fallout2-ce icon indicating copy to clipboard operation
fallout2-ce copied to clipboard

Published 20 hours ago verified publisher icon alexbatalov

Segmentation fault on Linux (x64)

Open kirxkirx opened this issue 2 years ago • 0 comments

I was playing a Russian-language version of the game for quite some before it crashed with Segmentation fault. I'm also getting segfault when trying to load the latest save - here it is: SLOT05.zip. I've modified CMakeLists.txt to recompile fallout2-ce with the AddressSanitizer enabled and got the following info on the crash that happens when trying to load that save:

$ ~/cod/fallout2-ce/build/fallout2-ce 
=================================================================
==27353==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629001369710 at pc 0x55dc3ac63892 bp 0x7ffc569c0450 sp 0x7ffc569c0440
WRITE of size 4 at 0x629001369710 thread T0
    #0 0x55dc3ac63891 in fallout::fileReadInt32(fallout::XFile*, int*) /home/kirx/cod/fallout2-ce/src/db.cc:329
    #1 0x55dc3ae5d0bb in fallout::wmWorldMap_load(fallout::XFile*) /home/kirx/cod/fallout2-ce/src/worldmap.cc:1177
    #2 0x55dc3ad46cb1 in lsgLoadGameInSlot /home/kirx/cod/fallout2-ce/src/loadsave.cc:1738
    #3 0x55dc3ad44eb8 in fallout::lsgLoadGame(int) /home/kirx/cod/fallout2-ce/src/loadsave.cc:1251
    #4 0x55dc3ad4e8ca in fallout::falloutMain(int, char**) /home/kirx/cod/fallout2-ce/src/main.cc:184
    #5 0x55dc3ae302ef in fallout::main(int, char**) /home/kirx/cod/fallout2-ce/src/win32.cc:67
    #6 0x55dc3ae30311 in main /home/kirx/cod/fallout2-ce/src/win32.cc:75
    #7 0x7faff595e98a  (/lib64/libc.so.6+0x2398a)
    #8 0x7faff595ea45 in __libc_start_main (/lib64/libc.so.6+0x23a45)
    #9 0x55dc3abc4fe0 in _start (/home/kirx/cod/fallout2-ce/build/fallout2-ce+0x68fe0)

0x629001369710 is located 16 bytes to the right of 17664-byte region [0x629001365200,0x629001369700)
allocated by thread T0 here:
    #0 0x7faff6099140 in __interceptor_realloc /var/tmp/portage/sys-devel/gcc-12.3.1_p20230526/work/gcc-12-20230526/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x55dc3ad5aaf2 in memoryBlockReallocImpl /home/kirx/cod/fallout2-ce/src/memory.cc:129
    #2 0x55dc3ad5aa48 in fallout::internal_realloc(void*, unsigned long) /home/kirx/cod/fallout2-ce/src/memory.cc:108
    #3 0x55dc3ae64a33 in wmAreaInit /home/kirx/cod/fallout2-ce/src/worldmap.cc:2411
    #4 0x55dc3ae5d7be in wmConfigInit /home/kirx/cod/fallout2-ce/src/worldmap.cc:1261
    #5 0x55dc3ae5a776 in fallout::wmWorldMap_init() /home/kirx/cod/fallout2-ce/src/worldmap.cc:857
    #6 0x55dc3aca8f90 in fallout::gameInitWithOptions(char const*, bool, int, int, int, char**) /home/kirx/cod/fallout2-ce/src/game.cc:281
    #7 0x55dc3ad4eada in falloutInit /home/kirx/cod/fallout2-ce/src/main.cc:256
    #8 0x55dc3ad4e4fa in fallout::falloutMain(int, char**) /home/kirx/cod/fallout2-ce/src/main.cc:103
    #9 0x55dc3ae302ef in fallout::main(int, char**) /home/kirx/cod/fallout2-ce/src/win32.cc:67
    #10 0x55dc3ae30311 in main /home/kirx/cod/fallout2-ce/src/win32.cc:75
    #11 0x7faff595e98a  (/lib64/libc.so.6+0x2398a)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/kirx/cod/fallout2-ce/src/db.cc:329 in fallout::fileReadInt32(fallout::XFile*, int*)

The above is with the latest github version of the game compiled with gcc. Originally, I've encountered the segfault while playing an older binary version of fallout2-ce that I got somewhere that has debug output enabled. The output looked like this:

$ ./fallout2-ce-x64
INFO: 
Fade time is 989
Fade steps are 42
INFO: Chi squared is 30.872500, P = 4000.000000 at 0.05
INFO: Sequence is random, 95% confidence.
INFO: Reading SNDLIST.LST Sound FX Count: 1361
INFO: >gsound_init      
INFO: >initMovie                
INFO: >gmovie_init      
INFO: >moviefx_init     
INFO: >art_init         
INFO: >tile_init                
INFO: >obj_init         
INFO: >cycle_init               
INFO: >intface_init             
INFO: >iso_init 
INFO: >gmouse_init      
INFO: >proto_init       
INFO: >anim_init        
INFO: >scr_init 
INFO: >game_load_info   
INFO: >scr_game_init    
INFO: >wmWorldMap_init  
INFO: >CharEditInit     
INFO: >pip_init         
INFO: >InitLoadSave     
INFO: >gdialog_init     
INFO: >combat_init      
INFO: >automap_init     
INFO: >message_init     
INFO: >message_load     
INFO: >scr_disable      
INFO: >init_options_menu
INFO: >endgameDeathEndingInit
INFO: 
Playing movie: iplogo.mve
INFO: Direct 
INFO: Playing at (0, 0)  
INFO: not scaled
INFO: Movie aborted
INFO: Frames 3, dropped 0
INFO: 
Playing movie: intro.mve
INFO: Direct 
INFO: Playing at (0, 0)  
INFO: not scaled
INFO: Movie aborted
INFO: Frames 2, dropped 0
INFO: 
Playing movie: credits.mve
INFO: Direct 
INFO: Playing at (0, 0)  
INFO: not scaled
INFO: Movie aborted
INFO: Frames 2, dropped 0
INFO:  Filename SAVEGAME\SLOT01\SAVE.DAT
INFO:  Filename SAVEGAME\SLOT05\SAVE.DAT
INFO:  Filename SAVEGAME\SLOT05\SAVE.DAT
INFO: 
LOADSAVE: Load name: tuds i prishel
INFO: LOADSAVE: Load file header size read: 30051 bytes.
INFO: 
Scripts: [Game Reset]
INFO: LOADSAVE: Load function #0 data size read: 0 bytes.
INFO: LOADSAVE: Load function #1 data size read: 4 bytes.
INFO: LOADSAVE: Load function #2 data size read: 2784 bytes.
INFO: LOADSAVE: in SlotMap2Game
INFO: 
MAP: Loading SAVED map.
INFO: 
INFO: [Party Member 0]: None
INFO: Error: attempt to set_obj_visibility in load/save-game: scripts\hcMarcus.int!
INFO: 
Gsound: playing ambient map sfx: pebble
INFO: LOADSAVE: Load function #3 data size read: 695 bytes.
INFO: LOADSAVE: Load function #4 data size read: 2784 bytes.
INFO: LOADSAVE: Load function #5 data size read: 4652 bytes.
INFO: LOADSAVE: Load function #6 data size read: 376 bytes.
INFO: LOADSAVE: Load function #7 data size read: 76 bytes.
INFO: LOADSAVE: Load function #8 data size read: 16 bytes.
INFO: LOADSAVE: Load function #9 data size read: 0 bytes.
INFO: LOADSAVE: Load function #10 data size read: 12376 bytes.
INFO: LOADSAVE: Load function #11 data size read: 4 bytes.
INFO: LOADSAVE: Load function #12 data size read: 3240 bytes.
INFO: LOADSAVE: Load function #13 data size read: 20 bytes.
INFO: LOADSAVE: Load function #14 data size read: 0 bytes.
INFO: LOADSAVE: Load function #15 data size read: 8 bytes.
INFO: LOADSAVE: Load function #16 data size read: 4 bytes.
INFO: LOADSAVE: Load function #17 data size read: 80 bytes.
INFO: LOADSAVE: Load function #18 data size read: 5 bytes.
INFO: LOADSAVE: Load function #19 data size read: 14109 bytes.
INFO: LOADSAVE: Load function #20 data size read: 0 bytes.
INFO: 
LOADSAVE: ** Error reading load function #21 data! **
INFO: LOADSAVE: Load function #21 data size read: 0 bytes.
Segmentation fault

kirxkirx avatar Oct 29 '23 06:10 kirxkirx