#41 Access Violation in 64bit HoT builds

closed-fixed
nobody
video (3)
5
2012-09-16
2012-08-27
Siggi
No

This crash occurs in the 64bit software render build of HoT. The bug also exists in the 32bit version, there are just no visable effects.

From a user\'s point of view the crash itself may seem random. It occurs when a sprite is rendered very close to the camera origin. The most consistent way to make it occur is to enter a teleporter, on exit there is a 1 in 25 chance the game will crash. The crash occurs when the teleport effect is rendered. At the end of this bug report is a savegame that can be used to easily reproduce the bug. The crash is not resolution specific, or fullscreen/windowed mode specific. It also exists on versions of HoT compiled with GCC or Visual Studio, on both Windows and Linux. The crash has been confirmed on all 1.5.X versions of HoT.

The access violation occurs when trying to access the pointer pz in d_sprite.c on line 329 (from the 1.5.4 source). The invalid address is created when the sspan_s struct contains a negative v attribute. This can be seen when considering line 226 from d_sprite.c. I have not determined the cause of the negative value, but it appears to be erroneous. A simple way to circumvent the access violation is to change line 586 from \"if (ymin >= ymax)\" to \"if (ymin >= ymax || ymin < 0)\", however, although there is no noticeable side effect, this does not fix the underlying problem.

Here is the forum thread where this bug was originally discussed: https://sourceforge.net/projects/uhexen2/forums/forum/425207/topic/5568940/index/page/1
Here is a savegame that can be used to easily reproduce the bug: https://dl.dropbox.com/u/29280841/s11.zip

Discussion

  • Ozkan Sezer

    Ozkan Sezer - 2012-08-28

    savegame to reproduce the issue

     
  • Ozkan Sezer

    Ozkan Sezer - 2012-09-16
    • status: open --> closed-fixed
     

Log in to post a comment.