Map server crash

bWolfie

I'm the man
Messages
850
Points
0
Location
Alberta, Midgard
Github
bWolfie
Emulator
Hello,

Recently my map server crashed. Hoping somebody can help me from this gdb debug information.
First it said there was an overflow in script, at script_reg_destroy at if( p->value )

Then it crashed with this log on 'bt full'.

https://pastebin.com/q50NEiDD

 
you using any plugins or mods?

what commit you using for hercules? From stack look like it different or may be plugin intercept some vars changes?

crash because sd is malformed. In some other place look like was null pointer but server not crashed.

 
I'm using quite a few plugins. I've tried to disable them one by one but it is difficult to find what is the cause.

 
also if possible try build server with sanity flags enabled.

not sure how install missing packages on centos. and also need gcc 5 or newer.

 
also if possible try build server with sanity flags enabled.

not sure how install missing packages on centos. and also need gcc 5 or newer.
Thanks for your responses. I am unable to use the enable-sanitize=full option. It tells me 'configure: error: zlib library not found or incompatible...', despite the fact I have installed that dependency (version 1.2.7).

The crashes are referencing variables that aren't being used by any script (but were used in the past).
And I never made any edit to any src in pc or script other than adding some script command via plugin.

This part here, is where pc_setglobalreg(sd, num, val); occurs. Are there any immediate quickfix options like clearing my char_reg_num/str_db? Or that wouldn't make a difference?

Code:
name=0x7fffffffe0d0 "newbquest", value=0x1, ref=0x0) at script.c:3573
 
Last edited by a moderator:
this configure error mean some packages not installed. try install packages: libasan liblsan libubsan

from crash stack you have non latest hercules or modded hercules.

i already asked about commit. What hercules commit id you using? without it impossible to check what was wrong here.

this line said error on empty line and in other function, this mean stack totally wrong:

Code:
#5  0x00000000004580cf in chrif_parse (fd=14340) at chrif.c:1645
 
I wasn't able to enable sanitize after installing those packages. I cleared my char_reg_num_db and things have been okay for 36 hours now. I will post again if things become an issue.

 
I don't know what to do. Seems all sorts of things can cause a crash. Now pc_setregistry did it.

https://pastebin.com/Nc5e03gH

For reference, I am using src mods (Gepard Shield) and some plugins of my own (various edit).

The #BG_TIE variable is being called using

Code:
            pc_setglobalreg(sd, script->add_str("#BG_TIE"), pc_readglobalreg(sd, script->add_str("#BG_TIE")) +  1);
            pc_setglobalreg(sd, reference_uid(script->add_str("#BG_TIE"), month), pc_readglobalreg(sd, reference_uid(script->add_str("#BG_TIE"), month)) +  1);
#1: pc.c/9816

Code:
p = ers_alloc(pc->num_reg_ers, struct script_reg_num);

#2 script.c/3573
[code:c]
        case '\'':
            set_reg_instance_num(st, num, name, val);
            return 1;
        default:
            if (ref) {
                script->set_reg_pc_ref_num(st, ref, num, name, val);
            } else {
                pc_setglobalreg(sd, num, val); //<<<< Here
            }
            return 1;
[/code]

#3 intif,c/1349

Code:
script->set_reg(NULL,sd,reference_uid(script->add_str(key), index), key, (const void *)h64BPTRSIZE(ival), NULL);

#4 intif.c/2892

Code:
case 0x3804: intif->pRegisters(fd); break;

#5 chrif.c/1645

Code:
        if (cmd < 0x2af8 || cmd >= 0x2af8 + ARRAYLENGTH(chrif->packet_len_table) || chrif->packet_len_table[cmd-0x2af8] == 0) {
            int result = intif->parse(fd); // Passed on to the intif // <<<here

#6 socket.c/1418

Code:
sockt->session[i]->func_parse(i);
#7 core.c/557

Code:
sockt->perform(next);
 
issue in not this call stack

some where you had null pointer issue but server not crashed, and server used wrong sd pointer after this.

try remove plugins and gepard and try to crash server.

or use sanitize flags to see real issue.

 
I managed to --enable-sanitize=full by installing packages miniz and zopfli (not sure which one did it). Hopefully I will be able to debug this now.

Edit 1:Despite installing the same packages, I could only get sanitize to work on my production server for some reason, so makes testing hard. I assume this has something to do with any edits I made to pc.c am I correct? or could it be something doing pc->function?
 

Code:
=================================================================
==2032== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f23a8ea442c at pc 0x730c95 bp 0x7fffb665a940 sp 0x7fffb665a930
READ of size 4 at 0x7f23a8ea442c thread T0
    #0 0x730c94 (/home/user/Hercules/map-server+0x730c94)
    #1 0x823e0b (/home/user/Hercules/map-server+0x823e0b)
    #2 0x8cbb5a (/home/user/Hercules/map-server+0x8cbb5a)
    #3 0x8d25e2 (/home/user/Hercules/map-server+0x8d25e2)
    #4 0x715134 (/home/user/Hercules/map-server+0x715134)
    #5 0xa63330 (/home/user/Hercules/map-server+0xa63330)
    #6 0xa63458 (/home/user/Hercules/map-server+0xa63458)
    #7 0x7281a7 (/home/user/Hercules/map-server+0x7281a7)
    #8 0x729b78 (/home/user/Hercules/map-server+0x729b78)
    #9 0x6d1fea (/home/user/Hercules/map-server+0x6d1fea)
    #10 0x409ef1 (/home/user/Hercules/map-server+0x409ef1)
    #11 0x7f23b015b444 (/usr/lib64/libc-2.17.so+0x22444)
    #12 0x40a622 (/home/user/Hercules/map-server+0x40a622)
0x7f23a8ea442c is located 139791134507871 bytes to the right of global variable '<null>' (0x4d) of size 128
ASAN:SIGSEGV
==2032== AddressSanitizer: while reporting a bug found another one.Ignoring.
 
Last edited by a moderator:
gcc also should be atleast 5.0 version. 4.9 partially may works

 
Yep I updated to GCC 7.3 and can't enable it. It is working in one of my servers but I can't use it cause it's live.

The other servers I tried I just keep getting 

Code:
./configure --enable-sanitize=full
.
..
...
checking for library containing inflateEnd... no
configure: error: zlib library not found or incompatible... stopping
 
Yep I updated to GCC 7.3 and can't enable it. It is working in one of my servers but I can't use it cause it's live.

The other servers I tried I just keep getting 

Code:
./configure --enable-sanitize=full
.
..
...
checking for library containing inflateEnd... no
configure: error: zlib library not found or incompatible... stopping
Then install zlib1g-dev library since it clearly states it's missing

 
Then install zlib1g-dev library since it clearly states it's missing
Code:
yum list installed
....
zlib.x86_64                        1.2.7-17.el7                        installed
zlib-debuginfo.x86_64              1.2.7-17.el7                        @base-debuginfo
zlib-devel.x86_64                  1.2.7-17.el7                        @base
zopfli.x86_64                      1.0.1-1.el7                         @epel
I'm using CentOS 7 that package is not available. I have installed zlib-devel.

Edit: I am now trying debian and that flag has worked.

 
Last edited by a moderator:
@Myriad can you show config.log after failed configure run?

inside this file will be actual error why it cant find zlib. it can be wrong flags, missing files etc. can be anything.

 
this is console output. but need config.log file

 
look like compiled without debug info?

need debug info. configure flag --enable-debug

Or probably because you run with gdb at same time.

Anyway what is code at pc.c:9909?

look like error in this line

 
Last edited by a moderator:
Back
Top