[fixed][0.9.14] Crash w/Cchest2.wad map15 secret door

[wildweasel]

Code: Select all

Code: ACCESS_VIOLATION
Tried to read address 00000018
Flags: 00000000
Address: 004c9d60

Windows NT 5.1 Build 2600 Service Pack 1

GS=0000  FS=003b  ES=0023  DS=0023
EAX=031a1280  EBX=00000000  ECX=00000000  EDX=054ccbf8
ESI=ffff8541  EDI=87df6b28
EBP=00000000  EIP=004c9d60  ESP=0013fb18  CS=001b  SS=0023
EFlags=00010246
 CF- PF+ AF- ZF+ SF- TF- IF+ DF- OF- NT- RF+ VM- AC- VI- VP-

FPU State:
 ControlWord=027f StatusWord=0020 TagWord=ffff
 ErrorOffset=00490026
 ErrorSelector=03c0001b
 DataOffset=0013fbec
 DataSelector=ffff0023
 Cr0NpxState=00000000

MM0=0000000000000000
MM1=0000000000000000
MM2=8000000000000000
MM3=b300000000000000
MM4=0000000000000000
MM5=ffff854187df6b28
MM6=00000000031a1280
MM7=000000230013fb18

Running threads:
000002ec at 004c9d60*
000007d0
000008b8
000007b0
00000914
000008c4
000008c0
00000248
00000928

Loaded modules:
00400000 - 006e4fff *GZDoom.exe
77f50000 - 77ff6fff  ntdll.dll
77e60000 - 77f45fff  kernel32.dll
68b20000 - 68b3dfff  GLU32.dll
77c10000 - 77c62fff  msvcrt.dll
5ed00000 - 5edc5fff  OPENGL32.dll
77dd0000 - 77e5cfff  ADVAPI32.dll
78000000 - 78086fff  RPCRT4.dll
7f000000 - 7f040fff  GDI32.dll
77d40000 - 77dcffff  USER32.dll
51000000 - 5104ffff  DDRAW.dll
73bc0000 - 73bc5fff  DCIMAN32.dll
10000000 - 10095fff  fmod.dll
77be0000 - 77bf3fff  MSACM32.dll
76b40000 - 76b6bfff  WINMM.dll
4fec0000 - 4fffcfff  ole32.dll
71ad0000 - 71ad7fff  WSOCK32.dll
71ab0000 - 71ac4fff  WS2_32.dll
71aa0000 - 71aa7fff  WS2HELP.dll
71950000 - 71a33fff  COMCTL32.dll
70a70000 - 70ad5fff  SHLWAPI.dll
006f0000 - 00877fff  DevIL.dll
763b0000 - 763f4fff  comdlg32.dll
7cd00000 - 7e7c5fff  SHELL32.dll
5cb70000 - 5cb94fff  ShimEng.dll
55100000 - 552dffff  AcGenral.DLL
77c00000 - 77c06fff  VERSION.dll
75a70000 - 75b14fff  USERENV.dll
5ad70000 - 5ada3fff  UxTheme.dll
59800000 - 59816fff  WinStylerThemeHelper.dll
77120000 - 771aafff  oleaut32.dll
01340000 - 014aefff  nview.dll
76bf0000 - 76bfafff  PSAPI.DLL
76ce0000 - 76cfefff  NTMARTA.DLL
76f60000 - 76f8bfff  WLDAP32.dll
71bf0000 - 71c00fff  SAMLIB.dll
76f50000 - 76f57fff  wtsapi32.dll
76360000 - 7636efff  WINSTA.dll
76f90000 - 76f9ffff  Secur32.dll
51080000 - 510e0fff  dsound.dll
72d20000 - 72d28fff  wdmaud.drv
72d10000 - 72d17fff  msacm32.drv
77bd0000 - 77bd6fff  midimap.dll
5ef80000 - 5ef83fff  KsUser.dll
7c890000 - 7c910fff  CLBCATQ.DLL
77050000 - 77114fff  COMRes.dll
6ce10000 - 6cebefff  dinput8.dll
688f0000 - 688f8fff  HID.DLL
76670000 - 7690afff  SETUPAPI.DLL
01ee0000 - 01eeafff  ffdrv1.dll
72280000 - 72320fff  DINPUT.dll
69500000 - 699f2fff  nvoglnt.dll
031d0000 - 031e4fff  nvwddi.dll
01f10000 - 01f20fff  r_opengl.dll

Bytes near EIP:
004c9d50: 3c a9 ff ff 8b 0d 60 7c 6c 00 8b 14 0b 8b 4a 1c
004c9d60: 8b 51 18 8b 0d a0 44 5f 00 8b f0 8b 46 28 89 4a
004c9d70: 10 8b 15 60 7c 6c 00 50 8b 04 13 8b 48 1c 8b 51

ZDoom version 2.0.96x (0.9.13)

Command line:
 gzdoom cchest2
IWAD: doom2.wad

Current map: map15

viewx = -333053952
viewy = 269549568
viewz = 8126464
viewangle = 72613888

Possible call trace:
 004c9d60  BOOM
 004be9a0  call 004bdad0
 004bdb12  call 004be690
 004be9a0  call 004bdad0
 004bdb12  call 004be690
 004be9a0  call 004bdad0
 004bdb12  call 004be690
 004be9a0  call 004bdad0
 004bdb12  call 004be690
 004be9a0  call 004bdad0
 004bdb12  call 004be690
 004be9a0  call 004bdad0
 004be595  call 004be900
 004cd8da  call 004be4f0
 004cd8e7  call 004c99a0
 004cf266  call 004cd890
 004cf63c  call 004cf090
 00417372  call 004cf4b0
 0041c580  call 0041b1d0
 004183a3  call 004170d0
 0040b861  call 0040b7b0
 0040b861  call 0040b7b0
 0053adc1  call 0040b850
 0053aec3  call 0054fe1a
 00561bdb
 0053890d  call 004183e0
 00538c46  call 00538510
 00553719  call 00538bd0
 005535ad  call 00550bc0
 004d004f
 00553595

Stack Contents:
0013fb18: 031a1280 0013fb38 00000000 0507ce90  ····8···········
0013fb28: 00000010 00000000 0013fcdc 00000000  ················
0013fb38: b5d9fb80 dd016ac0 ebc00000 00594668  ·····j······hFY·
0013fb48: 004be9a0 b5d9fb80 dd016ac0 006c6ca4  ··K······j···ll·
0013fb58: 004bdb12 d0ea2400 ff74d3d0 ed800000  ··K··$····t·····
0013fb68: 00594658 004be9a0 d0ea2400 ff74d3d0  XFY···K··$····t·
0013fb78: 006c6ca4 004bdb12 80ec6180 babc4400  ·ll···K··a···D··
0013fb88: e9380000 00594678 004be9a0 80ec6180  ··8·xFY···K··a··
0013fb98: babc4400 006c6ca4 004bdb12 e9801800  ·D···ll···K·····
0013fba8: fff07870 f1200000 00594658 004be9a0  px···· ·XFY···K·
0013fbb8: e9801800 fff07870 006c6ca4 004bdb12  ····px···ll···K·
0013fbc8: a2ea4b00 fd3406d8 e97e0000 00594668  ·K····4···~·hFY·
0013fbd8: 004be9a0 a2ea4b00 fd3406d8 006c6ca4  ··K··K····4··ll·
0013fbe8: 004bdb12 b83d8f00 f972f7c8 eac00000  ··K···=···r·····
0013fbf8: 00594668 004be9a0 b83d8f00 f972f7c8  hFY···K···=···r·
0013fc08: 05033fe8 00000001 0013fcdc 00000000  ·?··············
0013fc18: 004be595 05034008 0507ce90 00000000  ··K··@··········
0013fc28: 00000010 00000000 04fa0000 fff00000  ················
0013fc38: 07410000 004cd8da 004cd8e7 d5651140  ··A···L···L·@·e·
0013fc48: 00000000 006c6ca4 004cf266 0063e160  ·····ll·f·L·`·c·
0013fc58: 00000000 00000000 005f7a3c 0063d7ac  ········<z_···c·
0013fc68: 0d000040 004cf63c 0507ce90 00000000  @···<·L·········
0013fc78: 42b40000 3fccd9e9 00000001 0000026e  ···B···?····n···
0013fc88: 04029b48 00000000 00417372 3fccd9e9  H·······rsA····?
0013fc98: 04029b48 00000001 0041c580 42b40000  H·········A····B
0013fca8: 87f8838c ffff8541 004183a3 00000000  ····A·····A·····
0013fcb8: 0000026e 04029b48 00000001 00000001  n···H···········
0013fcc8: 00000263 0013fcb8 0013fe04 00561da0  c·············V·
0013fcd8: 00000000 00000004 00000000 0013fe68  ············h···
0013fce8: 0000017e 55f97ae9 01249da0 c178801f  ~····z·U··$···x·
0013fcf8: 7d2b4668 6d6f6f44 7475412e 616f6c6f  hF+}Doom.Autoloa
0013fd08: 672f0064 6f6f647a 6b732f6d 00736e69  d·/gzdoom/skins·
0013fd18: ae55bd07 fa2564bc adb2c1e8 d885f4ed  ··U··d%·········
0013fd28: edb25a42 effc9823 fd968e89 6a80969e  BZ··#··········j
0013fd38: 4de3c358 872edf15 5dd220a9 005dae30  X··M··.·· ·]0·]·
0013fd48: ced013eb 0040b861 00000002 005dae28  ····a·@·····(·]·
0013fd58: ced013eb 0040b861 00000002 005dae28  ····a·@·····(·]·
0013fd68: 0013fd74 0053adc1 005dae28 0053aec3  t·····S·(·]···S·
0013fd78: 00000094 00000005 00000001 00000a28  ············(···
0013fd88: 00000002 76726553 20656369 6b636150  ····Service Pack
0013fd98: 4f003120 4ffe0c30 4fee25cc 00175220   1·O0··O·%·O R··
0013fda8: 8007000e 4ffe0cdc 4fecc224 00000000  ·······O$··O····
0013fdb8: 00000000 4fefea3a 00175220 00000000  ····:··O R······
0013fdc8: 0013fe04 00000000 4ffe0338 0013fdfc  ········8··O····
0013fdd8: 4feddd3d 00000001 00000000 00000002  =··O············
0013fde8: 00000000 00000000 0000026e ced013eb  ········n·······
0013fdf8: 0013fe5c 00561bdb ced013eb 0013fe5c  \·····V·····\···
0013fe08: 00561dbe ffffffff 0053890d ffffffff  ··V·······S·····
0013fe18: 77e7e60c 7ffdf000 00000000 00000000  ···w···········
0013fe28: 0000026e 0000017e 00000001 000f4240  n···~·······@B··
0013fe38: 0013fe2c 00000020 0000019e 00000276  ,··· ·······v···
0013fe48: 00400000 00400258 00400230 77e60000  ··@·X·@·0·@····w
0013fe58: 0013fe14 0013fe88 00564360 00000000  ········`CV·····
0013fe68: 0013fe98 00538c46 00400000 77e7acd9  ····F·S···@····w
0013fe78: 00000000 7ffdf000 0013fe74 0013f740  ·······t···@···
0013fe88: 0013ffb0 0055340c 005da7c0 00000000  ·····4U···]·····
0013fe98: 0013ffc0 00553719 00400000 00000000  ·····7U···@·····
0013fea8: 001622ff 0000000a 00000094 00000005  ·"··············
0013feb8: 00000001 00000a28 00000002 76726553  ····(·······Serv
0013fec8: 20656369 6b636150 b9003120 b9b63c14  ice Pack 1···<··
0013fed8: b9b63c14 b9b63c14 b9b63c14 b9b63c14  ·<···<···<···<··
0013fee8: b9b63c14 b9b63c14 e3d69000 e3d6a000  ·<···<··········
0013fef8: e3d6b000 e3d6c000 e3d6d000 e3d6e000  ················
0013ff08: e3d6f000 e3d70000 e3d71000 e3d72000  ············· ··
0013ff18: e3d73000 e3d74000 e3d75000 e3d76000  ·0···@···P···`··
0013ff28: e3d77000 816f0438 ff676980 00005c70  ·p··8·o··ig·p\··
0013ff38: 00000001 00000011 005535ad 77f944a8  ·········5U··D·w
0013ff48: 00000007 7ffdf000 00000044 00163ca8  ·······D····<··
0013ff58: 00163590 00163cb8 00000000 00000001  ·5···<··········
0013ff68: 00000064 00000064 00000000 00000000  d···d···········
0013ff78: 00000000 00000000 00000001 00000000  ················
0013ff88: ffffffff ffffffff ffffffff 00080000  ················
0013ff98: 00000000 81672958 001622ff 00000000  ····X)g··"······
0013ffa8: 0013feb0 00000001 0013ffe0 0055340c  ·············4U·
0013ffb8: 005ddb48 00000000 0013fff0 77e8141a  H·]············w
0013ffc8: 77f944a8 00000007 7ffdf000 005a0047  ·D·w·······G·Z·
0013ffd8: 0013ffc8 004d004f ffffffff 77e9b2e5  ····O·M········w
0013ffe8: 77e97ce0 00000000 00000000 00000000  ·|·w············
0013fff8: 00553595 00000000                    ·5U·····

To reproduce this crash, fire up Cchest2.wad and go to Map15. Warp to these coordinates:

X: -5082
Y: 4113

Then use the secret wall to the right of the grating. The game will immediately crash.

My system specifications:

Dell Dimension 8300 Desktop
CPU: Pentium 4 3.0 GHz
OS: Windows XP Home SP1
RAM: 512 MB
Video: NVIDIA Geforce FX 5200 (128 MB)
Audio: SoundMAX Onboard Audio

This does not occur with ZDoom 2.0.97.

[Graf Zahl]

What nodes are you using?

- internally built ones
- external ZDBSP nodes
- external GLBSP nodes
- other


The error is caused by a bug in the nodes being used but I am not capable of creating such buggy nodes.

[wildweasel]

External GLBSP nodes, generated with the last release candidate of EDGE. I suppose I ought to just delete all my GWA files, because they seem to be nothing but trouble (they caused Phobos Anomaly Reborn to quit working altogether).

[Graf Zahl]

Could you send me the GWA file? It contains something my code doesn't expect. If I could analyze it it would be of some help. I built nodes with the latest GLBSP and it did not crash.

[wildweasel]

The file's like six megs, so I'm uploading it to Rapidshare.

http://rapidshare.de/files/7057521/cchest2.rar.html

The rar file contains the 13 meg GWA file for CChest2.

[Graf Zahl]

Fixed. Thanks for the GWA file. This was one nasty little bug I might have never found without it.