penguin-command dies randomly

Bug #76179 reported by Ben Beasley
16
Affects Status Importance Assigned to Milestone
penguin-command (Debian)
Fix Released
Unknown
penguin-command (Ubuntu)
Fix Released
Undecided
Ryan Kavanagh

Bug Description

Binary package hint: penguin-command

Play for a while and penguin-command crashes. I've seen it twice and can't associate it with any particular action.

Revision history for this message
In , Karl Bartel (karlb) wrote : I can't locate the problem

tags 184437 help

I can reproduce this bug under Mac OS X only (at least I think it is
this bug...), but I am unable to locate the problem.

Here's the backtrace (line numbers might slightly differ, because I'm
using my current dev version):

Thread 0 Crashed:
0 SDL 0x30008fec SDL_SoftBlit + 0xcc
1 SDL 0x3001f5c0 SDL_LowerBlit + 0x11c
2 SDL 0x3001f7a8 SDL_UpperBlit + 0x1d4
3 ??? 0x0001c540 BlitToBB + 0xe8 (gfx.c:393)
4 ??? 0x00020550 DestroyTarget + 0xa4
(missile.c:104)
5 ??? 0x0001d66c HandleBomb + 0x8f0 (bomb.c:84)
6 ??? 0x0000c680 ProcessEvents + 0xe0
(game.c:316)
7 ??? 0x0000cef8 StartGame + 0x1d4 (game.c:429)
8 ??? 0x0001fd90 SDL_main + 0x138 (main.c:460)

So the critical line seems to be line 104 in missile.c:
BlitPart(rect.x,rect.y,BackBuffer,rect);

I really can't see any problem with it. And to make the whole problem
even more strange, the bug seems to only occur when playing the game
with sound.

Any help with this is appreciated,
Karl

Revision history for this message
In , Mike Fedyk (mfedyk) wrote : Email address changed

submitter 182669 !
submitter 184437 !
submitter 210814 !
submitter 230301 !
submitter 267014 !

Revision history for this message
Ben Beasley (ben-musicinmybrain) wrote :

Binary package hint: penguin-command

Play for a while and penguin-command crashes. I've seen it twice and can't associate it with any particular action.

Revision history for this message
Ryan Kavanagh (ryanakca) wrote :

Hey, thanks for your bug report,
Can you please try to reproduce it and provide us with a backtrace? https://wiki.ubuntu.com/Backtrace
Cheers,
Ryan

Changed in penguin-command:
assignee: nobody → ryanakca
status: Unconfirmed → Needs Info
Revision history for this message
Ben Beasley (ben-musicinmybrain) wrote : Re: [Bug 76179] Re: penguin-command dies randomly

Hi. Apologies; I'm new to bug reporting.

I followed the instructions on
https://wiki.ubuntu.com/DebuggingProgramCrash under "Old notes" (no
penguin-command-dbgsym exists in the repos) and then those at
https://wiki.ubuntu.com/Backtrace . When I did, penguin-command set the
screen resolution to 640x480 and immediately froze, leaving me stuck in
640x480 mode with no mouse support. This is not the behavior of the
normal package, of course. What might I be doing wrong?

On Sun, 2006-12-17 at 17:06 +0000, Ryan Kavanagh wrote:
> Hey, thanks for your bug report,
> Can you please try to reproduce it and provide us with a backtrace? https://wiki.ubuntu.com/Backtrace
> Cheers,
> Ryan
>
> ** Changed in: penguin-command (Ubuntu)
> Assignee: (unassigned) => Ryan Kavanagh
> Status: Unconfirmed => Needs Info
>

Revision history for this message
Sarah Kowalik (hobbsee-deactivatedaccount) wrote :

I get this as well. not sure if the other bug is the same thing.

Revision history for this message
ville palo (vi64pa) wrote :

Could this be a duplicate with Bug #81579? It has crash dump attached.

Revision history for this message
In , Brandon (winterknight) wrote : I think I'm running into the same bug.

I think I'm running into the same bug. Debian Etch (testing), on an
x86 (Celeron D). It typically takes about 15 minutes to segfault.
I don't think the bug is where you think it is. It is a different
operation every time. That usually means memory corruption. Also, in my
debug core dump, argc is a ridiculously high value, 136100536. Memory
corruption all right.

It does not occur with sound off. That may be because it is a sound
issue, or it could be because the corrupted memory is never used. It
took me 24 minutes to segfault my debug build. The unusually high
playtime is probably a result of the fact that most of the information
in a debug executable is not used during play time, so it took longer
to corrupt an important part.

I'm working on this bug (probably the same one.) Give me a few days. I
think I should have it by then. I am good at this sort of thing.

-Brandon

Revision history for this message
In , Brandon (winterknight) wrote : Please, God. Make this patch work.
Download full text (6.1 KiB)

tags 184437 + patch

I don't think this bug is actually in penguin-command. I think it is in
sdl-mixer. Or maybe it is in libpng. The conditions that make
penguin-command crash are really weird. It seems that a .mod file has
to be playing in the background while a png file is blitted to the
screen. Like I said, weird.

I have a simple patch that fixes this segfault for me. Here it is:

----- Patch begin -------
diff -r src-orig/sound.c src/sound.c
8c8
< {"ramagard.s3m","icefront.s3m","pennight.mod","datajack.s3m"};
---
> {"ramagard.s3m","icefront.s3m","datajack.s3m"};

diff -r src-orig/sound.h src/sound.h
3c3
< #define MUSICNUM 4
---
> #define MUSICNUM 3
------- Patch end -------

Yep. Not asking sdl-mixer to play a mod file fixes it, at least it does
for me. I've narrowed down where I think the segfault occurs, and I
think the problem is genuinely with sdl-mixer playing mod files. If I
am right, this patch will work for everybody.

While debugging, I tried replacing that line in sound.c with 4
pennights. I thought it would crash more. It didn't crash at all. I
also tried moving it to the front, back, and second position. It didn't
crash under those seemingly identical situations. Like I said, weird.

Also worthy of note, is that every time I got penguin-command to crash
, it was playing song #2 (starting from 0). Here is a log I have been
keeping. I only added to this log sometimes when penguin-command would
crash. I am not including the core dumps. If someone wants them, email
me.

Matches core penguin-command1.core
I was using libsdl1.2debian-oss here.

~$ penguin-command
** Starting SDL init **
** Init video **
** Set video mode **
** Create buffers **
** Finding Joysticks **
** Init joystick **
** Loading Title Screen **
** Opening Audio Mixer **
   8 channels allocated
** Loading Music **
** Loading Sounds **

Warning: I could not open the options file for read:
/home/wk/.penguin-command
The error that occured was:
No such file or directory

** Playing Music **
** Ready to enter Menu **
Now playing song #1
** Fade in Music **
** Showing Title Screen **
** Blit Background **
** Background image drawn **
** Loading Font **
** Init Font **
** Loading Images **
Now playing song #1
FPS 74.932544
Now playing song #0
** Fade in Music **
** Showing Title Screen **
** Blit Background **
** Background image drawn **
Now playing song #2
FPS 74.029192
** Fade in Music **
** Showing Title Screen **
** Blit Background **
** Background image drawn **
Segmentation fault (core dumped)

Matches core penguin-command2.core
I was using libsdl1.2debian-alsa here.

** Starting SDL init **
** Init video **
** Set video mode **
** Create buffers **
** Finding Joysticks **
** Init joystick **
** Loading Title Screen **
** Opening Audio Mixer **
   8 channels allocated
** Loading Music **
** Loading Sounds **
** Playing Music **
** Ready to enter Menu **
Now playing song #1
** Fade in Music **
** Showing Title Screen **
** Blit Background **
** Background image drawn **
** Loading Font **
** Init Font **
** Loading Images **
Now playing song #1
Now playing song #0
FPS 73.957016
** Fade in Music **
** Showing Title Screen **
** Blit Background **
** Back...

Read more...

Revision history for this message
In , Brandon (winterknight) wrote :

tags 184437 + patch

Revision history for this message
In , Karl Bartel (karlb) wrote : Re: Bug#184437: Please, God. Make this patch work.

Hi Brandon,

> I have a simple patch that fixes this segfault for me. Here it is:

This seems to work well. It's a pity not to use this nice music, but
since it is clearly better than an occasional crash.

> While debugging, I tried replacing that line in sound.c with 4
> pennights. I thought it would crash more. It didn't crash at all. I
> also tried moving it to the front, back, and second position. It
> didn't
> crash under those seemingly identical situations. Like I said, weird.

I guess this is the reason why I didn't succeed in identifying the
mod file, which causes the crash.

> Also worthy of note, is that every time I got penguin-command to crash
> , it was playing song #2 (starting from 0). Here is a log I have been
> keeping. I only added to this log sometimes when penguin-command would
> crash. I am not including the core dumps. If someone wants them, email
> me.

Interesting. I will think a bit more about this (and test a bit more
myself). It might be a good clue.

> Core was generated by `penguin-command'.
> Program terminated with signal 11, Segmentation fault.
> #0 0xb7eb1413 in SDL_LowerBlit () from /usr/lib/libSDL-1.2.so.0
> (gdb) backtrace
> #0 0xb7eb1413 in SDL_LowerBlit () from /usr/lib/libSDL-1.2.so.0
> #1 0xb7eb16b4 in SDL_UpperBlit () from /usr/lib/libSDL-1.2.so.0
> #2 0x0804ceea in Blit (Xpos=136111496, Ypos=510, image=0x805a750) at
> gfx.c:331 #3 0x0804bdab in DrawCannon (x=20, y=0) at game.c:160
> #4 0x0804c0ad in ProcessEvents () at game.c:322
> #5 0x0804c314 in StartGame () at game.c:429
> #6 0x0804b1df in main (argc=136100536, argv=0x0) at main.c:460
> (gdb)
>
> Notice that this has some things in common with the trace that Karl
> provided a few years ago, but some things are distinctly different.

It probably crashes in Blit, because the function is the most memory
intensive one. This really looks like memory corruption.

Thanks for your hard work. I'd like to do some more testing before
applying the patch, to get sure it really works around this bug (and
hopefully get some more details). The crash doesn't occur very
frequently, so It'll probably take some time. I'll write again within
the next week.

Thanks again,
Karl

Revision history for this message
In , Karl Bartel (karlb) wrote : Patch applied upstream

This patch really seems to work around the problem. I applied it
upstream and I'll update the debian package soon. Better solutions
than the one in this patch are still welcome, of course.

-- Karl

Revision history for this message
In , Karl Bartel (karlb) wrote : Bug#184437: fixed in penguin-command 1.6.11-1

Source: penguin-command
Source-Version: 1.6.11-1

We believe that the bug you reported is fixed in the latest version of
penguin-command, which is due to be installed in the Debian FTP archive:

penguin-command_1.6.11-1.diff.gz
  to pool/main/p/penguin-command/penguin-command_1.6.11-1.diff.gz
penguin-command_1.6.11-1.dsc
  to pool/main/p/penguin-command/penguin-command_1.6.11-1.dsc
penguin-command_1.6.11-1_i386.deb
  to pool/main/p/penguin-command/penguin-command_1.6.11-1_i386.deb
penguin-command_1.6.11.orig.tar.gz
  to pool/main/p/penguin-command/penguin-command_1.6.11.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Karl Bartel <email address hidden> (supplier of updated penguin-command package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 27 Mar 2007 14:12:45 +0200
Source: penguin-command
Binary: penguin-command
Architecture: source i386
Version: 1.6.11-1
Distribution: unstable
Urgency: low
Maintainer: Karl Bartel <email address hidden>
Changed-By: Karl Bartel <email address hidden>
Description:
 penguin-command - a missile command clone
Closes: 184437 292264 381610
Changes:
 penguin-command (1.6.11-1) unstable; urgency=low
 .
   * New upstream release
   * Fixed in upstream: Segfault in SDL (Closes: #184437)
   * Fixed in upstream: buffer overflow causes crash from env-var HOME (Closes: #292264)
   * Automake and autoconf should not be required anymore (Closes: #381610)
   * Switched to cdbs for package creation
Files:
 c476231fe205ac8ea351ed97e4f30d6f 695 games optional penguin-command_1.6.11-1.dsc
 4dcf0073d62f28e47af18a922a1badc3 1123574 games optional penguin-command_1.6.11.orig.tar.gz
 a4c1c2c404b00b9aa8929e28947a71f6 2084 games optional penguin-command_1.6.11-1.diff.gz
 bd33270e05c8d8c7c84559781700b19d 955594 games optional penguin-command_1.6.11-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGCRdefMEUy5xtXlkRAvxnAJ9oioELy8yrRh4J383KcFVrbqwINgCbBc0O
Ae6XIaY8O5z5ixnkwvOFHJg=
=3Z8E
-----END PGP SIGNATURE-----

Revision history for this message
In , Brandon (winterknight) wrote : Figured it out. Why pennight.mod crashes penguin-command, and how to work around it.

This bug is indeed a fault of SDL-mixer. It has to do with a variable,
md_sndchn, which is either not properly updated, or used
inappropriately. I'm going to notify SDL-mixer upstream, as well as the
debian team, and give them a patch.

The workaround, for penguin-command, and any other program that uses
an affected version of SDL-mixer (all of them), is to not load music
files of varying channels. ramagard.s3m, icefront.s3m, and datajack.s3m
all have 8 channels. pennight.mod has 4 channels. You can bring
pennight.mod back, if you remaster it to have 8 channels.
Alternatively, you could choose to not load more than one music file at
a time. The problem occurs when the last music file loaded has a
different number of channels than the one you want to play. If you load
and play every time, I don't think you'll have a problem, except for
memory and/or lag between songs.

In penguin-command, the last file loaded is datajack.s3m, with 8
channels. That is why it crashed when it tried to play pennight.mod,
which has only has 4 channels.

Please use the word debian somewhere in the body or subject of the
message if you want to email me with any questions.

Revision history for this message
KennoVO (kenno-xs4all) wrote :

Here's a thorough analysis of the bug, including workaround:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=184437

The creators of penguin-command have incorporated said workaround in their version 1.6.11:
http://user.cs.tu-berlin.de/~karlb/penguin-command/

Summary: the crash is caused by playing back a faulty music file, and the workaround consists of removing the file:
sudo rm /usr/share/games/penguin-command/sound/pennight.mod

Revision history for this message
Ryan Kavanagh (ryanakca) wrote :

Is this bug still an issue, or has it been resolved by the upload (see Debian bug 184437: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=184437#39 )?

Cheers,
Ryan

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

I'm closing this report because this issue has been solved in version 1.6.11 available since gutsy.

Thanks for your time.

Changed in penguin-command:
status: Incomplete → Fix Released
Changed in penguin-command:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.