Segfault on help for foreign militarysite

The stack trace points in the direction of the problem, thanks! :)

Can you attach a savegame please? This will speed up testing for me.

No problem. This is the last autosave before that segfault.

...and I concocted an artificial situation, attached as well.

I can't reproduce this in current trunk - see attached screenshot.

Which Widelands version are you using, and on which OS are you?

Hm, I could have said so when uploading the savegames, but testing both I could get the tower help without any problem too. I hope my computer's not cursed to delay the next release or something... It's Debian testing I'm running, mostly up to date, and WL bzr8068.

I still have the attached gdb open, so some relevant info like calling parameters should still be in memory/swap. But I'm not entirely sure how to get it out, and I'm not sure if it's worth it to find out how.

...and then my GNOME crashed, and the offer for info from gdb is no longer valid. :sadface:

I am on Ubuntu, so our systems are similar enough that the crash should be identical *headdesk*

The line is:

  new UI::BuildingHelpWindow(&igbase(), registry, building_.descr(), building_.owner().tribe(), &igbase().egbase().lua());

No idea why the dynamic_cast from &igbase() to Panel* fails here.

Using the save game from #3 the crash happens to me two times, but not ever. I have clicked the dbg button and the help button and vice versa and some times the game crashes. I ran it with gdb and the console output is:

Thread 1 "widelands" received signal SIGSEGV, Segmentation fault.
__cxxabiv1::__dynamic_cast (src_ptr=0x1200000045, src_type=0x1298ed0 <typeinfo for UI::Panel>, dst_type=0x1320830 <typeinfo for InteractiveGameBase>, src2dst=0)
    at /build/gcc/src/gcc/libstdc++-v3/libsupc++/dyncast.cc:50
50 /build/gcc/src/gcc/libstdc++-v3/libsupc++/dyncast.cc: Datei oder Verzeichnis nicht gefunden.

Trying to search for this file gives no result, either with 'find' nor with 'locate'.

I think the output of my backtrace looks the same as the one from Steven, but i attache it anyway.

Maybe related: I played with Netherlands language setting and bzr8074

Crash happens also two times with bzr8076, output is the same. But as said, one has to click often the help button of the building. On first test it happens after ~20 times clicking, at second test about ~40 times clicking.

Trying with english language the crash happens also.

I still have difficulty reproducing, so I added a branch that will print some log output.

1. Does it happen only with the help button, or with the DBG button as well?
2. Do you have to open and close the building window to trigger the crash, or is toggling the help window sufficient to trigger it?

The branch is compiling...

> 1. Does it happen only with the help button, or with the DBG button as well?

I think it comes only up when clicking the help button. But last week i got a crash when hitting the Attack button much often. But i couldn't reproduce the crash, so i did not write a bug report. Don't know if this could be the same error.

> 2. Do you have to open and close the building window to trigger the crash, or is toggling the help window sufficient to trigger it?

Couldn't say. Because it's quite boring to click always the same button, i clicked also some other buildings/buttons, also close the building help with right clicking on it. But mostly clicking only the help button from the conquered building. I think there is no relation to other buttons or how the buildings help get closed. But i am not sure though.

I didn't found a way yet to reproduce the crash with specific steps.

After clicking the help button about 200 times, i go this with your branch (last few lines):

NOCOM OPEN WINDOW
NOCOM igbase: width 1680
NOCOM building_.descr(): barbarians_tower
NOCOM tribe: atlanteans
NOCOM egbase: gametime 30064568
NOCOM OPEN WINDOW
NOCOM igbase: width 1680
NOCOM building_.descr(): barbarians_tower
NOCOM tribe: atlanteans
NOCOM egbase: gametime 30067046
TrainingSite::drop_stalled_soldiers: Kicking somebody out.
NOCOM HELP BUTTON
NOCOM OPEN WINDOW
NOCOM igbase: width 1680
NOCOM building_.descr(): barbarians_tower
NOCOM tribe: atlanteans
NOCOM egbase: gametime 30105398
NOCOM OPEN WINDOW
Speicherzugriffsfehler (Speicherabzug geschrieben)

I tried again using gdb and then the crash happens after clicking the help button, closing all windows, open it again, and so forth, few times (full output log attached). Another try under gdb and no crash for about 40 times clicking. That's a bad bug...

I tried reproducing this under r8077 (Release and Debug) by clicking the help button in "artificial.wgf" > 300 times - no crash. I used the default locale - maybe this could be related?

To make reproduction easier, I wrote a little script to help. To use, dump this in the current working directory of Widelands (under Mac OS and windows this is next to the binary, under linux it is the directory you launched widelands in) as "debug.lua". Now launch a debug version of Widelands, press F6 to bring up the console and launch the script using 'dofile "debug.lua"'. Alternatively use --load and --scripting from the commandline.

----
include "scripting/coroutine.lua"

run(function()
   while true do
      wl.ui.MapView().windows.building_window.buttons.help:click()
      sleep(100)
   end
end)
----

The log output would point at something being wrong with the object returned by &igbase() here.

Open 1 building window before running the debug lua, because it needs a building window. I didn't get any crashes with it though.

I am attaching a debug script that will open and close the building window as well.

The debug file proposed by GunChleoc is working only with the artificial.wgf save game :-)

I couldn't reproduce the bug with these scripts. I set this bug to incomplete and remove the Milestone.

Feel free to change it, once this bug come up again.

A weak theory: maybe the mouse bounces, producing two events very quickly and we process both - trying to delete the window twice. I cannot explain how that can work though, since being singlethreaded in the UI, there cannot really be a race condition.

[Expired for widelands because there has been no activity for 60 days.]

I tried to reproduce the bug on Debian 9.1 "stretch". I used revision 8481 and the file from #4. At first I tested release build with and without valgrind. No crash or memory leaks while clicking the help button many times. Then I tested with debug build by clicking the debug button and the menu button on and off randomly. No crash. After that did the same by using japanise language and no crash.

Fixed in build20-rc1