View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000381 | Populous: The Beginning | General | public | 2017-07-13 01:16 | 2017-07-13 01:35 |
| Reporter | Brandan | Assigned To | Brandan | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Summary | 0000381: validate_all_building_queuers crash | ||||
| Description | Undefined Behavior / Memory issues / Stack/heap corrupt. Release mode Unhandled exception at 0x011D2FC3 in pop3b.exe: 0xC0000005: Access violation reading location 0x0000001C. EAX = 00000000 EBX = 0EDCEAF8 ECX = 028EB2EC EDX = 00002CCA ESI = 00000000 EDI = 0EEF7084 EIP = 011D2FC3 ESP = 05AFF6E8 EBP = 05AFF7A0 EFL = 00010246 4491: if (!is_building_queuer_valid(b_thing, curr_thing)) 011D2FA7 57 push edi 011D2FA8 53 push ebx 011D2FA9 E8 42 FF FF FF call is_building_queuer_valid (011D2EF0h) 011D2FAE 33 C9 xor ecx,ecx 011D2FB0 83 C4 08 add esp,8 011D2FB3 84 C0 test al,al 4489: curr_thing = THING_IDX_2_PTR_GLOBAL( 011D2FB5 8B 87 F4 00 00 00 mov eax,dword ptr [edi+0F4h] 4490: curr_thing->u.Pers->u.Owned.BldgQueueLinkIdx)) 4491: if (!is_building_queuer_valid(b_thing, curr_thing)) 011D2FBB 0F 44 F1 cmove esi,ecx 011D2FBE B9 EC B2 8E 02 mov ecx,28EB2ECh 011D2FC3 0F B7 40 1C movzx eax,word ptr [eax+1Ch] <---------------------- 011D2FC7 50 push eax 011D2FC8 E8 23 6E FF FF call Objects3::getThing (011C9DF0h) 011D2FCD 8B F8 mov edi,eax 011D2FCF 85 FF test edi,edi 011D2FD1 75 D4 jne validate_all_building_queuers+27h (011D2FA7h) 4492: all_valid = FALSE; 4493: 4494: if (!all_valid) 011D2FD3 85 F6 test esi,esi 011D2FD5 75 09 jne validate_all_building_queuers+60h (011D2FE0h) 4495: build_building_queue_link_list(b_thing); 011D2FD7 53 push ebx 011D2FD8 E8 43 30 00 00 call build_building_queue_link_list (011D6020h) 011D2FDD 83 C4 04 add esp,4 > pop3b.exe!validate_all_building_queuers(Thing * b_thing) Line 4491 C++ pop3b.exe!process_building_state(Thing * t_thing) Line 242 C++ pop3b.exe!process_thing_state(Thing * t_thing) Line 862 C++ pop3b.exe!process_active_thing(Thing * t) Line 564 C++ pop3b.exe!std::_Func_impl<bool (__cdecl*)(Thing *),std::allocator<int>,bool,Thing *>::_Do_call(Thing * && <_Args_0>) Line 212 C++ pop3b.exe!<lambda_67dd6c3918fdd7d37db388ead980948e>::operator()<<lambda_71e1d7be589cfaa02255fc8421596db7> >(const ObjectList::processList::__l2::<lambda_71e1d7be589cfaa02255fc8421596db7> & nextCpy) Line 380 C++ pop3b.exe!ObjectList::processList(unsigned short pos, bool forwardDirection, const std::function<bool __cdecl(Thing *)> & f) Line 399 C++ pop3b.exe!ObjectList::processList(const std::function<bool __cdecl(Thing *)> & f) Line 317 C++ pop3b.exe!process_things() Line 99 C++ pop3b.exe!game_inner_loop() Line 1724 C++ pop3b.exe!do_gameturn_process() Line 1685 C++ pop3b.exe!process_main_game() Line 736 C++ pop3b.exe!game() Line 460 C++ pop3b.exe!PopTB::main(const std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > & args) Line 17 C++ pop3b.exe!Poco::Util::Application::run(void) C++ pop3b.exe!WinMain(HINSTANCE__ * hInstance, HINSTANCE__ * __formal, char * lpCmdLine, int nCmdShow) Line 62 C++ pop3b.exe!__scrt_common_main_seh() Line 253 C++ kernel32.dll!@BaseThreadInitThunk@12 () Unknown ntdll.dll!__RtlUserThreadStart() Unknown ntdll.dll!__RtlUserThreadStart@8 () Unknown | ||||
| Tags | No tags attached. | ||||
| Build Number | 2464 | ||||
|
|
For the link list to be valid it had to check that it was T_PERSON and that the person was in a valid state. However, it used a link list style to check the person state, which resulted in the person a crash if the person was deleted and recreated something other than a person. That's because it required u.Pers to iterate the list. So it accessed u.Pers before validating if its a person. Hence it tried to deference a nullptr and crash. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-07-13 01:16 | Brandan | New Issue | |
| 2017-07-13 01:16 | Brandan | Description Updated | |
| 2017-07-13 01:19 | Brandan | Description Updated | |
| 2017-07-13 01:21 | Brandan | Description Updated | |
| 2017-07-13 01:35 | Brandan | Note Added: 0000190 | |
| 2017-07-13 01:35 | Brandan | Status | new => resolved |
| 2017-07-13 01:35 | Brandan | Resolution | open => fixed |
| 2017-07-13 01:35 | Brandan | Assigned To | => Brandan |
