We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1648 - repeatable crash from ToME4, Linux, Intel integrated graphics

Summary: repeatable crash from ToME4, Linux, Intel integrated graphics

Status:	RESOLVED INVALID

Alias:	None

Product:	SDL
Classification:	Unclassified
Component:	don't know (show other bugs)
Version:	HG 2.0
Hardware:	x86 Linux

Importance:	P2 major
Assignee:	Ryan C. Gordon
QA Contact:	Sam Lantinga

URL:	http://forums.te4.org/viewtopic.php?f...
Keywords:

Depends on:
Blocks:

Reported:	2012-11-27 13:23 UTC by Greg Wooledge
Modified:	2012-11-27 20:37 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Greg Wooledge 2012-11-27 13:23:44 UTC

The game ToME4 (http://www.te4.org/) uses SDL2/HG and crashes repeatably on some computers, but not others.  The corresponding bug on the game's bug-tracking forum is http://forums.te4.org/viewtopic.php?f=42&t=35276 and contains some information which I'll also repeat here.

Debian 6.0, i386.  SDL version 6710:e650705e2c1d tip

The game also uses SDL_image and SDL_ttf.

The crash is accompanied by this text on the terminal window from which it was launched:
*** glibc detected *** ./t-engine: free(): invalid next size (fast): 0xa8ce9748 ***
(along with a stack trace)

Running the game under gdb, here's a slightly more useful trace at the time of the crash:

(gdb) where
#0  0xb7fe2424 in __kernel_vsyscall ()
#1  0xb7c01781 in raise () from /lib/i686/cmov/libc.so.6
#2  0xb7c04bb2 in abort () from /lib/i686/cmov/libc.so.6
#3  0xb7c37e75 in ?? () from /lib/i686/cmov/libc.so.6
#4  0xb7c41f71 in ?? () from /lib/i686/cmov/libc.so.6
#5  0xb7c437c8 in ?? () from /lib/i686/cmov/libc.so.6
#6  0xb7c468ad in free () from /lib/i686/cmov/libc.so.6
#7  0xb7a31dfd in XFree () from /usr/lib/libX11.so.6
#8  0xb7a31e4c in _XFreeEventCookies () from /usr/lib/libX11.so.6
#9  0xb7a2124d in XNextEvent () from /usr/lib/libX11.so.6
#10 0xb7f6f8f5 in XNextEvent (a=0x820bcb8, b=0xbffff888)
    at ../SDL/src/video/x11/SDL_x11sym.h:88
#11 0xb7f7e6fe in X11_DispatchEvent (_this=0x820b5e0)
    at ../SDL/src/video/x11/SDL_x11events.c:165
#12 X11_PumpEvents (_this=0x820b5e0)
    at ../SDL/src/video/x11/SDL_x11events.c:697
#13 0xb7efd2a4 in SDL_PumpEvents () at ../SDL/src/events/SDL_events.c:310
#14 0xb7efd7da in SDL_WaitEventTimeout (event=0xbffffa04, timeout=0)
    at ../SDL/src/events/SDL_events.c:343
#15 0xb7efd8b5 in SDL_PollEvent (event=0xbffffa04)
    at ../SDL/src/events/SDL_events.c:325
#16 0x08050e5d in main (argc=1, argv=0xbffffb14) at ../src/main.c:1083

The graphics hardware, from lspci -nn:
00:02.0 VGA compatible controller [0300]: Intel Corporation 4 Series Chipset Integrated Graphics Controller [8086:2e12] (rev 03)
00:02.1 Display controller [0380]: Intel Corporation 4 Series Chipset Integrated Graphics Controller [8086:2e13] (rev 03)

Unfortunately I do not have a simple test case that can reproduce the crash.  I only know how to do it by launching and playing the game.

Comment 1 Sam Lantinga 2012-11-27 20:37:29 UTC

Crashes in free() and malloc() tend to be memory corruption in your application.  Valgrind under Linux is a great way to find memory corruption problems.

Cheers!

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.