Segmentation faults when playing

[orbea]

I have been receiving regular segmentation faults when playing the shareware levels found in the full release. They always or most often seem to occur with receiving damage or dying. Here is a backtrace.

os: Slackware64-current
jfsw-54912c4_2016.02.20_master-x86_64-1_git

Reading symbols from jfsw...done.
(gdb) run
Starting program: /usr/games/jfsw 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffebeb8700 (LWP 26206)]
[New Thread 0x7fffeb6b7700 (LWP 26207)]
Added /usr/share/games/jfsw/ to search path.
Added /usr/games/ to search path.
Added /home/orbea/.jfsw/ to search path.

BUILD engine by Ken Silverman (http://www.advsys.net/ken)
Additional improvements by Jonathon Fowler (http://www.jonof.id.au)
and other contributors. See BUILDLIC.TXT for terms.

64-bit word size. Built Mar  2 2016.

Initialising SDL2 system interface (compiled with SDL version 2.0.4, runtime version 2.0.4)
Loading system OpenGL library
Detecting video modes:
  - 1600x900 8-bit fullscreen
  - 1440x900 8-bit fullscreen
  - 1366x768 8-bit fullscreen
  - 1280x1024 8-bit fullscreen
  - 1280x960 8-bit fullscreen
  - 1280x800 8-bit fullscreen
  - 1280x720 8-bit fullscreen
  - 1152x864 8-bit fullscreen
  - 1024x768 8-bit fullscreen
  - 800x600 8-bit fullscreen
  - 640x480 8-bit fullscreen
  - 640x400 8-bit fullscreen
  - 512x384 8-bit fullscreen
  - 480x360 8-bit fullscreen
  - 400x300 8-bit fullscreen
  - 320x240 8-bit fullscreen
  - 320x200 8-bit fullscreen
  - 640x480 24-bit fullscreen
  - 720x400 24-bit fullscreen
  - 800x600 24-bit fullscreen
  - 1024x768 24-bit fullscreen
  - 1152x864 24-bit fullscreen
  - 1280x1024 24-bit fullscreen
  - 1680x1050 24-bit fullscreen
  - 1600x900 8-bit windowed
  - 1440x900 8-bit windowed
  - 1366x768 8-bit windowed
  - 1280x1024 8-bit windowed
  - 1280x960 8-bit windowed
  - 1280x800 8-bit windowed
  - 1280x720 8-bit windowed
  - 1152x864 8-bit windowed
  - 1024x768 8-bit windowed
  - 800x600 8-bit windowed
  - 640x480 8-bit windowed
  - 640x400 8-bit windowed
  - 512x384 8-bit windowed
  - 480x360 8-bit windowed
  - 400x300 8-bit windowed
  - 320x240 8-bit windowed
  - 320x200 8-bit windowed
  - 1600x900 24-bit windowed
  - 1440x900 24-bit windowed
  - 1366x768 24-bit windowed
  - 1280x1024 24-bit windowed
  - 1280x960 24-bit windowed
  - 1280x800 24-bit windowed
  - 1280x720 24-bit windowed
  - 1152x864 24-bit windowed
  - 1024x768 24-bit windowed
  - 800x600 24-bit windowed
  - 640x480 24-bit windowed
  - 640x400 24-bit windowed
  - 512x384 24-bit windowed
  - 480x360 24-bit windowed
  - 400x300 24-bit windowed
  - 320x240 24-bit windowed
  - 320x200 24-bit windowed
Scanning for GRP files...
Detected registered GRP
SHADOW WARRIOR(tm) Version 1.2
Copyright (c) 1997 3D Realms Entertainment



Type 'SW -?' for command line options.

1 joystick(s) found
  1. (null)
Joystick 1 has 33 axes, 32 buttons, and 2 hat(s).
CONTROL_Startup: Mouse Present
CONTROL_Startup: Joystick Present
RTS file sw.rts was not found
Initialising timer
mmulti: This machine's IP is 127.0.0.1
Loading sound and graphics...
initcache(): Initialised with 33554432 bytes
Setting video mode 1280x1024 (8-bpp windowed)
SDL_AudioDriverName: (error)
[New Thread 0x7fffe1ffe700 (LWP 26208)]
SDL_CDNumDrives: -1
CD error: SDL CD: error opening cd device.
Can't play OGG music track: track02.ogg
Can't play OGG music track: track02.ogg
Can't play OGG music track: track04.ogg
Can't play OGG music track: track04.ogg
Can't play OGG music track: track04.ogg

Thread 1 "jfsw" received signal SIGSEGV, Segmentation fault.
0x0000000000435d32 in MNU_DoMenu ()
(gdb) bt full
#0  0x0000000000435d32 in MNU_DoMenu ()
#1  0x000000000041e808 in RunLevel ()
#2  0x000000000041f11f in NewLevel ()
#3  0x000000000041f1d7 in Control ()
#4  0x000000000041f4a5 in app_main ()
#5  0x0000000000405205 in main ()

[orbea]

I was able to repeat the segmentation fault with the full game.

Reading symbols from jfsw...done.
(gdb) run
Starting program: /usr/games/jfsw 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffebec2700 (LWP 27872)]
[New Thread 0x7fffeb6c1700 (LWP 27873)]
Added /usr/share/games/jfsw/ to search path.
Added /usr/games/ to search path.
Added /home/orbea/.jfsw/ to search path.

BUILD engine by Ken Silverman (http://www.advsys.net/ken)
Additional improvements by Jonathon Fowler (http://www.jonof.id.au)
and other contributors. See BUILDLIC.TXT for terms.

64-bit word size. Built Mar  2 2016.

Initialising SDL2 system interface (compiled with SDL version 2.0.4, runtime version 2.0.4)
Loading system OpenGL library
Detecting video modes:
  - 1600x900 8-bit fullscreen
  - 1440x900 8-bit fullscreen
  - 1366x768 8-bit fullscreen
  - 1280x1024 8-bit fullscreen
  - 1280x960 8-bit fullscreen
  - 1280x800 8-bit fullscreen
  - 1280x720 8-bit fullscreen
  - 1152x864 8-bit fullscreen
  - 1024x768 8-bit fullscreen
  - 800x600 8-bit fullscreen
  - 640x480 8-bit fullscreen
  - 640x400 8-bit fullscreen
  - 512x384 8-bit fullscreen
  - 480x360 8-bit fullscreen
  - 400x300 8-bit fullscreen
  - 320x240 8-bit fullscreen
  - 320x200 8-bit fullscreen
  - 640x480 24-bit fullscreen
  - 720x400 24-bit fullscreen
  - 800x600 24-bit fullscreen
  - 1024x768 24-bit fullscreen
  - 1152x864 24-bit fullscreen
  - 1280x1024 24-bit fullscreen
  - 1680x1050 24-bit fullscreen
  - 1600x900 8-bit windowed
  - 1440x900 8-bit windowed
  - 1366x768 8-bit windowed
  - 1280x1024 8-bit windowed
  - 1280x960 8-bit windowed
  - 1280x800 8-bit windowed
  - 1280x720 8-bit windowed
  - 1152x864 8-bit windowed
  - 1024x768 8-bit windowed
  - 800x600 8-bit windowed
  - 640x480 8-bit windowed
  - 640x400 8-bit windowed
  - 512x384 8-bit windowed
  - 480x360 8-bit windowed
  - 400x300 8-bit windowed
  - 320x240 8-bit windowed
  - 320x200 8-bit windowed
  - 1600x900 24-bit windowed
  - 1440x900 24-bit windowed
  - 1366x768 24-bit windowed
  - 1280x1024 24-bit windowed
  - 1280x960 24-bit windowed
  - 1280x800 24-bit windowed
  - 1280x720 24-bit windowed
  - 1152x864 24-bit windowed
  - 1024x768 24-bit windowed
  - 800x600 24-bit windowed
  - 640x480 24-bit windowed
  - 640x400 24-bit windowed
  - 512x384 24-bit windowed
  - 480x360 24-bit windowed
  - 400x300 24-bit windowed
  - 320x240 24-bit windowed
  - 320x200 24-bit windowed
Scanning for GRP files...
Detected registered GRP
SHADOW WARRIOR(tm) Version 1.2
Copyright (c) 1997 3D Realms Entertainment



Type 'SW -?' for command line options.

1 joystick(s) found
  1. (null)
Joystick 1 has 33 axes, 32 buttons, and 2 hat(s).
CONTROL_Startup: Mouse Present
CONTROL_Startup: Joystick Present
RTS file sw.rts was not found
Initialising timer
mmulti: This machine's IP is 127.0.0.1
Loading sound and graphics...
initcache(): Initialised with 33554432 bytes
Setting video mode 1280x1024 (8-bpp windowed)
SDL_AudioDriverName: (error)
[New Thread 0x7fffe1ffe700 (LWP 27874)]
SDL_CDNumDrives: -1
CD error: SDL CD: error opening cd device.

Thread 1 "jfsw" received signal SIGSEGV, Segmentation fault.
0x0000000000435a26 in MNU_DoMenu ()
(gdb) bt full
#0  0x0000000000435a26 in MNU_DoMenu ()
#1  0x000000000041e808 in RunLevel ()
#2  0x000000000041f11f in NewLevel ()
#3  0x000000000041f1d7 in Control ()
#4  0x000000000041f4a5 in app_main ()
#5  0x0000000000405205 in main ()

[orbea]

I think I found a work around for this, don't compile with -fPIC CFLAGS and CXXFLAGS.
I will leave this open as the underlying issue still exists.

Edit: -O2 also seems to cause the issue while -O1 has not caused any segmentation faults yet with a little testing.

[orbea]

Seems that was too hasty, changing the C(XX)FLAGS might of made it better, but with only `-O0'...

Thread 1 "jfsw" received signal SIGSEGV, Segmentation fault.
0x0000000000435d32 in MNU_DoMenu ()
(gdb) bt full
#0  0x0000000000435d32 in MNU_DoMenu ()
#1  0x000000000041e808 in RunLevel ()
#2  0x000000000041f11f in NewLevel ()
#3  0x000000000041f1d7 in Control ()
#4  0x000000000041f4a5 in app_main ()
#5  0x0000000000405205 in main ()

However I did find out how to reliably reproduce it, hold down the fire button while dying. The turret near the train track on the first shareware level works well to test it. Stand in front of the turret with an uzi and hold down the fire button until you die. It should produce a segmentation fault.

[orbea]

Another clue, this will only happen after loading a saved game, it will not happen with a fresh game.

[jonof]

Thanks. I'll see if it brings me any closer to a solution next time I return to JFSW.

[orbea]

jfsw-2017.03.25_8fc2d54_master-x86_64-1_git

This is still occurring so here is an updated backtrace.

Reading symbols from jfsw...done.
(gdb) run
Starting program: /usr/games/jfsw 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe7144700 (LWP 11482)]
[New Thread 0x7fffe3dc9700 (LWP 11485)]
SDL_GetCurrentAudioDriver: alsa
[New Thread 0x7ffff7e19700 (LWP 11486)]

Thread 1 "jfsw" received signal SIGSEGV, Segmentation fault.
0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, 
    UNUSED_pp=<optimized out>) at src/menus.c:4593
4593            && currentmenu->items[currentmenu->cursor].type == mt_slider)
(gdb) bt
#0  0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, UNUSED_pp=<optimized out>) at src/menus.c:4593
#1  0x0000000000434be4 in MNU_CheckForMenus () at src/menus.c:4643

Thread 1 "jfsw" received signal SIGSEGV, Segmentation fault.
0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, 
    UNUSED_pp=<optimized out>) at src/menus.c:4593
4593            && currentmenu->items[currentmenu->cursor].type == mt_slider)
(gdb) bt
#0  0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, U
NUSED_pp=<optimized out>) at src/menus.c:4593
#1  0x0000000000434be4 in MNU_CheckForMenus () at src/menus.c:4643
#2  0x000000000041d021 in MoveLoop () at src/game.c:3030
#3  0x000000000041d368 in RunLevel () at src/game.c:3184
#4  0x000000000041dc9f in NewLevel () at src/game.c:1643
#5  0x000000000041dd57 in Control () at src/game.c:2919
#6  0x000000000041e116 in app_main (argc=1, argv=0x7fffffffe218)
    at src/game.c:4089
#7  0x00000000004044cf in main (argc=<optimized out>, argv=<optimized out>)
    at src/sdlayer2.c:199
(gdb) bt full
#0  0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, UNUSED_pp=<optimized out>) at src/menus.c:4593
        resetitem = 1 '\001'
        zero = 0
        handle2 = 246
        limitmove = 128
#1  0x0000000000434be4 in MNU_CheckForMenus () at src/menus.c:4643
#2  0x000000000041d021 in MoveLoop () at src/game.c:3030
        pnum = <optimized out>
#3  0x000000000041d368 in RunLevel () at src/game.c:3184
#4  0x000000000041dc9f in NewLevel () at src/game.c:1643
#5  0x000000000041dd57 in Control () at src/game.c:2919
#6  0x000000000041e116 in app_main (argc=1, argv=0x7fffffffe218)
    at src/game.c:4089
        i = <optimized out>
        cnt = <optimized out>
        firstnet = <optimized out>
#7  0x00000000004044cf in main (argc=<optimized out>, argv=<optimized out>)
    at src/sdlayer2.c:199
        r = <optimized out>
(gdb) t a a f

Thread 4 (Thread 0x7ffff7e19700 (LWP 11486)):
#0  0x00007fffe31bd96e in ?? () from /usr/lib64/libspeexdsp.so.1

Thread 3 (Thread 0x7fffe3dc9700 (LWP 11485)):
#0  0x00007ffff71a660d in nanosleep () from /lib64/libpthread.so.0

Thread 2 (Thread 0x7fffe7144700 (LWP 11482)):
#0  0x00007ffff71a27cb in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib64/libpthread.so.0

Thread 1 (Thread 0x7ffff7fbbb80 (LWP 11478)):
#0  0x000000000043460c in MNU_DoMenu (UNUSED_type=UNUSED_type@entry=ct_mainmenu, 
    UNUSED_pp=<optimized out>) at src/menus.c:4593
4593            && currentmenu->items[currentmenu->cursor].type == mt_slider)

[orbea]

Thanks to the SlackBuild maintainer for jfsw a workaround for this issue was found.

diff -Naur jfsw.orig/src/menus.c jfsw/src/menus.c
--- jfsw.orig/src/menus.c	2017-03-24 23:22:17.000000000 -0400
+++ jfsw/src/menus.c	2018-07-10 22:51:52.032019948 -0400
@@ -2540,7 +2540,7 @@
     CONTROL_ClearUserInput(&mnu_input);
     CONTROL_GetUserInput(&mnu_input);
 
-    if (KB_KeyPressed(sc_Y) || KB_KeyPressed(sc_Enter) || mnu_input.button0)
+    if (KB_KeyPressed(sc_Y) || KB_KeyPressed(sc_Enter))
         return (TRUE);
     else
         return (FALSE);

The problem appears to be that when loading a saved game and then dying, jfsw opens a dialog window asking if the player will like to Load saved game Y/N?. However it also responds to the fire button and if the player is firing while dying it will select yes and then crash after a very brief pause. The above patch will make it not respond to the fire button and hide the crash where the player can then press Y or N to load a saved game. The underlying issue seems to be present still, but at least it doesn't crash unintentionally now.

[orbea]

@jonof Ping. This issue is still current and the above patch still helps, any thoughts?

[jonof]

It may be a workaround but it's not a solution, and it creates a new problem: you can't acknowledge the prompt from a game controller. The real cause I certain to be more subtle, and when I finish the engine OpenGL modernisation exercise I'll look into it further.

[orbea]

Thanks, I really appreciate it and hope this can be properly fixed eventually. :)

[jonof]

Good news: I believe I've finally solved this problem. I'll merge it once I've done more testing.

[orbea]

Thank you! The fix seems to also work here. :)