Short: Crasher on corrupt string.
Date: Sun, 3 Mar 2002 18:37:02 -0600
From: Gnomi <Gnomi@UNItopia.bera.rus.Uni-Stuttgart.DE>
Type: Bug
State: Abandoned.
Driver: 3.2.9-dev.405
Hi,
Wir hatten heute einen Crash:
DEBUG: free_string(): 0x181c63cc '=8C=DE@=0C=FC[=8A=11=01' has 0 refs.
Free string: not found in string table! ("=8C=DE@=0C=FC[=8A=11=01")
2002.03.03 22:43:47 Free string: not found in string table!obj/player#78053=
0 i/player/player.c line 1125
dc764cd: 26 2 local (1: 28) line 1125
dc764cf: 107 simul_efun (2: 29)
secure/simul_efun/simul_efun secure/simul_efun/simul_efun.c (util.inc) line=
80
cf92097: 26 0 local (0: 29) line 80
cf92099: 185 objectp (1: 30)
cf9209a: 35 8 && (1: 30)
cf9209c: 7 49 cstring0 (0: 29)
cf9209e: 7 50 cstring0 (1: 30)
cf920a0: 26 0 local (2: 31)
cf920a2: 127 call_other (3: 32)
secure/master secure/master.c (/secure/master/check_level.inc) line 30
d539cbf: 78 257 clear_locals (0: 33) line 30
d539cc2: 26 0 local (0: 33) line 31
d539cc4: 185 objectp (1: 34)
d539cc5: 84 5633 branch_when_non_zero (1: 34)
d539cc8: 26 0 local (0: 33) line 33
d539cca: 184 object_name (1: 34)
d539ccb: 7 4 cstring0 (1: 34)
d539ccd: 94 1 push_local_variable_lvalue (2: 35)
d539ccf: 25 3 sscanf (3: 36)
d539cd1: 14 const1 (1: 34)
d539cd2: 48 =3D=3D (2: 35)
d539cd3: 36 11 || (1: 34)
d539cd5: 26 0 local (0: 33) line 34
d539cd7: 184 object_name (1: 34)
d539cd8: 7 5 cstring0 (1: 34)
d539cda: 94 1 push_local_variable_lvalue (2: 35)
d539cdc: 25 3 sscanf (3: 36)
d539cde: 14 const1 (1: 34)
d539cdf: 48 =3D=3D (2: 35)
d539ce0: 36 11 || (1: 34)
d539ce2: 26 0 local (0: 33) line 35
d539ce4: 184 object_name (1: 34)
d539ce5: 7 6 cstring0 (1: 34)
d539ce7: 94 1 push_local_variable_lvalue (2: 35)
d539ce9: 25 3 sscanf (3: 36)
d539ceb: 14 const1 (1: 34)
d539cec: 48 =3D=3D (2: 35)
d539ced: 21 return (1: 34)
secure/simul_efun/simul_efun secure/simul_efun/simul_efun.c (util.inc) line=
80
cf920a4: 21 return (1: 30) line 80
obj/player#780530 i/player/player.c line 1125
dc764d1: 83 branch_when_zero (2: 29) line 1125
dc764db: 7 245 cstring0 (1: 28)
dc764dd: 26 2 local (2: 29)
dc764df: 215 sprintf (3: 30)
secure/master secure/master.c (/secure/master/compiler_control.inc) line 173
d53e60f: 78 257 clear_locals (0: 32) line 173
d53e612: 26 0 local (0: 32) line 175
d53e614: 7 19 cstring0 (1: 33)
d53e616: 127 2 call_other (2: 34)
d53e618: 94 1 push_local_variable_lvalue (1: 33)
d53e61a: 38 (void)=3D (2: 34)
d53e61b: 26 1 local (0: 32) line 176
d53e61d: 216 stringp (1: 33)
d53e61e: 35 && (1: 33)
d53e625: 83 352393731 branch_when_zero (1: 33)
d53e62a: 26 0 local (0: 32) line 178
d53e62c: 7 198 cstring0 (1: 33)
d53e62e: 127 call_other (2: 34)
obj/zauberstab#780548 i/item/name.c line 178
a09da1b: 5 3 identifier (0: 34)
a09da1d: 21 return (1: 35)
secure/master secure/master.c (/secure/master/compiler_control.inc) line 178
d53e630: 94 1 push_local_variable_lvalue (1: 33)
d53e632: 38 (void)=3D (2: 34)
d53e633: 26 1 local (0: 32) line 179
d53e635: 216 stringp (1: 33)
d53e636: 35 5 && (1: 33)
d53e638: 26 1 local (0: 32)
d53e63a: 7 110 cstring0 (1: 33)
d53e63c: 49 !=3D (2: 34)
d53e63d: 83 3 branch_when_zero (1: 33)
d53e63f: 26 1 local (0: 32) line 180
d53e641: 21 return (1: 33)
obj/player#780530 i/player/player.c line 1126
dc764e1: 26 3 local (2: 29) line 1126
dc764e3: 87 call_function_by_address (3: 30)
obj/player#780530 i/player/event.c line 1169
c93f5a7: 78 259 clear_locals (0: 31) line 1169
c93f5aa: 26 2 local (0: 31) line 1170
c93f5ac: 217 strlen (1: 32)
c93f5ad: 84 5633 branch_when_non_zero (1: 32)
c93f5b0: 5 9 identifier (0: 31) line 1171
c93f5b2: 26 0 local (1: 32)
c93f5b4: 99 index (2: 33)
c93f5b5: 84 branch_when_non_zero (1: 32)
c93f5c0: 226 this_object (0: 31) line 1173
c93f5c1: 162 interactive (1: 32)
c93f5c2: 84 branch_when_non_zero (1: 32)
c93f60e: 26 0 local (0: 31) line 1191
c93f610: 7 179 cstring0 (1: 32)
c93f612: 48 =3D=3D (2: 33)
c93f613: 83 3 branch_when_zero (1: 32)
c93f615: 233 utime (0: 31)
c93f616: 82 -6911 branch (1: 32)
c93f619: 26 1 local (1: 32)
c93f61b: 26 2 local (2: 33)
c93f61d: 13 const0 (3: 34)
c93f61e: 108 4 aggregate (4: 35)
c93f621: 108 1 aggregate (1: 32)
c93f624: 26 0 local (1: 32)
c93f626: 89 9 push_identifier_lvalue (2: 33)
c93f628: 97 index_lvalue (3: 34)
c93f629: 64 (void)+=3D (2: 33)
c93f62a: 26 0 local (0: 31) line 1193
c93f62c: 7 179 cstring0 (1: 32)
c93f62e: 49 !=3D (2: 33)
c93f62f: 35 && (1: 32)
c93f63f: 83 branch_when_zero (1: 32)
c93f651: 26 0 local (0: 31) line 1195
c93f653: 7 179 cstring0 (1: 32)
c93f655: 48 =3D=3D (2: 33)
c93f656: 35 14 && (1: 32)
c93f658: 5 9 identifier (0: 31)
c93f65a: 26 0 local (1: 32)
c93f65c: 99 index (2: 33)
c93f65d: 213 sizeof (1: 32)
c93f65e: 16 200 clit (1: 32)
c93f660: 40 - (2: 33)
c93f661: 94 3 push_local_variable_lvalue (1: 32)
c93f663: 37 =3D (2: 33)
c93f664: 13 const0 (1: 32)
c93f665: 44 > (2: 33)
c93f666: 83 branch_when_zero (1: 32)
c93f676: 22 return0 (0: 31) line 1197
obj/player#780530 i/player/player.c line 1126
dc764e7: 76 pop_value (1: 28) line 1126
dc764e8: 26 1 local (0: 27) line 1127
dc764ea: 16 22 clit (1: 28)
dc764ec: 48 =3D=3D (2: 29)
dc764ed: 35 && (1: 28)
dc764f8: 83 branch_when_zero (1: 28)
dc76510: 26 1 local (0: 27) line 1130
dc76512: 16 14 clit (1: 28)
dc76514: 48 =3D=3D (2: 29)
dc76515: 83 branch_when_zero (1: 28)
dc7652d: 22 return0 (0: 27) line 1134
secure/simul_efun/simul_efun secure/simul_efun/simul_efun.c (comm.inc) line=
30
cf930d6: 76 pop_value (1: 22) line 30
cf930d7: 22 return0 (0: 21) line 31
obj/zauberstab#780548 i/tools/pipe.c line 284
c1f03d1: 76 pop_value (1: 20) line 284
c1f03d2: 23 break (0: 19)
c1f03ef: 7 0 cstring0 (0: 19) line 285
c1f03f1: 89 4 push_identifier_lvalue (1: 20)
c1f03f3: 38 (void)=3D (2: 21)
c1f03f4: 14 const1 (0: 19) line 286
c1f03f5: 21 return (1: 20)
obj/zauberstab#780548 i/zauberstab/zauberstab.c (/i/zauberstab/zmarker.inc)=
line 958
dd42642: 84 5633 branch_when_non_zero (1: 18) line 958
dd42645: 26 15 local (0: 17) line 960
dd42647: 8 233 cstring1 (1: 18)
dd42649: 99 index (2: 19)
dd4264a: 36 5 || (1: 18)
dd4264c: 26 15 local (0: 17)
dd4264e: 10 35 cstring3 (1: 18)
dd42650: 99 index (2: 19)
dd42651: 83 branch_when_zero (1: 18)
dd42663: 14 const1 (0: 17) line 963
dd42664: 21 return (1: 18)
p/Tool/obj/wicht#780544 p/Tool/obj/wicht.c line 791
cbfddcf: 78 512 clear_locals (0: 1) line 791
cbfddd2: 5 46 identifier (0: 1) line 793
cbfddd4: 135 closurep (1: 2)
cbfddd5: 57 ! (1: 2)
cbfddd6: 36 4 || (1: 2)
cbfddd8: 5 46 identifier (0: 1)
cbfddda: 438 182 to_object (1: 2)
cbfdddc: 83 7 branch_when_zero (1: 2)
cbfddde: 5 46 identifier (0: 1) line 794
cbfdde0: 154 funcall (1: 2)
obj/player#780530 i/player/tippse.c line 719
ce73717: 5 14 identifier (0: 11) line 719
ce73719: 217 strlen (1: 12)
ce7371a: 35 7 && (1: 12)
ce7371c: 5 14 identifier (0: 11)
ce7371e: 14 const1 (1: 12)
ce7371f: 100 rindex (2: 13)
ce73720: 16 10 clit (1: 12)
ce73722: 49 !=3D (2: 13)
ce73723: 83 7 branch_when_zero (1: 12)
ce73725: 226 this_object (0: 11) line 720
ce73726: 7 60 cstring0 (1: 12)
ce73728: 14 const1 (2: 13)
ce73729: 127 call_other (3: 14)
obj/player#780530 i/player/player.c line 1107
dc7646b: 26 0 local (0: 14) line 1107
dc7646d: 93 265 push_identifier16_lvalue (1: 15)
dc76470: 38 (void)=3D (2: 16)
dc76471: 22 return0 (0: 14) line 1108
obj/player#780530 i/player/tippse.c line 720
ce7372b: 76 pop_value (1: 12) line 720
ce7372c: 5 14 identifier (0: 11) line 721
ce7372e: 21 return (1: 12)
p/Tool/obj/wicht#780544 p/Tool/obj/wicht.c line 794
cbfdde2: 94 0 push_local_variable_lvalue (1: 2) line 794
cbfdde4: 38 (void)=3D (2: 3)
cbfdde5: 5 41 identifier (0: 1) line 795
cbfdde7: 57 ! (1: 2)
cbfdde8: 36 3 || (1: 2)
cbfddea: 5 40 identifier (0: 1)
cbfddec: 57 ! (1: 2)
cbfdded: 83 branch_when_zero (1: 2)
cbfddf6: 5 44 identifier (0: 1) line 796
cbfddf8: 13 const0 (1: 2)
cbfddf9: 48 =3D=3D (2: 3)
cbfddfa: 83 47 branch_when_zero (1: 2)
cbfddfc: 5 40 identifier (0: 1) line 798
cbfddfe: 7 117 cstring0 (1: 2)
cbfde00: 127 call_other (2: 3)
obj/player#780530 i/item/name.c line 112
b101853: 5 0 identifier (0: 3) line 112
b101855: 21 return (1: 4)
p/Tool/obj/wicht#780544 p/Tool/obj/wicht.c line 798
cbfde02: 94 1 push_local_variable_lvalue (1: 2) line 798
cbfde04: 37 =3D (2: 3)
cbfde05: 83 branch_when_zero (1: 2)
cbfde26: 7 134 cstring0 (0: 1) line 803
cbfde28: 21 return (1: 2)
cf92f11: 94 2 38 26 3 211 26 2
No program to trace.
2002.03.03 22:43:47 LDMud aborting on fatal error.
[xerq] read: Connection refused
2002.03.03 22:44:19 [xerq] Demon exiting.
#0 0x80e983e in fatal (
fmt=3D0x811ba40 "Free string: not found in string table!")
at simulate.c:622
622 *((char*)0) =3D 0/a;
(gdb) bt
#0 0x80e983e in fatal (
fmt=3D0x811ba40 "Free string: not found in string table!")
at simulate.c:622
#1 0x80f234f in checked (
s=3D0x811ba40 "Free string: not found in string table!",=20
str=3D0x181c63cc "\214=DE@\f=FC[\212\021\001") at stralloc.c:395
#2 0x80f25b1 in free_string (str=3D0x181c63cc "\214=DE@\f=FC[\212\021\001")
at stralloc.c:738
#3 0x80c44a6 in do_free_sub_strings (num_strings=3D17, strings=3D0xd626744=
,=20
num_variables=3D67, variable_names=3D0xd626788) at object.c:440
#4 0x80c46a8 in free_prog (progp=3D0xd626044, free_all=3D1) at object.c:534
#5 0x80c46e1 in free_prog (progp=3D0x988478c, free_all=3D1) at object.c:540
#6 0x80c41ed in _free_object (ob=3D0x182ce918) at object.c:257
#7 0x80ec241 in remove_destructed_objects () at simulate.c:2502
#8 0x805517c in cleanup_stuff () at backend.c:343
#9 0x8052da0 in backend () at backend.c:412
#10 0x80ba158 in main (argc=3D56, argv=3D0xbffffab4) at main.c:428
Dieses zerstoerte Programm (/w/rezinclov/tauchen/i/unter_dem_meer.c)
hatte (u.a.) folgenden Code:
void init(){
::init();
add_action("_tauche","hoch");
add_action("_tauche","schwimme");
add_action("_tauche","schwimmen");
}
Die Strings (progp->strings) sind aber:
0x1154be38 "_tauche"
0x1040a718 "hoch",=20
0x181c63cc "\214=DE@\f=FC[\212\021\001"
0x1085c7b0 "schwimmen",=20
0x108c5260 "delete_v_item"
Beim 3. String gab es den Fehler und man sollte annehmen, dass dieser
String eigentlich "schwimme" heissen sollte.
Ein Blick in die String-Tabelle zeigt:
(gdb) print base_table[34574]
$11 =3D 0x162c0800 "schwimme"
(gdb) print *((int*)(base_table[34574]-4))
$12 =3D 2
Dieser String existiert also noch mit 2 Referenzen.
Das heisst wohl, dieser Eintrag in die String-Liste des Programmes wurde
ueberschrieben, und damit ist das wohl nicht der im beim dev407 gefixte
Bug bei add_actions.
Gruss
Gnomi
