Mutual GNU / Linux


uiWebPrevious12uiWebNext

#16 [en] 

Hi yet again,

This seems relevant in the valgrind output, I get many of them before enough damage is done to corrupt the freelist:

==14683== Invalid write of size 1
==14683== at 0x1076D97: NLMISC::CBitmap::decompressDXT1(bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CBAF13: NL3D::NLDRIVERGL::CDriverGL::setupTextureEx(NL3D::ITexture&, bool, bool&, bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CB5169: NL3D::NLDRIVERGL::CDriverGL::setupTexture(NL3D::ITexture&) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11DA654: NL3D::CMaterial::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11B02EC: NL3D::CMeshBase::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11FD1BB: NL3D::CShapeBank::preLoadShapes(std::string const&, std::vector<std::string, std::allocator<std::string> > const&, std::string const&, NLMISC::IProgressCallback*, bool, NL3D::IDriver*) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x12129BC: NL3D::CShapeBankUser::preLoadShapesFromBNP(std::string const&, std::string const&, std::string const&, NLMISC::IProgressCallback*, bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0xA174AA: initMainLoop() (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x9C0F68: main (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== Address 0x468a3200 is 0 bytes after a block of size 51,200 alloc'd
==14683== at 0x4C2B800: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14683== by 0x969AB6: NLMISC::CObjectVector<unsigned char, false>::myRealloc(unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0xA90A04: NLMISC::CObjectVector<unsigned char, false>::resize(unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x10768E8: NLMISC::CBitmap::decompressDXT1(bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CBAF13: NL3D::NLDRIVERGL::CDriverGL::setupTextureEx(NL3D::ITexture&, bool, bool&, bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CB5169: NL3D::NLDRIVERGL::CDriverGL::setupTexture(NL3D::ITexture&) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11DA654: NL3D::CMaterial::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11B02EC: NL3D::CMeshBase::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11FD1BB: NL3D::CShapeBank::preLoadShapes(std::string const&, std::vector<std::string, std::allocator<std::string> > const&, std::string const&, NLMISC::IProgressCallback*, bool, NL3D::IDriver*) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x12129BC: NL3D::CShapeBankUser::preLoadShapesFromBNP(std::string const&, std::string const&, std::string const&, NLMISC::IProgressCallback*, bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0xA174AA: initMainLoop() (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x9C0F68: main (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)


And then the next 14 bytes are accessed illegally one by one up to 0x468a320f.
And then a similar sequence of consecutive bytes from 0x468a3600 to 0x468a360f until we crash:

==14683== Invalid write of size 1
==14683== at 0x1076EFA: NLMISC::CBitmap::decompressDXT1(bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CBAF13: NL3D::NLDRIVERGL::CDriverGL::setupTextureEx(NL3D::ITexture&, bool, bool&, bool) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x1CB5169: NL3D::NLDRIVERGL::CDriverGL::setupTexture(NL3D::ITexture&) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11DA654: NL3D::CMaterial::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11B02EC: NL3D::CMeshBase::flushTextures(NL3D::IDriver&, unsigned int) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x11FD1BB: NL3D::CShapeBank::preLoadShapes(std::string const&, std::vector<std::string, std::allocator<std::string> > const&, std::string const&, NLMISC::IProgres
sCallback*, bool, NL3D::IDriver*) (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x12129BC: NL3D::CShapeBankUser::preLoadShapesFromBNP(std::string const&, std::string const&, std::string const&, NLMISC::IProgressCallback*, bool) (in /home/tund
e/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0xA174AA: initMainLoop() (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== by 0x9C0F68: main (in /home/tunde/.local/share/Ryzom/ryzom_live/ryzom_client)
==14683== Address 0x468a3600 is 960 bytes inside an unallocated block of size 11,680 in arena "client"

#17 [en] 

Hi yet again,

I did a build from the compatibility-develop branch in docker, and it crashes exactly the same, but now I have debug symbols :-)
The only thing it tells me though is it eventually choked on objects.bnp:

Program received signal SIGABRT, Aborted.
0x00007ffff5004c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff5004c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff5008028 in __GI_abort () at abort.c:89
#2 0x00007ffff50412a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff5153310 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff504d82e in malloc_printerr (ptr=<optimized out>, str=0x7ffff5153488 "free(): invalid next size (normal)", action=1) at malloc.c:4998
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3842
#5 0x00000000010809dd in clear (this=<optimized out>) at /ryzom.hg/nel/include/nel/misc/object_vector.h:134
#6 ~CObjectVector (this=<optimized out>, __in_chrg=<optimized out>) at /ryzom.hg/nel/include/nel/misc/object_vector.h:87
#7 ~CObjectVector (this=0x23b85f48, __in_chrg=<optimized out>) at /ryzom.hg/nel/include/nel/misc/object_vector.h:424
#8 contReset<NLMISC::CObjectVector<unsigned char, true> > (a=...) at /ryzom.hg/nel/include/nel/misc/common.h:166
#9 NLMISC::CBitmap::reset (this=this@entry=0x23b85f40, type=type@entry=NLMISC::CBitmap::RGBA) at /ryzom.hg/nel/src/misc/bitmap.cpp:2014
#10 0x0000000000f8846b in NL3D::ITexture::release (this=0x23b85f40) at /ryzom.hg/nel/include/nel/3d/texture.h:334
#11 0x0000000001a54a4a in NL3D::NLDRIVERGL::CDriverGL::setupTextureEx (this=0x7925, tex=..., bUpload=6, bAllUploaded=@0x32: <error reading variable>,
bMustRecreateSharedTexture=false) at /ryzom.hg/nel/src/3d/driver/opengl/driver_opengl_texture.cpp:1208
#12 0x0000000001a510da in NL3D::NLDRIVERGL::CDriverGL::setupTexture (this=<optimized out>, tex=...) at /ryzom.hg/nel/src/3d/driver/opengl/driver_opengl_texture.cpp:683
#13 0x0000000001194f54 in NL3D::CMaterial::flushTextures (this=0x23b85d90, driver=..., selectedTexture=0) at /ryzom.hg/nel/src/3d/material.cpp:378
#14 0x00000000012e01f9 in NL3D::CMeshBase::flushTextures (this=0x7925, driver=..., selectedTexture=6) at /ryzom.hg/nel/src/3d/mesh_base.cpp:437
#15 0x0000000001260ca5 in NL3D::CShapeBank::preLoadShapes (this=this@entry=0x4562fb8, shapeCacheName="PreLoadObjects",
listFile=std::vector of length 1543, capacity 2048 = {...}, wildCardNotLwr="*.shape", progress=progress@entry=0x216fe80 <ProgressBar>,
flushTextures=flushTextures@entry=true, drv=0x4818e60) at /ryzom.hg/nel/src/3d/shape_bank.cpp:894
#16 0x000000000130ecc5 in NL3D::CShapeBankUser::preLoadShapesFromBNP (this=this@entry=0x4562fb0, shapeCacheName="PreLoadObjects", bnpName="objects.bnp",
wildCardNotLwr="*.shape", progress=0x216fe80 <ProgressBar>, flushTextures=flushTextures@entry=true) at /ryzom.hg/nel/src/3d/shape_bank_user.cpp:93
#17 0x0000000000af4c56 in initMainLoop () at /ryzom.hg/ryzom/client/src/init_main_loop.cpp:1172
#18 0x00000000008df327 in main (argc=<optimized out>, argv=<optimized out>) at /ryzom.hg/ryzom/client/src/client.cpp:388
(gdb) f 12
#12 0x0000000001a510da in NL3D::NLDRIVERGL::CDriverGL::setupTexture (this=<optimized out>, tex=...) at /ryzom.hg/nel/src/3d/driver/opengl/driver_opengl_texture.cpp:683
683 /ryzom.hg/nel/src/3d/driver/opengl/driver_opengl_texture.cpp: No such file or directory.
(gdb) info locals
nTmp = true
(gdb) p tex
$1 = <optimized out>
(gdb) f 16
#16 0x000000000130ecc5 in NL3D::CShapeBankUser::preLoadShapesFromBNP (this=this@entry=0x4562fb0, shapeCacheName="PreLoadObjects", bnpName="objects.bnp",
wildCardNotLwr="*.shape", progress=0x216fe80 <ProgressBar>, flushTextures=flushTextures@entry=true) at /ryzom.hg/nel/src/3d/shape_bank_user.cpp:93
93 /ryzom.hg/nel/src/3d/shape_bank_user.cpp: No such file or directory.

#18 [en] 

Oh, valgrind has line numbers now:

==31267== Invalid write of size 1
==31267== at 0x1088E47: NLMISC::CBitmap::decompressDXT1(bool) (bitmap.cpp:1361)
==31267== by 0x1A55A8F: NL3D::NLDRIVERGL::CDriverGL::setupTextureEx(NL3D::ITexture&, bool, bool&, bool) (driver_opengl_texture.cpp:1048)
==31267== by 0x1A510D9: NL3D::NLDRIVERGL::CDriverGL::setupTexture(NL3D::ITexture&) (driver_opengl_texture.cpp:683)
==31267== by 0x1194F53: NL3D::CMaterial::flushTextures(NL3D::IDriver&, unsigned int) (material.cpp:378)
==31267== by 0x12E01F8: NL3D::CMeshBase::flushTextures(NL3D::IDriver&, unsigned int) (mesh_base.cpp:437)
==31267== by 0x1260CA4: NL3D::CShapeBank::preLoadShapes(std::string const&, std::vector<std::string, std::allocator<std::string> > const&, std::string const&, NLMISC::IProgressCallback*, bool, NL3D::IDriver*) (shape_bank.cpp:894)
==31267== by 0x130ECC4: NL3D::CShapeBankUser::preLoadShapesFromBNP(std::string const&, std::string const&, std::string const&, NLMISC::IProgressCallback*, bool) (shape_bank_user.cpp:93)
==31267== by 0xAF4C55: initMainLoop() (init_main_loop.cpp:1172)
==31267== by 0x8DF326: main (client.cpp:388)
==31267== Address 0x50fab802 is 2 bytes after a block of size 51,200 alloc'd
==31267== at 0x4C2B800: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31267== by 0x1001A8B: myRealloc (object_vector.h:351)
==31267== by 0x1001A8B: NLMISC::CObjectVector<unsigned char, false>::resize(unsigned int) (object_vector.h:167)
==31267== by 0x1088C2E: NLMISC::CBitmap::decompressDXT1(bool) (bitmap.cpp:1298)
==31267== by 0x1A55A8F: NL3D::NLDRIVERGL::CDriverGL::setupTextureEx(NL3D::ITexture&, bool, bool&, bool) (driver_opengl_texture.cpp:1048)
==31267== by 0x1A510D9: NL3D::NLDRIVERGL::CDriverGL::setupTexture(NL3D::ITexture&) (driver_opengl_texture.cpp:683)
==31267== by 0x1194F53: NL3D::CMaterial::flushTextures(NL3D::IDriver&, unsigned int) (material.cpp:378)
==31267== by 0x12E01F8: NL3D::CMeshBase::flushTextures(NL3D::IDriver&, unsigned int) (mesh_base.cpp:437)
==31267== by 0x1260CA4: NL3D::CShapeBank::preLoadShapes(std::string const&, std::vector<std::string, std::allocator<std::string> > const&, std::string const&, NLMISC::IProgressCallback*, bool, NL3D::IDriver*) (shape_bank.cpp:894)
==31267== by 0x130ECC4: NL3D::CShapeBankUser::preLoadShapesFromBNP(std::string const&, std::string const&, std::string const&, NLMISC::IProgressCallback*, bool) (shape_bank_user.cpp:93)
==31267== by 0xAF4C55: initMainLoop() (init_main_loop.cpp:1172)
==31267== by 0x8DF326: main (client.cpp:388)

#19 [en] 

Thanks,

Drop this png to 'user' folder and see if client loads then.
https://ballisticmystix.net/temp/ld_picture_halloween_frame.png

I wrote a simple dds->png converted using CBitmap and identified 2 dds files that fail to load.

corrupted_moor_map.dds (DXT5 1536x1243)
ld_picture_halloween_frame.dds (DXT1 256x50)

Seems that CBitmap might have issues with non-power-of-2 textures in DXT format.

---

Hello!

#20 [de] 

Huhu all,

having the same problem I think, after the last patch, client crashes on loading screen (my toon is logged in however)

I am using the same computer as before, didnt do any system updates, didnt change any settings. The only constant that changed was the last patch.

Tried: Different toons. Same issue.
Was using Steam.
Uninstalled Steam client. Reinstalled steam client. Same Deal.
Installed Native Client. Tried throught the Native Client..Same Deal.

UPDATE: Karu's SOLUTION WORKED! OMG! Thanks Karu

Last edited by Northstar (6 years ago)

---

#21 [en] 

Karu is DA BOMB!

---


Remembering Tyneetryk
Phaedreas Tears - 15 years old and first(*) of true neutral guilds in Atys.
(*) This statement is contested, but we are certainly the longest lasting.
<clowns | me & you | jokers>

#22 [en] 

Karu
Thanks,

Drop this png to 'user' folder and see if client loads then.
https://ballisticmystix.net/temp/ld_picture_halloween_frame.png

This worked on my machine too!
Thank you!

I was thinking of adding some padding to the array that is indexed beyond bounds :-)

#23 [en] 

Yeah it works for me too! Big thanks Karu and Szocske for further debugging. :)
uiWebPrevious12uiWebNext
 
Last visit Tuesday, 19 March 10:04:11 UTC
P_:

powered by ryzom-api