30 Jan, 2012, arholly wrote in the 1st comment:
Votes: 0
Hello:
I was converting my sprintf to snprint's and seem to have hit a snag. I'm now segfaulting. I guess I found an error. However, I'm not super good with GDB yet, but this is where I am at so far:
@brandonsplace.net [~/ptmud/src]# ./startup &
[1] 22266
@brandonsplace.net [~/ptmud/src]# Segmentation fault
ps ux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
m243bra 9453 0.0 0.0 2692 1348 pts/25 Ss 13:06 0:00 -bash
m243bra 22266 0.2 0.0 3056 1324 pts/25 S 14:21 0:00 /bin/csh ./startup
m243bra 22290 0.0 0.0 1752 376 pts/25 S 14:21 0:00 sleep 15
m243bra 22494 0.0 0.0 2276 820 pts/25 R+ 14:21 0:00 ps ux
m243bra 29757 0.0 0.0 5396 1056 ? S 13:30 0:00 pure-ftpd (IDLE)
@brandonsplace.net [~/ptmud/src]# gdb project 22266
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-37.el5_7.1)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...;
Reading symbols from /home/m243bra/ptmud/src/project…done.
Attaching to program: /home/m243bra/ptmud/src/project, process 22266
Reading symbols from /lib/ld-linux.so.2…(no debugging symbols found)…done.
Loaded symbols for /lib/ld-linux.so.2
0x0097b7f2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0 0x0097b7f2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x009c332c in ?? ()
#2 0x00000101 in ?? ()
#3 0x089559f8 in ?? ()
#4 0xbfb50fb0 in ?? ()
#5 0xbfb510c8 in ?? ()
#6 0x08066cbd in do_step (ch=0x89559f8, argument=0xbfb50fb0 "\002") at act_move.c:4087
Backtrace stopped: frame did not save the PC
(gdb) list
339 bool parse_gen_mental args( (CHAR_DATA *ch,char *argument) );
340
341 bool parse_gen_talents args( (CHAR_DATA *ch,char *argument) );
342 bool parse_gen_skills args( (CHAR_DATA *ch,char *argument) );
343 bool parse_gen_knowledges args( (CHAR_DATA *ch,char *argument) );
344
345 bool parse_gen_virtues args( (CHAR_DATA *ch,char *argument) );
346
347 int main( int argc, char **argv )
348 {
(gdb)

What should I do next?
30 Jan, 2012, arholly wrote in the 2nd comment:
Votes: 0
So, I did take a look at frame 6, and this is what it says:
#6  0x08066cbd in do_step (ch=0x891e9f8, argument=0xbf8db960 "\002") at act_move.c:4087
Backtrace stopped: frame did not save the PC
(gdb) frame 6
#6 0x08066cbd in do_step (ch=0x891e9f8, argument=0xbf8db960 "\002") at act_move.c:4087
4087 if((org = org_lookup(argument)) == NULL
(gdb) info local
i = -1081231008
count = <value optimized out>
buf = '\000' <repeats 316 times>, "../area", '\000' <repeats 2213 times>"\266, ;\246", '\000' <repeats 37 times>"\240, \234\v\b\020
\000\000\000\350\000\000\000h\263\215\277. \b\b\020\000\000\000\240\234\v\b\000\000\000\000\000\000\000\000t\000\000\000t
\000\000\000x\263\215\277t\000\000\000t\000\000\000\350\000\000\000\210\263\215\277\070G\006\bt\000\000\000t\000\000
\000\250\263\215\277\242H\006\bt\000\000\000\000\000\000\000\220\326\374\267\022\000\000\000\000\000\000\000+\321
\b\bh\264\215\277\325l\b\bt", '\000' <repeats 27 times>"\200, G\006\b\000\000\000\000\356\377\377\377", '\000' <repeats 12
times>, "s\000\000\000\000\000\000 \000\000\000\000\000\000\000\000\266;\246", '\000' <repeats 25 times>"\355, \377\377
\377\000\000\000\000\000\000\000\000\240\234\v\b\020\000\000\000\024\000\000\000H\264\215\277. "…
rch = <value optimized out>
location = 0x0
org = <value optimized out>
(gdb) list
4082 return;
4083 }
4084
4085 if((i = flag_value(rp_area_table, argument)) == NO_FLAG)
4086 {
4087 if((org = org_lookup(argument)) == NULL
4088 || !get_room_index(i = org->step_point))
4089 {
4090 if(!str_prefix(argument, "home")
4091 && (ch->home == 0 || !get_room_index(i = ch->rooms[0]->vnum)))
(gdb)
30 Jan, 2012, arholly wrote in the 3rd comment:
Votes: 0
And this is the whole function for do_step:
do_step(CHAR_DATA *ch, char *argument)
{
int i;
int count = 0;
char buf[MAX_STRING_LENGTH];
CHAR_DATA *rch;
ROOM_INDEX_DATA *location;
ORG_DATA *org;

/*
* Added org stepping. Dsarky.
* Added home stepping. Dsarky.
*/

/* Added a better way of displaying the steps by adding the count feature
* so that it would display much like the abilities and powers do. Also
* looks a hell of a lot better. Rayal.
*/
if(argument[0] == '\0')
{
send_to_char("\tGAvailable locations are\tn:\n\r", ch);
for(i=0;rp_area_table[i].name != NULL;i++)
{
if(rp_area_table[i].settable == TRUE) {
snprintf(buf, MSL, "\t<send href='step %s'>%-20s\t</send> |", rp_area_table[i].name, rp_area_table[i].name);
send_to_char(buf, ch);
count++;if(!(count%3)) send_to_char("\n\r", ch);
}
}
for(org = org_list; org; org = org->next)
{
if(mem_lookup(org, ch->name))
{
snprintf(buf, MSL, "\t<send href='step %s'>%-20s\t</send> |", org->name, org->name);
send_to_char(buf, ch);
count++;if(!(count%3)) send_to_char("\n\r", ch);
}
}
if(ch->home > 0)
{
snprintf(buf, MSL, "\t<send href='step %s'>%-20s\t</send> |", "home", "home");
send_to_char(buf, ch);
count++;if(!(count%3)) send_to_char("\n\r", ch);
}
send_to_char("\n\r", ch);
return;
}

if(ch->in_room->vnum == ROOM_VNUM_GAOL)
{
send_to_char("The jail attendant laughs at your request for a taxi.\n\r", ch);
return;
}

if((i = flag_value(rp_area_table, argument)) == NO_FLAG)
{
if((org = org_lookup(argument)) == NULL || !get_room_index(i = org->step_point))
{
if(!str_prefix(argument, "home") && (ch->home == 0 || !get_room_index(i = ch->rooms[0]->vnum)))
{
send_to_char("No such step point available.\n\r", ch);
return;
}
}
}

if(i != flag_value(rp_area_table, "school") && ch->dollars + (ch->cents / 100) < 5 && !IS_ADMIN(ch))
{
send_to_char("You don't have $5 to pay for the taxi!\n\r", ch);
return;
}

if((location = get_room_index(i)) == NULL)
{
send_to_char("\tOThere seems to have been a mistake.\tn\n\r", ch);
send_to_char("\tOPlease report that target location as being unavailable.\tn\n\r", ch);
snprintf(buf, MSL, "\tOIssue with Room Vnum: %d\tn", i);
send_to_char(buf, ch);
return;
}

for (rch = ch->in_room->people; rch != NULL; rch = rch->next_in_room)
{
if (get_trust(rch) >= ch->invis_level)
{
if (ch->pcdata != NULL && ch->pcdata->bamfout[0] != '\0')
act("$t",ch,ch->pcdata->bamfout,rch,TO_VICT,0);
else
act("$n leaves, catching a taxi to another area.",ch, NULL,rch,TO_VICT,0);
}
}

char_from_room( ch );
char_to_room( ch, location );

for (rch = ch->in_room->people; rch != NULL; rch = rch->next_in_room)
{
if (get_trust(rch) >= ch->invis_level)
{
if (ch->pcdata != NULL && ch->pcdata->bamfin[0] != '\0')
act("$t",ch,ch->pcdata->bamfin,rch,TO_VICT,0);
else
act("$n has arrived.",ch,NULL,rch,TO_VICT,0);
}
}

do_function( ch, &do_look, "auto" );
if(!IS_ADMIN(ch) && i != flag_value(rp_area_table, "school"))
{
if(ch->dollars >= 5)
ch->dollars -= 5;
else {
ch->cents -= (5 - ch->dollars) * 100;
ch->dollars = 0;
}
send_to_char("You pay the taxi driver the $5 you owe him for the trip.\n\r", ch);
}
}
30 Jan, 2012, roh-bane wrote in the 4th comment:
Votes: 0
The char* argument being passed looks like junk data, check the caller and see what it's passing.
30 Jan, 2012, arholly wrote in the 5th comment:
Votes: 0
Which means what exactly? I'm not sure how to do what you are asking. And this was "fine" until I start putting in snprintf's, so I'm assuming it has something to do with that…
30 Jan, 2012, David Haley wrote in the 6th comment:
Votes: 0
buf doesn't contain junk; it starts with \0.

Something has screwed up your stack, though. You should have a backtrace that goes back to the beginning of the program. Is the thread about valgrind your thread too? That's where I'd start to debug something like this…
30 Jan, 2012, arholly wrote in the 7th comment:
Votes: 0
Yes, the thread about valgrind is mine too. The problem is I'm not sure where to start debugging. I thought this might be something different, but obviously not…
30 Jan, 2012, David Haley wrote in the 8th comment:
Votes: 0
As soon as your stack gets corrupted, all bets are off and your program is essentially a time bomb.
30 Jan, 2012, arholly wrote in the 9th comment:
Votes: 0
What does that mean, your stack get's corrupted?
31 Jan, 2012, Rarva.Riendf wrote in the 10th comment:
Votes: 0
Exactly what I explainer to you in the Valgrind thread
Look for an explanation on buffer overflow: your data has been overwrited at some point.



method 1 set variable x to aaaaa

method 2 set variable y to bbbbb variable x becomes bbaaa (because y in memory was supposed to be only 3 chars, just before x, but you wrote 5 chars instead of 3)

all hell break lose. (yeah I ignored the \0 )
31 Jan, 2012, roh-bane wrote in the 11th comment:
Votes: 0
David Haley said:
buf doesn't contain junk; it starts with \0.

Something has screwed up your stack, though. You should have a backtrace that goes back to the beginning of the program. Is the thread about valgrind your thread too? That's where I'd start to debug something like this…


I never said buf, I said argument.

#6 0x08066cbd in do_step (ch=0x891e9f8, argument=0xbf8db960 "\002")

And Argument contains "\002" which in my experience is junk.

However looking again, I do agree with you about the backtrace and that something has likely screwed up the stack.
31 Jan, 2012, roh-bane wrote in the 12th comment:
Votes: 0
arholly said:
Which means what exactly? I'm not sure how to do what you are asking. And this was "fine" until I start putting in snprintf's, so I'm assuming it has something to do with that…


Check your use of snprintfs and see if you're n is > the size of the string you're writing to.

Something like
char blah[80];
snprintf(blah, 85, "<85+ chars worth of stuff>");

would cause bad things, and not always immediately; it could do wonderful things to corrupt your stack and blow up in an unrelated function.
0.0/12