widelands
widelands copied to clipboard
widelands
Crash report, signal 11; when allowing destruction of building while its window is shown
Describe the bug Allowing destruction of building (by script/debug console) while its window is shown crashes the game.
To reproduce Steps to reproduce the behavior:
- start a game as a barbarian player
- built a lumberjack (and wait till it is finished)
- in debug console
wl.Game().players[1]:get_buildings("barbarians_lumberjacks_hut")[1].destruction_blocked = true - open window of lumber jack (destruction is not possible) :+1: (keep the window open)
- in debug window
wl.Game().players[1]:get_buildings("barbarians_lumberjacks_hut")[1].destruction_blocked = false - the game CRASHES
Expected behavior no crash Does not matter if the icon is updated in the window or stays hidden
Version:
- OS: Debian 12.2
- Widelands Version: Version 1.2~git26366 (f2ddbe7@master) Debug
crash report in the 1st message
Additional context This functionality is not urgent, as normally destructing buildings is not enabled or disabled during a game. (Just in some strange scripts, which are not public.) The crash also happens when you do the opposite: you are allowed to destruct the building, open its window (and keep it open), and disable destructing it (by console or script).
OLD report, older version, without asan
Crash report for Widelands 1.2~git26359 (0c6108f@master) Debug at 2023-11-08T21.49.13, signal 11 (Speicherzugriffsfehler)
see backtrace
``` **** BEGIN BACKTRACE **** /home/simon/src/widelands-div/edit-github/widelands(+0xe21588)[0x55572fc78588] /lib/x86_64-linux-gnu/libc.so.6(+0x3bfd0)[0x7fc2f737bfd0] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI3Box13set_item_sizeEjii+0x9c)[0x55573000ac5a] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI3Box16update_positionsEv+0x167)[0x55573000a62d] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI3Box6layoutEv+0x65e)[0x55573000a44c] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI3Box19update_desired_sizeEv+0x265)[0x555730009bf5] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI3Box3addEPNS_5PanelENS0_8ResizingENS_5AlignE+0xec)[0x55573000a8d2] /home/simon/src/widelands-div/edit-github/widelands(_ZN14BuildingWindow18create_capsbuttonsEPN2UI3BoxEPN9Widelands8BuildingE+0x668)[0x55573027532e] /home/simon/src/widelands-div/edit-github/widelands(_ZN14BuildingWindow5thinkEv+0x185)[0x555730274303] /home/simon/src/widelands-div/edit-github/widelands(_ZN20ProductionSiteWindow5thinkEv+0x1b)[0x5557301f857f] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel8do_thinkEv+0x7a)[0x5557300326ac] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel8do_thinkEv+0xbc)[0x5557300326ee] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel6do_runEv+0x3fc)[0x5557300312dc] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel3runINS0_11ReturncodesEEET_v+0x18)[0x55572fc92c52] /home/simon/src/widelands-div/edit-github/widelands(_ZN9Widelands4Game3runENS0_13StartGameTypeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_+0xf5b)[0x55572febb523] /home/simon/src/widelands-div/edit-github/widelands(_ZN6FsMenu9LaunchSPG10clicked_okEv+0xa7a)[0x555730110bf2] /home/simon/src/widelands-div/edit-github/widelands(+0x124f08d)[0x5557300a608d] /home/simon/src/widelands-div/edit-github/widelands(+0x12518aa)[0x5557300a88aa] /home/simon/src/widelands-div/edit-github/widelands(+0x12513e4)[0x5557300a83e4] /home/simon/src/widelands-div/edit-github/widelands(+0x1250f65)[0x5557300a7f65] /home/simon/src/widelands-div/edit-github/widelands(_ZNKSt8functionIFvvEEclEv+0x32)[0x55572fdb7c76] /home/simon/src/widelands-div/edit-github/widelands(_ZNK13Notifications6SignalIJEEclEv+0x6e)[0x55572fdb64e4] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI6Button19handle_mousereleaseEhii+0x95)[0x5557300100c5] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel15do_mousereleaseEhii+0x110)[0x55573003444e] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel15ui_mousereleaseEhii+0x68)[0x555730034d7c] /home/simon/src/widelands-div/edit-github/widelands(_ZN13WLApplication18handle_mousebuttonER9SDL_EventPK13InputCallback+0x11e)[0x55572fc822fc] /home/simon/src/widelands-div/edit-github/widelands(_ZN13WLApplication12handle_inputEPK13InputCallback+0x2d4)[0x55572fc81d72] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel6do_runEv+0x2ec)[0x5557300311cc] /home/simon/src/widelands-div/edit-github/widelands(_ZN2UI5Panel3runIiEET_v+0x18)[0x5557300a05ea] /home/simon/src/widelands-div/edit-github/widelands(_ZN6FsMenu8MainMenu9main_loopEv+0x22)[0x555730091c10] /home/simon/src/widelands-div/edit-github/widelands(_ZN13WLApplication3runEv+0x719)[0x55572fc80dd3] /home/simon/src/widelands-div/edit-github/widelands(main+0x110)[0x55572fc78acf] /lib/x86_64-linux-gnu/libc.so.6(+0x271ca)[0x7fc2f73671ca] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85)[0x7fc2f7367285] /home/simon/src/widelands-div/edit-github/widelands(_start+0x21)[0x55572fc78491] **** END BACKTRACE **** ```
with asan, Version 1.2~git26366 (f2ddbe7@HEAD) Debug:
[00:01:33.223 real] DEBUG: *** Ending Lua interpretation!
[00:02:56.124 real] DEBUG: *** # wl.Game().players[1]:get_buildings("barbarians_lumberjacks_hut")[1].destruction_blocked = true
[00:02:56.138 real] DEBUG: *** Starting Lua interpretation!
[00:02:56.154 real] DEBUG: *** Ending Lua interpretation!
=================================================================
==1124647==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000177ad8 at pc 0x55933e674014 bp 0x7ffe088fa570 sp 0x7ffe088fa568
READ of size 4 at 0x617000177ad8 thread T0
#0 0x55933e674013 in std::__atomic_base<unsigned int>::load(std::memory_order) const /usr/include/c++/12/bits/atomic_base.h:488
#1 0x55933e674013 in std::__atomic_base<unsigned int>::operator unsigned int() const /usr/include/c++/12/bits/atomic_base.h:348
#2 0x55933e6715fa in UI::Panel::get_flag(unsigned int) const /home/wl/src/src/ui_basic/panel.h:127
#3 0x55933ee21e04 in UI::Panel::is_visible() const /home/wl/src/src/ui_basic/panel.h:284
#4 0x55933ee1ecfd in UI::Box::get_item_desired_size(unsigned int, int*, int*) /home/wl/src/src/ui_basic/box.cc:398
#5 0x55933ee1bc66 in UI::Box::update_desired_size() /home/wl/src/src/ui_basic/box.cc:122
#6 0x55933ee1e66e in UI::Box::add(UI::Panel*, UI::Box::Resizing, UI::Align) /home/wl/src/src/ui_basic/box.cc:343
#7 0x55933f356d2e in BuildingWindow::create_capsbuttons(UI::Box*, Widelands::Building*) /home/wl/src/src/wui/buildingwindow.cc:285
#8 0x55933f354522 in BuildingWindow::think() /home/wl/src/src/wui/buildingwindow.cc:193
#9 0x55933f258743 in ProductionSiteWindow::think() /home/wl/src/src/wui/productionsitewindow.cc:183
#10 0x55933ee7c18c in UI::Panel::do_think() /home/wl/src/src/ui_basic/panel.cc:791
#11 0x55933ee7c1fd in UI::Panel::do_think() /home/wl/src/src/ui_basic/panel.cc:807
#12 0x55933ee78449 in UI::Panel::do_run() /home/wl/src/src/ui_basic/panel.cc:407
#13 0x55933e67aeb1 in UI::Panel::Returncodes UI::Panel::run<UI::Panel::Returncodes>() /home/wl/src/src/ui_basic/panel.h:148
#14 0x55933eb21beb in Widelands::Game::run(Widelands::Game::StartGameType, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/wl/src/src/logic/game.cc:778
#15 0x55933f05ae4f in FsMenu::LaunchSPG::clicked_ok() /home/wl/src/src/ui_fsmenu/launch_spg.cc:185
#16 0x55933ef82d81 in operator() /home/wl/src/src/ui_fsmenu/menu.cc:169
#17 0x55933ef8816f in __invoke_impl<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const std::string&, double)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:61
#18 0x55933ef87b1f in __invoke_r<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const std::string&, double)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:111
#19 0x55933ef87501 in _M_invoke /usr/include/c++/12/bits/std_function.h:290
#20 0x55933e8eb8fd in std::function<void ()>::operator()() const /usr/include/c++/12/bits/std_function.h:591
#21 0x55933e8e7991 in Notifications::Signal<>::operator()() const /home/wl/src/src/notifications/signal.h:62
#22 0x55933ee2d9c6 in UI::Button::handle_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/button.cc:381
#23 0x55933ee81149 in UI::Panel::do_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1357
#24 0x55933ee829ba in UI::Panel::ui_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1578
#25 0x55933e656026 in WLApplication::handle_mousebutton(SDL_Event&, InputCallback const*) /home/wl/src/src/wlapplication.cc:1091
#26 0x55933e654d5f in WLApplication::handle_input(InputCallback const*) /home/wl/src/src/wlapplication.cc:998
#27 0x55933ee78216 in UI::Panel::do_run() /home/wl/src/src/ui_basic/panel.cc:395
#28 0x55933ef7721d in int UI::Panel::run<int>() /home/wl/src/src/ui_basic/panel.h:148
#29 0x55933ef58c01 in FsMenu::MainMenu::main_loop() /home/wl/src/src/ui_fsmenu/main.cc:246
#30 0x55933e65266f in WLApplication::run() /home/wl/src/src/wlapplication.cc:866
#31 0x55933e64388c in main /home/wl/src/src/main.cc:113
#32 0x7f60116461c9 (/lib/x86_64-linux-gnu/libc.so.6+0x271c9)
#33 0x7f6011646284 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27284)
#34 0x55933e6436c0 in _start (/home/simon/src/widelands-div/edit-github/widelands_master_git26366+0x6a06c0)
0x617000177ad8 is located 216 bytes inside of 744-byte region [0x617000177a00,0x617000177ce8)
freed by thread T0 here:
#0 0x7f60140ba3c8 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
#1 0x55933e68304e in UI::Button::~Button() /home/wl/src/src/ui_basic/button.h:100
#2 0x55933ee76573 in UI::Panel::free_children() /home/wl/src/src/ui_basic/panel.cc:169
#3 0x55933f3544d1 in BuildingWindow::think() /home/wl/src/src/wui/buildingwindow.cc:192
#4 0x55933f258743 in ProductionSiteWindow::think() /home/wl/src/src/wui/productionsitewindow.cc:183
#5 0x55933ee7c18c in UI::Panel::do_think() /home/wl/src/src/ui_basic/panel.cc:791
#6 0x55933ee7c1fd in UI::Panel::do_think() /home/wl/src/src/ui_basic/panel.cc:807
#7 0x55933ee78449 in UI::Panel::do_run() /home/wl/src/src/ui_basic/panel.cc:407
#8 0x55933e67aeb1 in UI::Panel::Returncodes UI::Panel::run<UI::Panel::Returncodes>() /home/wl/src/src/ui_basic/panel.h:148
#9 0x55933eb21beb in Widelands::Game::run(Widelands::Game::StartGameType, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/wl/src/src/logic/game.cc:778
#10 0x55933f05ae4f in FsMenu::LaunchSPG::clicked_ok() /home/wl/src/src/ui_fsmenu/launch_spg.cc:185
#11 0x55933ef82d81 in operator() /home/wl/src/src/ui_fsmenu/menu.cc:169
#12 0x55933ef8816f in __invoke_impl<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const std::string&, double)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:61
#13 0x55933ef87b1f in __invoke_r<void, FsMenu::TwoColumnsFullNavigationMenu::TwoColumnsFullNavigationMenu(FsMenu::MenuCapsule&, const std::string&, double)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:111
#14 0x55933ef87501 in _M_invoke /usr/include/c++/12/bits/std_function.h:290
#15 0x55933e8eb8fd in std::function<void ()>::operator()() const /usr/include/c++/12/bits/std_function.h:591
#16 0x55933e8e7991 in Notifications::Signal<>::operator()() const /home/wl/src/src/notifications/signal.h:62
#17 0x55933ee2d9c6 in UI::Button::handle_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/button.cc:381
#18 0x55933ee81149 in UI::Panel::do_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1357
#19 0x55933ee829ba in UI::Panel::ui_mouserelease(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1578
#20 0x55933e656026 in WLApplication::handle_mousebutton(SDL_Event&, InputCallback const*) /home/wl/src/src/wlapplication.cc:1091
#21 0x55933e654d5f in WLApplication::handle_input(InputCallback const*) /home/wl/src/src/wlapplication.cc:998
#22 0x55933ee78216 in UI::Panel::do_run() /home/wl/src/src/ui_basic/panel.cc:395
#23 0x55933ef7721d in int UI::Panel::run<int>() /home/wl/src/src/ui_basic/panel.h:148
#24 0x55933ef58c01 in FsMenu::MainMenu::main_loop() /home/wl/src/src/ui_fsmenu/main.cc:246
#25 0x55933e65266f in WLApplication::run() /home/wl/src/src/wlapplication.cc:866
#26 0x55933e64388c in main /home/wl/src/src/main.cc:113
#27 0x7f60116461c9 (/lib/x86_64-linux-gnu/libc.so.6+0x271c9)
previously allocated by thread T0 here:
#0 0x7f60140b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x55933f3569dd in BuildingWindow::create_capsbuttons(UI::Box*, Widelands::Building*) /home/wl/src/src/wui/buildingwindow.cc:283
#2 0x55933f354522 in BuildingWindow::think() /home/wl/src/src/wui/buildingwindow.cc:193
#3 0x55933f258743 in ProductionSiteWindow::think() /home/wl/src/src/wui/productionsitewindow.cc:183
#4 0x55933f257985 in ProductionSiteWindow::init(bool, bool) /home/wl/src/src/wui/productionsitewindow.cc:167
#5 0x55933f254c58 in ProductionSiteWindow::ProductionSiteWindow(InteractiveBase&, BuildingWindow::Registry&, Widelands::ProductionSite&, bool, bool) /home/wl/src/src/wui/productionsitewindow.cc:46
#6 0x55933f16e773 in operator() /home/wl/src/src/wui/interactive_base.cc:1729
#7 0x55933f17dde5 in __invoke_impl<void, InteractiveBase::show_building_window(const Widelands::Coords&, bool, bool)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:61
#8 0x55933f17c0d8 in __invoke_r<void, InteractiveBase::show_building_window(const Widelands::Coords&, bool, bool)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:111
#9 0x55933f179d0e in _M_invoke /usr/include/c++/12/bits/std_function.h:290
#10 0x55933e8eb8fd in std::function<void ()>::operator()() const /usr/include/c++/12/bits/std_function.h:591
#11 0x55933eefc431 in UI::UniqueWindow::Registry::create() const /home/wl/src/src/ui_basic/unique_window.cc:35
#12 0x55933f16eb11 in operator() /home/wl/src/src/wui/interactive_base.cc:1750
#13 0x55933f17c821 in __invoke_impl<void, InteractiveBase::show_building_window(const Widelands::Coords&, bool, bool)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:61
#14 0x55933f17a101 in __invoke_r<void, InteractiveBase::show_building_window(const Widelands::Coords&, bool, bool)::<lambda()>&> /usr/include/c++/12/bits/invoke.h:111
#15 0x55933f17718e in _M_invoke /usr/include/c++/12/bits/std_function.h:290
#16 0x55933e8eb8fd in std::function<void ()>::operator()() const /usr/include/c++/12/bits/std_function.h:591
#17 0x559340162af5 in NoteThreadSafeFunction::instantiate(std::function<void ()> const&, bool, bool) /home/wl/src/src/base/multithreading.cc:79
#18 0x55933f16f951 in InteractiveBase::show_building_window(Widelands::Coords const&, bool, bool) /home/wl/src/src/wui/interactive_base.cc:1750
#19 0x55933f210ee7 in InteractivePlayer::node_action(Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords> const&) /home/wl/src/src/wui/interactive_player.cc:764
#20 0x55933f206ac6 in operator() /home/wl/src/src/wui/interactive_player.cc:246
#21 0x55933f21a394 in __invoke_impl<void, InteractivePlayer::InteractivePlayer(Widelands::Game&, Section&, Widelands::PlayerNumber, bool, ChatProvider*)::<lambda(const Widelands::NodeAndTriangle<>&)>&, const Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords>&> /usr/include/c++/12/bits/invoke.h:61
#22 0x55933f21872a in __invoke_r<void, InteractivePlayer::InteractivePlayer(Widelands::Game&, Section&, Widelands::PlayerNumber, bool, ChatProvider*)::<lambda(const Widelands::NodeAndTriangle<>&)>&, const Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords>&> /usr/include/c++/12/bits/invoke.h:111
#23 0x55933f216c6c in _M_invoke /usr/include/c++/12/bits/std_function.h:290
#24 0x55933f30a958 in std::function<void (Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords> const&)>::operator()(Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords> const&) const /usr/include/c++/12/bits/std_function.h:591
#25 0x55933f308e06 in Notifications::Signal<Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords> const&>::operator()(Widelands::NodeAndTriangle<Widelands::Coords, Widelands::Coords> const&) const /home/wl/src/src/notifications/signal.h:62
#26 0x5593400073a7 in MapView::handle_mousepress(unsigned char, int, int) /home/wl/src/src/wui/mapview.cc:513
#27 0x55933ee807e8 in UI::Panel::do_mousepress(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1315
#28 0x55933ee80715 in UI::Panel::do_mousepress(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1310
#29 0x55933ee8284f in UI::Panel::ui_mousepress(unsigned char, int, int) /home/wl/src/src/ui_basic/panel.cc:1564
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/12/bits/atomic_base.h:488 in std::__atomic_base<unsigned int>::load(std::memory_order) const
Shadow bytes around the buggy address:
0x0c2e80026f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e80026f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e80026f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c2e80026f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2e80026f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2e80026f50: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
0x0c2e80026f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e80026f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e80026f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e80026f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c2e80026fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1124647==ABORTING