. Thread 2 (Thread 3927): #0 0x00abf416 in __kernel_vsyscall () No symbol table info available. #1 0x0040d1c9 in ppoll (fds=0xa15f090, nfds=2, timeout=, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:58 resultvar = oldtype = 2 tval = {tv_sec = 6369268, tv_nsec = 0} result = #2 0x005f1442 in pa_mainloop_poll (m=0xa179710) at pulse/mainloop.c:887 ts = {tv_sec = 0, tv_nsec = -1508738048} __func__ = "pa_mainloop_poll" __PRETTY_FUNCTION__ = "pa_mainloop_poll" #3 0x005f1b84 in pa_mainloop_iterate (m=0xa179710, block=1, retval=0x0) at pulse/mainloop.c:961 r = __func__ = "pa_mainloop_iterate" __PRETTY_FUNCTION__ = "pa_mainloop_iterate" #4 0x006f4f16 in DUMMYAUD_WaitAudio (this=0xa170180) at ../../src/audio/dummy/SDL_dummyaudio.c:106 No locals. #5 0x006c6690 in __stack_chk_fail@plt () from /usr/lib/libSDL-1.2.so.0 No symbol table info available. #6 0x0a170180 in ?? () No symbol table info available. #7 0x006cee4e in ?? () at ../../src/events/SDL_quit.c:92 from /usr/lib/libSDL-1.2.so.0 No locals. #8 0x0071612d in HWAccelBlit (src=0xa179578, srcrect=0x56ecb70, dst=0x56ecb70, dstrect=0x56ecb70) at ../../src/video/fbcon/SDL_fbmatrox.c:163 this = pitch = -514 w = 169279872 h = 3385905 srcX = 0 srcY = 7430445 dstX = 7475188 dstY = 91145032 sign = 0 start = stop = skip = blitop = #9 0x002dfe99 in start_thread (arg=0x56ecb70) at pthread_create.c:304 pd = 0x56ecb70 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {3080180, 0, 4001536, 91145288, -1713387514, 530962956}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = robust = pagesize_m1 = sp = freesize = __PRETTY_FUNCTION__ = "start_thread" #10 0x0041b73e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. . Thread 1 (Thread 3923): #0 0x00abf416 in __kernel_vsyscall () No symbol table info available. #1 0x00375e71 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = resultvar = pid = 4882420 selftid = 3923 #2 0x0037934e in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0xf53, sa_sigaction = 0xf53}, sa_mask = {__val = {4882420, 1, 3219070064, 3219069900, 4535509, 3450084, 136649568, 134525329, 134516696, 3219070064, 2963, 3219070032, 134513256, 32, 2, 3219069900, 4273956, 4, 0, 3219069960, 4882420, 18, 2, 3219070080, 4396378, 2, 3219069960, 4, 0, 3, 2, 4723960}}, sa_flags = 4, sa_restorer = 0x5} sigs = {__val = {32, 0 }} #3 0x003ac577 in __libc_message (do_abort=2, fmt=0x4839aa "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 ap = 0xdbb5918 "*** buffer overflow detected ***: /usr/games/simutrans terminated\n" ap_copy = 0xdbb5918 "*** buffer overflow detected ***: /usr/games/simutrans terminated\n" fd = 2 on_2 = list = nlist = cp = written = #4 0x00430df0 in __fortify_fail (msg=0x48392b "buffer overflow detected") at fortify_fail.c:32 No locals. #5 0x0042fcca in __chk_fail () at chk_fail.c:29 No locals. #6 0x0042f3c8 in _IO_str_chk_overflow (fp=0xbfdf28a0, c=41) at vsprintf_chk.c:35 No locals. #7 0x003b47e5 in _IO_default_xsputn (f=0xbfdf28a0, data=0x81f9b97, n=1) at genops.c:485 s = 0x81f9b98 "" more = #8 0x00389a2e in _IO_vfprintf_internal (s=Cannot access memory at address 0xf53 ) at vfprintf.c:1650 step0_jumps = {0, -11374, -8497, -8423, -8344, -8274, -8185, -7944, -7659, -7301, -7125, -6855, -6550, -6388, -6352, -6124, -3591, -3493, -3403, -2712, -2977, -34, -2224, -3388, -758, -561, -3312, -6470, -6550, -8031} space = is_short = use_outdigits = step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -7301, -7125, -6855, -6550, -6388, -6352, -6124, -3591, -3493, -3403, -2712, -2977, -34, -2224, -3388, -758, -561, -3312, -6470, -6550, 0} group = prec = step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -7125, -6855, -6550, -6388, -6352, -6124, -3591, -3493, -3403, -2712, -2977, -34, -2224, -3388, -758, -561, -3312, -6470, -6550, 0} string = left = is_long_double = width = step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -6939, 0, 0, 0, -6352, -6124, -3591, -3493, -3403, 0, 0, 0, 0, -3388, 0, 0, 0, 0, 0, 0} alt = showsign = is_long = is_char = pad = step3b_jumps = {0 , -6550, 0, 0, -6352, -6124, -3591, -3493, -3403, -2712, -2977, -34, -2224, -3388, -758, -561, -3312, 0, 0, 0} step4_jumps = {0 , -6352, -6124, -3591, -3493, -3403, -2712, -2977, -34, -2224, -3388, -758, -561, -3312, 0, 0, 0} is_negative = number = {longlong = 1, word = 1} base = the_arg = {pa_wchar = 32767 L'\377', pa_int = 32767, pa_long_int = 32767, pa_long_long_int = 1000727412735, pa_u_int = 32767, pa_u_long_int = 32767, pa_u_long_long_int = 1000727412735, pa_double = 4.9442503548395747e-312, pa_long_double = , pa_string = 0x7fff

, pa_wstring = 0x7fff

, pa_pointer = 0x7fff, pa_user = 0x7fff} spec = _buffer = {__routine = 0x2, __arg = 0x9d, __canceltype = 1, __prev = 0x0} _avail = thousands_sep = grouping = done = 39 f = 0x81f9b98 "" lead_str_end = 0x81f9b8b "%s %d (%s %i)" end_of_spec = work_buffer = "\b\000\000\000\034$\337\277\226\275\067\000@$\337\277X'\337\277\b\000\000\000\000\000\000\000\240\203J\000\000\000\000\000l'\337\277\213/9\000 '\337\277\000\000\000\000\b", '\000' , "\f*\337\277\060", '\000' , " ", '\000' "\373, W\037\b", '\000' "\377, \377\377\377\002\000\000\000\002\000\000\000\000\000\000\000f\000\000\000\000\000\000\000 \000\000\000N\214\037\b\000(\337\277\350\263\372\r\001\000\000\000\000\000\000\000\300\247\365\300K\214\037\b\000\000\000\000P*\337\277\060\211w\267K\214\037\b\t", '\000' , ")[\016\b", '\000' , "\024F;\000\000\000\000\000\000\000\000\000\364\177J\000\244$\337\277 %\337\277 &\337\277@%\337\277l&\337\277(%\337\277\364\177J\000@%\337\277\177\000\000\000\354%\337\277}\364B"... workstart = 0x0 workend = ap_save = 0xbfdf2980 " \026\004\263\001" nspecs_done = 4 save_errno = 11 readonly_format = 0 jump_table = "\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r" __PRETTY_FUNCTION__ = "_IO_vfprintf_internal" #9 0x0042f47d in ___vsprintf_chk (s=0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", flags=1, slen=40, format=0x81f9b8b "%s %d (%s %i)", args=0xbfdf2980 " \026\004\263\001") at vsprintf_chk.c:86 f = {_sbf = {_f = {_flags = -72515583, _IO_read_ptr = 0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", _IO_read_end = 0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", _IO_read_base = 0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", _IO_write_base = 0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", _IO_write_ptr = 0xdfac8a5 "s", _IO_write_end = 0xdfac8a5 "s", _IO_buf_base = 0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", _IO_buf_end = 0xdfac8a5 "s", _IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = -1293759392, _flags2 = 4, _old_offset = 217918500, _cur_column = 0, _vtable_offset = 0 '\000', _shortbuf = "\f", _lock = 0x0, _offset = 0, _codecvt = 0x9d, _wide_data = 0xffff, _freeres_list = 0x0, _freeres_buf = 0xb3041630, _freeres_size = 136289152, _mode = -1, _unused2 = "\020\000 \000P\000 \002\200\334\301\f\000\000\000\000 \026\004\263\240\375\003\263\230\355\003\263\000\000\000\000\000\000\000\000$,\375\f"}, vtable = 0x4a7d00}, _s = {_allocate_buffer = 0, _free_buffer = 0x82}} ret = #10 0x0042f3bd in ___sprintf_chk (s=0xdfac87e "\320\242/\321\201: 1 (\320\241\320\265\320\272\321\206\320\270\320\270 c\321\202\320\260\320\275\321\206\320\270\320\270: 1s", flags=1, slen=40, format=0x81f9b8b "%s %d (%s %i)") at sprintf_chk.c:33 arg = 0xbfdf2980 " \026\004\263\001" done = 0 #11 0x080e619a in sprintf (this=0xdfab3e8, pos=..., groesse=...) at /usr/include/bits/stdio2.h:35 No locals. #12 depot_frame_t::zeichnen (this=0xdfab3e8, pos=..., groesse=...) at gui/depot_frame.cc:1143 total_max_weight = 107 total_min_weight = 107 total_power = max_speed = min_speed = 130 #13 0x081acea9 in display_win (win=2) at simwin.cc:773 komp = 0xdfab3e8 title_color = 1 text_color = 215 need_dragger = true #14 0x081ad507 in display_all_win () at simwin.cc:796 old_gui = 0x0 i = current_tooltip = 0x0 x = 624 y = 321 #15 0x081aef6a in win_display_flush (konto=179320) at simwin.cc:1347 oldh = 571 pos = {x = -27135, y = 0, z = 0 '\000', static invalid = {x = -1, y = -1, z = -1 '\377', static invalid = }} year = season = month = right_border = info = {capacity = 256, size = 99, buf = 0xdc86fd8 "(146,97,2) \320\230\321\201\320\277\320\276\320\273\321\214\320\267\320\276\320\262\320\260\321\202\321\214 \320\273\320\270\320\275\320\270\321\216 \320\262\321\200\320\265\320\274\320\265\320\275\320\270 \320\230\320\223\320\240\320\220 \320\237\320\240\320\230\320\236\320\241\320\242\320\220\320\235\320\236\320\222\320\233\320\225\320\235\320\220"} menu_height = 32 ticks_this_month = stunden = time = "\021\001\000\000\\\002\000\000\000\000\000\000\000\000\000\000\030\000\023\000\f\000\000\000\254\002\000\000H-\337\277\311#\016\b\340\303\372\r\240-\337\277X-\337\001>\000\000\000 \000\000\000+\002\000\000T\003\001\000\000\003\000\000b\000\000\000z\000\000\000\023\000\000\000\f\000\377\377+\002\000\000\002\003\000\000?\000\000\000\222\000\000\000\001\000\000\000 \001\000\000\f\003\000\000d9\377\377\310\236\210\r0\000\000\000\001\000\000" disp_width = 852 main_menu = 0xdb6aae8 ticks = dt = tage = disp_height = 571 minuten = seasons = {0x8208aef "q2", 0x8208af2 "q3", 0x8208af5 "q4", 0x8208af8 "q1"} month_ = tooltip_check = #16 0x0817ea88 in intr_refresh_display (dirty=false) at simintr.cc:76 No locals. #17 0x081bba14 in karte_t::sync_step (this=0xd889ec8, delta_t=0, sync=false, display=true) at simworld.cc:2690 No locals. #18 0x081c5cde in karte_t::interactive (this=0xd889ec8, quit_month=2147483647) at simworld.cc:5770 time = cursor_hidden = false ev = {ev_class = 2, ev_code = 1, mx = 624, my = 321, cx = 624, cy = 321, button_state = 1, ev_key_mod = 0} swallowed = true next_command_step = 4294967295 ms_difference = 0 #19 0x081840e4 in simu_main (argc=1, argv=0xbfdf4f84) at simmain.cc:1189 new_world = loadgame = {static npos = , _M_dataplus = {> = {<__gnu_cxx::new_allocator> = {}, }, _M_p = 0xacf4b04 ""}} welt = 0xd889ec8 ref_str = dummy = {static npos = , _M_dataplus = {> = {<__gnu_cxx::new_allocator> = {}, }, _M_p = 0xa16beec "pak128/"}} view = 0xcac8158 path_sep = 0x81fd8dc "/" found_settings = path_to_simuconf = "config/simuconf.tab\000\000\000\000" file = {mode = 6, saving = false, version = 102002, ident = 8, pak_extension = "settings only\000\017\n\300\323\017\n\t\000\000\000\003\b\000\000\000\000\000\000\000\000\000\000\363\001\034\000\355\201\000\000\001", '\000' , filename = {static npos = , _M_dataplus = {> = {<__gnu_cxx::new_allocator> = {}, }, _M_p = 0xa0fe5c4 "settings.xml"}}, fp = 0x0, bzfp = 0x0, bse = 1, static save_mode = loadsave_t::zipped} parameter = {1, 1} obj_conf = {static npos = , _M_dataplus = {> = {<__gnu_cxx::new_allocator> = {}, }, _M_p = 0xa15f394 "pak128.Britain/config/simuconf.tab"}} disp_width = pak_diagonal_multiplier = 33112 resolutions = {{640, 480}, {800, 600}, {1024, 768}, {1280, 1024}, {704, 560}} simuconf = {file = 0x0} disp_height = fullscreen = found_simuconf = multiuser = 252 version = 0x82032a8 "Simutrans version 110.0 from Feb 27 2011\n" #20 0x081ed7f9 in main (argc=1, argv=0xbfdf4f84) at simsys_s.cc:763 buffer = "/usr/games/simutrans\000\002x\267\000\000\000\000h\200\030\220\327M\337\277\320M\337\277\314M\337\277\214\250\064\000\241\034\064\000u\000\000\000\000\000\000\000\b\000\000\000\364\237\064\000\204\022\060\000\300?\337\277\364\237\064\000@?\337\277\004\000\000\000(?\337\277\305\035\064\000\b\000\000\000$\000\000\000\364\237\064\000\020\000\000\000\246\234\063\000\064\311w\267 \311w\267\020\000\000\000@@\337\277x\325w\267@\bx\267\300\002x\267\000\000\000\000\217\000\000\000\220\000\000\000\327M\337\277\320M\337\277\314M\337\277\214\250\064\000\241\034\064\000X?\016\215\000\000\000\000\244\362S\216\364\237\064\000\225_\361\000@@\337\277\364\237\064\000\300?\337\277\004\000\000\000\244?\337\277\305\035\064\000\b\000\000\000$\000\000\000\364\237\064\000\020\000\000\000\246\234\063\000\f\311w\267\370\310w\267\020", '\000' "\320, \345w\267@\bx\267\300\002x\267\000\000\000\000\326\264\063\000\264M\337\277", '\000' "\241, \034\064\000\320"... length = 0