string *epilog(int eflag)
{
run_test();
return 0;
}
| ||||
|
|
Just wanted to provide a simple code sample of what would crash our mud since my "Steps to reproduce" make it look like I am just passing a 0 literal to sprintf(): // testxxx.c void xxx() { string tmp, value; value = this_player()->query_foo(); // Should set value = 0 tmp = sprintf(">>> %s", value); // Should crash here. this_player()->tell_me(tmp); } call testxxx xxx or lpc return "testxxx"->xxx() |
|
|
Huh. I can't reproduce this. I get the correct error message "(s)printf(): incorrect argument type to ..." and there is no crash. Are you sure you are using 3.3.719? Could you please give us some more information about your host system, e.g. the operating system, host architecture? If we can't reproduce the issue, we probably need a core dump from you to look at. |
|
|
Hi. Thanks for looking into it. Yes, we are using 3.3.719. We did do some more testing and found it only occurs if field or precision is specified in the sprintf expression. My example, unfortunately didnt have that which is probably why you could not reproduce. Please try changing the statement to: sprintf(">>> %25s", value) and see if you can reproduce it now. Thanks |
|
|
Unfortunately, I am still unable to reproduce the crash even with sprintf(">>> %25s", value) and value being 0. |
|
|
I can't either. |
|
|
Just to make double-sure since I already encountered sefuns for sprintf on rare occasions: sprintf is not masked by a simul_efun in your mudlib? |
|
|
No simul_efuns masking sprintf. We also tried it on the latest driver you have posted and it had the same issue. |
|
|
I attached a test case (t-0000803.c) to this bug. It works for me. Could you please test it (put it into the test/ directory of the driver sources and execute it with './run.sh t-0000803.c')? If it indeed crashes could you give us a core dump? |
|
|
Unfortunately no core file is generated when the mud crashes. Here is some information of our current mud version from on of our log files === Mud driver_runtime.log 2012.04.19 22:37:03 LDMud 3.3.719 (Build 2618) (stable) 2012.04.19 22:37:03 mySQL 5.1.61 2012.04.19 22:37:03 Attempting to start erq '/home/stickmud/driver/erq'. 2012.04.19 22:37:03 Hostname 'Tron' address '-' 2012.04.19 22:37:03 UDP recv-socket requested for port: 7690 2012.04.19 22:37:07 LDMud ready for users. === Shell messages upon login to server Linux Tron 2.6.32-33-generic 0000070-Ubuntu SMP Thu Jul 7 21:09:46 UTC 2011 i686 GNU/Linux Ubuntu 10.04.4 LTS Welcome to Ubuntu! I don't own the machine so if you need any detailed information, please let me know what you are looking for specfically and I will contact the owner to try and get it. Might take a little time though. |
|
|
Oh I just saw your note about the test case...will get back to you with the results |
|
|
Just performed your test. This came to screen: Running test for 0000803: -------------------------- Segmentation fault Test t-0000803.c FAILED. The following tests FAILED: -e t-0000803.c No core dump was generated. |
|
|
I just ran the ldmud driver manually (instead of in the background through a script) and had the output go to standard out instead of a log. I logged into the mud in another window and caused the mud to crash. The mud died and in the other window I saw this: [xerq] read: Success 2012.04.21 13:30:26 [xerq] Demon exiting. Memory fault |
|
|
I'm on the mud with manongjohn. I built the driver with ERQ_DEBUG set to 1, changed the machine.h to use util/erq/erq.h (from util/erqx/erq.h) and crashed the mud. This is what I got: 2012.04.21 16:16:25 [erq] select returns 1 2012.04.21 16:16:25 [erq] queried all children 2012.04.21 16:16:25 [erq] read: EOF 2012.04.21 16:16:25 [erq] Read 0, should be 9! 2012.04.21 16:16:25 [erq] Giving up. [2]- Segmentation fault ./testmud --debug-file $ROOT/mudlib/log/driver_runtime.log --hard-malloc-limit 0 7880 |
|
|
Two spontaneous comments: Changing machine.h manually is really not recommended. I think you should get your machine to generate a core dump. It may be as simple as issuing a 'ulimit -c unlimited' before starting the driver. It may be more complicated. Try to make the dump as small as possible (e.g. use the one from Gnomis test case once you get it). We will need the core dump AND the binary which produced the dump AND this binary MUST have debug symbols (i.e. configure with --enable-debug and possibly add -ggdb3 to the CFLAGS / EXTRA_CFLAGS before configuring) AND it is preferred if you compiled the driver without compiler optimizations (i.e. configure with --with-optimize=no). |
|
|
I returned to default configuration and the test passed. I'm modifying the configuration piece by piece to see what introduced the error. I should note that the mudlib is very old c.1992, and has been run under multiple drivers over the years. I'm not aware of who originally configured the ldmud driver, so configuration options that are set, I don't have an explanation for! |
|
|
I turned on debug information, then enabled all the features a few at a time, and eventually got all features included. The test consistently passed. I turned optimizations back on, and the test failed. I will leave optimizations turned on, and start again to see which feature introduces the problem. |
|
|
Default configuration with optimizations set to $(MED_OPTIMIZE) fails the test. Default configuration with optimizations set to $(NO_OPTIMIZE) passes the test. |
|
|
With fprintfs and fflushes, I find the code stops executing at the following point: in sprintf.c :: string_print_formatted() After the case INFO_T_STRING: the following two lines are in there: if (carg->type != T_STRING) ERROR1(ERR_INCORRECT_ARG, 's'); The if check runs, and the ERROR1 fails. |
|
|
I followed the longjmp to the setjmp in the string_print_formatted() function, and it executes until the following line: if (st->ptable) This causes the segmentation fault. The following line is not executed. Nor is the line after the if on false condition. I know the core dump won't help, but perhaps the other configurations might... What should I try next? |
|
|
I am very sorry that I am not of much help currently. I am still in the process of moving, don't have decent internet connectivity and obviously too little time. However, the core dump could be helpful if you stick to note 0000803:0002121. If the crash does not happen without optimization, then leave it on, but stick to the rest of it. Unfortunately, my access to a linux machine with development tools is currently limited as well, but I will see what can be done or maybe Gnomi could have a look. If it is an issue with optimization, it might also be some compiler flaw. You could try to use a different compiler version (older, newer, clang instead of gcc etc.) |
|
|
Any chance getting a core dump with binary (and source)? |
|
|
I'll give it a shot soon! |
|
|
Closing this, because we can't reproduce and there is no core dump. Please re-open the issue if new information (e.g. core dump) is available. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-04-13 04:29 | manongjohn | New Issue | |
| 2012-04-13 06:29 | manongjohn | Note Added: 0002108 | |
| 2012-04-14 12:01 | zesstra | Note Added: 0002109 | |
| 2012-04-14 21:33 | manongjohn | Note Added: 0002110 | |
| 2012-04-21 11:54 | zesstra | Note Added: 0002111 | |
| 2012-04-21 12:15 | Gnomi | Note Added: 0002112 | |
| 2012-04-21 15:05 | Sorcerer | Note Added: 0002113 | |
| 2012-04-21 15:29 | manongjohn | Note Added: 0002114 | |
| 2012-04-21 15:39 | Gnomi | File Added: t-0000803.c | |
| 2012-04-21 15:41 | Gnomi | Note Added: 0002115 | |
| 2012-04-21 15:43 | manongjohn | Note Added: 0002116 | |
| 2012-04-21 15:44 | manongjohn | Note Added: 0002117 | |
| 2012-04-21 16:27 | manongjohn | Note Added: 0002118 | |
| 2012-04-21 16:32 | manongjohn | Note Added: 0002119 | |
| 2012-04-21 19:19 | Kieve | Note Added: 0002120 | |
| 2012-04-21 23:06 | zesstra | Note Added: 0002121 | |
| 2012-04-21 23:56 | Kieve | Note Added: 0002122 | |
| 2012-04-22 00:47 | Kieve | Note Added: 0002123 | |
| 2012-04-22 02:00 | Kieve | Note Added: 0002124 | |
| 2012-04-22 13:17 | Kieve | Note Added: 0002125 | |
| 2012-04-22 13:26 | Kieve | Note Added: 0002126 | |
| 2012-04-22 13:26 | Kieve | Note Edited: 0002126 | |
| 2012-04-22 13:27 | Kieve | Note Edited: 0002126 | |
| 2012-04-22 17:30 | Kieve | Note Edited: 0002126 | |
| 2012-04-22 21:08 | Kieve | Note Edited: 0002126 | |
| 2012-04-23 11:41 | Kieve | File Added: core.gz | |
| 2012-04-23 11:41 | Kieve | File Added: config.h | |
| 2012-04-23 11:41 | Kieve | File Added: machine.h | |
| 2012-04-24 04:25 | Kieve | Note Edited: 0002126 | |
| 2012-05-12 14:36 | zesstra | Note Added: 0002127 | |
| 2012-06-04 20:54 | zesstra | Note Added: 0002129 | |
| 2012-06-04 20:54 | zesstra | Status | new => feedback |
| 2012-06-05 16:47 | Kieve | Note Added: 0002130 | |
| 2012-12-05 19:24 | zesstra | Note Added: 0002164 | |
| 2012-12-05 19:24 | zesstra | Status | feedback => closed |
| 2012-12-05 19:24 | zesstra | Assigned To | => zesstra |
| 2012-12-05 19:24 | zesstra | Resolution | open => unable to reproduce |
