Short: 3.2.7-dev.104 and 3.2.8-dev.156 crash in find_string()
Date: Tue, 23 Nov 1999 17:00:17 +0100
From: Freaky <Freaky@UNItopia.rus.uni-stuttgart.de>
Type: Bug
State: Acknowledged
See also: b-990430, b-991123-1, b-981028

Maybe fixed through b-990430?

Der Driver 3.2.8-dev.156 ist gerade nach einem Tag gecored:

#0  0x80c29ac in findstring (s=0xab104ae "spritz_robbie") at stralloc.c:266
266             if (*curr == *s && !strcmp(curr, s))
(gdb) bt
#0  0x80c29ac in findstring (s=0xab104ae "spritz_robbie") at stralloc.c:266
#1  0x80c2add in free_string (str=0xab104ae "spritz_robbie") at stralloc.c:401
#2  0x809afd2 in free_prog (progp=0xbed8d3c, free_sub_strings=1)
    at object.c:519
#3  0x809abff in _free_object (ob=0x9b78b9c) at object.c:255
#4  0x806a28a in eval_instruction (first_instruction=0x8449feb "\030",
    initial_sp=0x810f2cc) at interpret.c:5829
#5  0x8076cc1 in eval_instruction (first_instruction=0x8620f93 "\030",
    initial_sp=0x810f27c) at interpret.c:10452
#6  0x808d1af in apply_low (fun=0x89b5556 "say_command", ob=0xdc5f594,
    num_arg=1, b_ign_prot=0) at interpret.c:18847
#7  0x808d752 in sapply_int (fun=0x89b5556 "say_command", ob=0xdc5f594,
    num_arg=1, b_find_static=0) at interpret.c:19061
#8  0x80dab53 in parse_command (
    buff=0xbfffef0c "'aber vorher mustt du die platte defragmentieren",
    from_efun=0) at actions.c:809
#9  0x80dae5f in execute_command (
    str=0xbfffef0c "'aber vorher mustt du die platte defragmentieren",
    ob=0xdc5f594) at actions.c:967
#10 0x809ef4a in backend () at backend.c:486
#11 0x806593c in main (argc=50, argv=0xbffffb48) at main.c:323
(gdb) print curr
$1 = 0x6e616873 <Address 0x6e616873 out of bounds>
(gdb) print search_len
$4 = 557110260
(gdb) print num_str_searches
$5 = 420304602
(gdb) print prev
$6 = 0xa17150a "la"

(gdb)list
261	    num_str_searches++;
262	
263	    while (curr)
264	    {
265	        search_len++;
266	        if (*curr == *s && !strcmp(curr, s))
267	        {
268	            /* found it */
269	            if (prev)
270	            {
(gdb) p s
$1 = 0xab104ae "spritz_robbie"
(gdb) p curr
$2 = 0x6e616873 <Address 0x6e616873 out of bounds>
(gdb) p h
$3 = 4947
(gdb) p base_table[h]
$4 = 0xa17150a "la"
(gdb) p *(  *(char **)(base_table[h]-6)
$5 = 0x6e616873 <Address 0x6e616873 out of bounds>
(gdb) p base_table[h]-6
$6 = 0xa171504 "shangela"
(gdb) p 0xa171504 0
$7 = 169284864
(gdb) p *(char *)           p base_table[h]-16
$8 = 0xa1714fa "\016\b\004"
(gdb) p base_table[h]-10
$9 = 0xa171500 "\032\004bNshangela"
(gdb) p base_table[h-1]
$10 = 0x8a763f2 "cost"
(gdb) x/cb 0xa171500
0xa171500:	26 '\032'
(gdb) x/cb 0xa1715001cb 0xa171500(gdb) x/16cb 0xa171500(gdb) x/16
0xa171500:	26 '\032'	4 '\004'	98 'b'	78 'N'	115 's'	104 'h'	9
7 'a'	110 'n'
0xa171508:	103 'g'	101 'e'	108 'l'	97 'a'	0 '\000'	0 '\000'	0
 '\000'	0 '\000'
(gdb) x/16cb 0xa171500b 0xa171500xb 0xa171500
0xa171500:	0x1a	0x04	0x62	0x4e	0x73	0x68	0x61	0x6e
0xa171508:	0x67	0x65	0x6c	0x61	0x00	0x00	0x00	0x00
(gdb) x/36xb 0xa171500-210  0
0xa1714ec:	0xe0	0x8e	0xb3	0x09	0x85	0x00	0x00	0x00
0xa1714f4:	0x15	0xd9	0x65	0x08	0xee	0x21	0x0e	0x08
0xa1714fc:	0xb1	0x04	0x00	0x00	0x1a	0x04	0x62	0x4e
0xa171504:	0x73	0x68	0x61	0x6e	0x67	0x65	0x6c	0x61
0xa17150c:	0x00	0x00	0x00	0x00
(gdb) p *(object_t *)0x09b38ee0
$12 = {flags = 4608, ref = 2, total_light = 1, time_reset = 0, 
  time_of_ref = 943372134, load_time = 943334225, load_id = 0, extra_ref = 0, 
  prog = 0x865cc30, name = 0xc627ae4 "d/Kokosinsel/Knossos/Strasse/main3", 
  load_name = 0x869e5b2 "/d/Kokosinsel/Knossos/Strasse/main3", 
  next_all = 0xc7e753c, prev_all = 0xcb12358, next_hash = 0x9457298, 
  next_inv = 0x0, contains = 0x0, super = 0x0, sent = 0x0, user = 0x8b20998, 
  eff_user = 0x8b20998, extra_num_variables = 48, variables = 0x8e552cc, 
  ticks = 158380, gigaticks = 0}
(gdb) p *(  (char *)080e21ee
Invalid number "080e21ee".
(gdb) p (char *)080e21ee0080e21eex080e21ee
$13 = 0x80e21ee "interpret.c"
(gdb) p 0x4b1
$14 = 1201
(gdb) p (program        *(program_t) *)0x865cc30
$15 = {ref = 1548, total_size = 7140, extra_ref = 0, 
  program = 0x865cc80 "\206\034\b\a", name = 0x89d18bc "i/room.c", 
  id_number = 133, load_time = 943276671, 
  line_numbers = 0x865e58c "\021\nS\004E\006\004\004\005\002\t\f\t\f\006\0
17\n\b\016\r\017\r\017\r\017\r\025@\001\001\001\001\001\001\aA\f\006\006\006\n
\004\t\001\001\n\bnS\aEFF\006\006\r\013\013I\006\r\013\013B\001\a\t\001\n\t
\001\n\t\001\nL\r\004\013\n\n\t\001\t[\001C\004\006\037\005\n\f\t\be\020\0
01C#\005\n\f\t\b]\001M\001\n\r\023\023\023@\tE\n\013@\bMT\n\t\bN\t\004
\rG\bAG\b\b@\n]\e\013@\a\f\013\001\b\f\013\001\bL\006\f\013\023\a\016
\002\t"..., function_names = 0x865dcd0, functions = 0x865dde0, 
  strings = 0x865e01c, variable_names = 0x865e130, inherit = 0x865e2b0, 
  flags = 0, heart_beat = -1, argument_types = 0x865e31c, 
  type_start = 0x865e46c, swap_num = -1, num_function_names = 135, 
  num_functions = 143, num_strings = 69, num_variables = 48, num_inherited = 9}
(gdb) p 0x85
$16 = 133
(gdb) shellp 0x85*(program_t*)0x865cc30(gdb) p 0x4b1(char *)0x080e21ee80e21ee(gdb) p *(object_t *)0x09b38ee0(gdb) x/36xb 0xa171500-20  32(gdb) x/6xb 0xa171500-32(gdb) x/xb 0xa171500-32(gdb) x/4xb 0xa171500-32(gdb) x/48xb 0xa171500-32(gdb) x/48
0xa1714e0:	0xc3	0x02	0x5f	0x6e	0x61	0x6d	0x65	0x00
0xa1714e8:	0x0a	0x00	0x00	0x30	0xe0	0x8e	0xb3	0x09
0xa1714f0:	0x85	0x00	0x00	0x00	0x15	0xd9	0x65	0x08
0xa1714f8:	0xee	0x21	0x0e	0x08	0xb1	0x04	0x00	0x00
0xa171500:	0x1a	0x04	0x62	0x4e	0x73	0x68	0x61	0x6e
0xa171508:	0x67	0x65	0x6c	0x61	0x00	0x00	0x00	0x00
(gdb) p base_table
$18 = (char **) 0x837d3a4
(gdb) p base_table(gdb) x/48xb 0xa171500-32xb 0xa171500-32(gdb) x/4xb 0xa171500-32(gdb) x/9xb 0xa171500-32(gdb) x/96xb 0xa171500-32(gdb) x/96
0xa1714e0:	0xc3	0x02	0x5f	0x6e	0x61	0x6d	0x65	0x00
0xa1714e8:	0x0a	0x00	0x00	0x30	0xe0	0x8e	0xb3	0x09
0xa1714f0:	0x85	0x00	0x00	0x00	0x15	0xd9	0x65	0x08
0xa1714f8:	0xee	0x21	0x0e	0x08	0xb1	0x04	0x00	0x00
0xa171500:	0x1a	0x04	0x62	0x4e	0x73	0x68	0x61	0x6e
0xa171508:	0x67	0x65	0x6c	0x61	0x00	0x00	0x00	0x00
0xa171510:	0x0b	0x00	0x00	0x30	0xd8	0x8c	0x5f	0x0a
0xa171518:	0x85	0x00	0x00	0x00	0x46	0xcd	0x65	0x08
0xa171520:	0xee	0x21	0x0e	0x08	0xd0	0x1d	0x00	0x00
0xa171528:	0x5e	0x94	0x13	0x27	0x2f	0x6d	0x61	0x70
0xa171530:	0x2f	0x6d	0x2d	0x32	0x35	0x39	0x5f	0x32
0xa171538:	0x37	0x31	0x00	0x00	0x0a	0x00	0x00	0x30
(gdb) p *(object_t*)0x0a5f8cd8
$19 = {flags = 512, ref = 1, total_light = 1, time_reset = 0, 
  time_of_ref = 943371255, load_time = 943353344, load_id = 0, extra_ref = 0, 
  prog = 0x9e07054, name = 0xc5db8c4 "map/m-260_271", 
  load_name = 0xc11ae7a "/map/m-260_271", next_all = 0x9ab87b4, 
  prev_all = 0xbf0b728, next_hash = 0x0, next_inv = 0x0, contains = 0x0, 
  super = 0x0, sent = 0x0, user = 0x9fd7e14, eff_user = 0x9fd7e14, 
  extra_num_variables = 62, variables = 0xc96ec34, ticks = 6111, gigaticks = 0}
(gdb) p (char *)0x080e21ee
$20 = 0x80e21ee "interpret.c"
(gdb) p 0x1dd0
$21 = 7632
(gdb) p h
$22 = 4947
(gdb) p base_table[h] -1]
$23 = 0x8a763f2 "cost"
(gdb) p base_table[h-1]]2]
$24 = 0xc6a4162 "Ein Kauz schreit irgendwo in der Ferne."
(gdb) p base_table[h-2]]4]]3]
$25 = 0x847e616 "$Der(Zoghan)"
(gdb) p base_table[h-3]]]+]1]
$26 = 0xd416a26 "iss_rose"
(gdb) p base_table[h+1]]2]
$27 = 0x8f712b6 "spelunke"
(gdb) p base_table[h+2]]3]
$28 = 0x9ed5d7e "howards_parkbiene_1"
(gdb) p base_table[h+3]]]
$29 = 0xa17150a "la"
(gdb) p s
$30 = 0xab104ae "spritz_robbie"
(gdb) bt
#0  0x80c29ac in findstring (s=0xab104ae "spritz_robbie") at stralloc.c:266
#1  0x80c2add in free_string (str=0xab104ae "spritz_robbie") at stralloc.c:401
#2  0x809afd2 in free_prog (progp=0xbed8d3c, free_sub_strings=1)
    at object.c:519
#3  0x809abff in _free_object (ob=0x9b78b9c) at object.c:255
#4  0x806a28a in eval_instruction (first_instruction=0x8449feb "\030", 
    initial_sp=0x810f2cc) at interpret.c:5829
#5  0x8076cc1 in eval_instruction (first_instruction=0x8620f93 "\030", 
    initial_sp=0x810f27c) at interpret.c:10452
#6  0x808d1af in apply_low (fun=0x89b5556 "say_command", ob=0xdc5f594, 
    num_arg=1, b_ign_prot=0) at interpret.c:18847
#7  0x808d752 in sapply_int (fun=0x89b5556 "say_command", ob=0xdc5f594, 
    num_arg=1, b_find_static=0) at interpret.c:19061
#8  0x80dab53 in parse_command (
    buff=0xbfffef0c "'aber vorher mustt du die platte defragmentieren", 
    from_efun=0) at actions.c:809
#9  0x80dae5f in execute_command (
    str=0xbfffef0c "'aber vorher mustt du die platte defragmentieren", 
    ob=0xdc5f594) at actions.c:967
#10 0x809ef4a in backend () at backend.c:486
#11 0x806593c in main (argc=50, argv=0xbffffb48) at main.c:323
(gdb) up
#1  0x80c2add in free_string (str=0xab104ae "spritz_robbie") at stralloc.c:401
401	    s = findstring(str); /* moves it to head of table if found */
(gdb) up
#2  0x809afd2 in free_prog (progp=0xbed8d3c, free_sub_strings=1)
    at object.c:519
519	                free_string(name);
(gdb) p name
$31 = 0xab104ae "spritz_robbie"
(gdb) p base_table+h
$32 = (char **) 0x83820f0
(gdb) quit

~/orbit/3.2.7/ldmud-dev.104/src > gdb ../../../../magyra/bin/dri
ver-3.2.7.U07ia ~/orbit/3.2.7/ldmud-dev.104/src > gdb
ver-3.2.7.U07 ../../../dri   core.driver.991122-14\:17 
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...

warning: core file may not match specified executable file.
Core was generated by `bin/driver-3.2.7.U07 --define UNItopia --mudlib /UNItopia
/mudadm/magyra/lib --m'.
Program terminated with signal 11, Segmentation fault.
find_solib: Can't read pathname for load map: Input/output error

#0  0x80b3540 in findstring (s=0x80ded38 "!sage Ciao.") at stralloc.c:227
227	            if (*curr == *s && !strcmp(curr, s)) { /* found it */
(gdb) p curr
$1 = 0x3 "\n"
(gdb) p h
$2 = 18110
(gdb) p base_ba  table+h
$3 = (char **) 0x81b96b4
(gdb) x/16x cxb 0x81b96a8
0x81b96a8:	0x8e	0xab	0xab	0x08	0x12	0x97	0x1b	0x0c
0x81b96b0:	0xee	0xed	0x54	0x0b	0x86	0x4d	0x16	0x13
(gdb) p base_table[h]
$4 = 0x13164d86 "bankschalter"
(gdb) p base_table[h]-6
$5 = 0x13164d80 "\036\004+\016\006"
(gdb) p base_table[h]-6(gdb) p (base_table[h]-6(gdb) p (cbase_table[h]-6(gdb) p (chbase_table[h]-6(gdb) p (chabase_table[h]-6(gdb) p (charbase_table[h]-6(gdb) p (char base_table[h]-6*base_table[h]-6)base_table[h]-6(base_table[h]-6base_table[h]-6)
$6 = 0x13164d80 "\036\004+\016\006"
(gdb) p (char *)0x804d1613
$7 = 0x804d1613 <Address 0x804d1613 out of bounds>
(gdb) p (char *)0x804d1613(base_table[h]-6)(gdb) p *(char *)(base_table[h]-6)(gdb) p *(char **)(base_table[h]-6)(gdb) p *(char *
$8 = 0xe2b041e "\205\r\001"
(gdb) p (char *)0x13164d80
$9 = 0x13164d80 "\036\004+\016\006"
(gdb) p (char *)0x13164d80(gdb) p *(char *)0x13164d80(gdb) p *
$10 = 30 '\036'
(gdb) p *(char *)0x13164d80)0x13164d80)0x13164d80)0x13164d80)0x13164d80)0x13164d80)0x13164d80l)0x13164d80o)0x13164d80n)0x13164d80g)0x13164d80 )0x13164d80*)0x13164d80
$11 = 237700126
(gdb) p *(long *)0x13164d80*)0x13164d80*)0x13164d80*)0x13164d80*)0x13164d80*)0x13164d80(gdb) p *(c*)0x13164d80h*)0x13164d80a*)0x13164d80r*)0x13164d80 *)0x13164d80**)0x13164d80
$12 = 0xe2b041e "\205\r\001"
(gdb) p *(char **)0x13164d80(gdb) p *(long *)0x13164d80(gdb) p *(char *)0x13164d80(gdb) p (char *)0x13164d80(gdb) p *(char **)(base_table[h]-6)(gdb) p (char *)0x804d1613(base_table[h]-6)(gdb) p base_table[h]-6(gdb) x/16cxb 0x81b96a8(gdb) p base_table+h(gdb) x/16cxb 0x81b96a8         0x13164d80  78
0x13164d78:	0x00	0x01	0x00	0x00	0xab	0xd8	0x58	0xab
0x13164d80:	0x1e	0x04	0x2b	0x0e	0x06	0x00	0x62	0x61
(gdb) x/16cxb 0x13164d78          0x0e2b0414
0xe2b0414:	0x08	0x3c	0x09	0x71	0x03	0x00	0x00	0x00
0xe2b041c:	0xb4	0x78	0x85	0x0d	0x01	0x00	0x00	0x00
(gdb) x/16cxb 0x0e2b0414        0d8578b4  ac
0xd8578ac:	0xd2	0x03	0x00	0x00	0x6e	0x14	0x60	0xf4
0xd8578b4:	0x20	0x62	0x65	0x77	0x75	0x6e	0x64	0x65
(gdb) p (char *)9x  0x0d8578b4
$13 = 0xd8578b4 " bewundert die Baeume des Parks."
(gdb) p (char *)0x0d8578b4 3
$14 = 0xd8578b3 " bewundert die Baeume des Parks."
(gdb) p (char *)0x0d8578b3 2
$15 = 0xd8578b2 "` bewundert die Baeume des Parks."
(gdb) p (char *)0x0d8578b234(gdb) x/16cxb 0x0d8578ac  b0(gdb) x/6cxb 0x0d8578b0(gdb) x/96cxb 0x0d8578b0(gdb) x/9
0xd8578b0:	0x6e	0x14	0x60	0xf4	0x20	0x62	0x65	0x77
0xd8578b8:	0x75	0x6e	0x64	0x65	0x72	0x74	0x20	0x64
0xd8578c0:	0x69	0x65	0x20	0x42	0x61	0x65	0x75	0x6d
0xd8578c8:	0x65	0x20	0x64	0x65	0x73	0x20	0x50	0x61
0xd8578d0:	0x72	0x6b	0x73	0x2e	0x00	0x00	0x00	0x00
0xd8578d8:	0x10	0x00	0x00	0xf0	0x54	0x82	0x85	0x09
0xd8578e0:	0x04	0x00	0x00	0x00	0xe7	0x42	0x3a	0x08
0xd8578e8:	0x2b	0x14	0x0d	0x08	0x00	0x01	0x00	0x00
0xd8578f0:	0x6e	0x14	0x60	0xf4	0x0a	0x61	0x1d	0x0c
0xd8578f8:	0x01	0x00	0x55	0x6e	0x74	0x65	0x72	0x64
0xd857900:	0x65	0x73	0x73	0x65	0x6e	0x20	0x61	0x6d
0xd857908:	0x20	0x42	0x65	0x63	0x6b	0x65	0x6e	0x72
(gdb) x/96cxb 0x0d8578b0  90
0xd857890:	0x20	0x67	0x65	0x68	0x74	0x2e	0x0a	0x00
0xd857898:	0x10	0x00	0x00	0xf0	0x00	0xe2	0x13	0x0b
0xd8578a0:	0xe8	0xa1	0x11	0x00	0x91	0xb4	0x69	0x09
0xd8578a8:	0xdc	0xb1	0x0c	0x08	0xd2	0x03	0x00	0x00
0xd8578b0:	0x6e	0x14	0x60	0xf4	0x20	0x62	0x65	0x77
0xd8578b8:	0x75	0x6e	0x64	0x65	0x72	0x74	0x20	0x64
0xd8578c0:	0x69	0x65	0x20	0x42	0x61	0x65	0x75	0x6d
0xd8578c8:	0x65	0x20	0x64	0x65	0x73	0x20	0x50	0x61
0xd8578d0:	0x72	0x6b	0x73	0x2e	0x00	0x00	0x00	0x00
0xd8578d8:	0x10	0x00	0x00	0xf0	0x54	0x82	0x85	0x09
0xd8578e0:	0x04	0x00	0x00	0x00	0xe7	0x42	0x3a	0x08
0xd8578e8:	0x2b	0x14	0x0d	0x08	0x00	0x01	0x00	0x00
(gdb) quit

