3.5.0 reproducible crash

**fizzix** · April 5, 2014, 16:53

Weird, I didn't get a crash on my clean 3.5 version (windows 7). What OS are you playing on?

**Saplaran** · April 5, 2014, 17:06

I'm using Windows 8.1...

**fizzix** · April 7, 2014, 16:03

Originally posted by Saplaran

I'm using Windows 8.1...

I'm not sure we have any Windows 8 testers... The absence of comments in this thread seems to support this...

How many squares do you have to move to get a crash? Just one, or more. What happens if you go the other direction first and then backtrack? What about casting a spell?

**Atanvarno** · April 7, 2014, 17:25

I can reproduce this on Win7, but it requires that the monster list subwindow is just the right width so that the accented i in Ibun's name is barely visible (or would become barely visible when taking two steps to the west if it weren't for the crash).

I've had a similar problem in the past:

3.5.0 crash, accented chars in subwindows - Angband Forums

http://angband.oook.cz/forum/showthread.php?t=6618

Angband gameplay, features, trick, bugs

**MattB** · April 7, 2014, 23:07

Originally posted by Atanvarno

I can reproduce this on Win7, but it requires that the monster list subwindow is just the right width so that the accented i in Ibun's name is barely visible (or would become barely visible when taking two steps to the west if it weren't for the crash).

I've had a similar problem in the past:
http://angband.oook.cz/forum/showthread.php?t=6618

That's just weird (to a non-coder), but an astonishing catch!
And as for win8, I just paid an extra £120 to get win7 for my new laptop...

**Dawnmist** · April 8, 2014, 02:12

Originally posted by Atanvarno

I can reproduce this on Win7, but it requires that the monster list subwindow is just the right width so that the accented i in Ibun's name is barely visible (or would become barely visible when taking two steps to the west if it weren't for the crash).

I've had a similar problem in the past:
http://angband.oook.cz/forum/showthread.php?t=6618

That would explain a consistent crash I was getting last December when identifying an artifact crown on the ground - I sent in the save file with the character standing on the unid'd crown, but while it was 100% consistent for me no-one else seemed to be able to reproduce it (was happening on win7). If I picked up the crown and id'd it, everything was fine (it would no longer have been in the objects subwindow then) - but identifying it before picking it up would crash. Can't remember which crown now, but I do remember it had an accent in the name because I was suspicious that the accent was part of why it was crashing.

**Bogatyr** · April 8, 2014, 11:09

Originally posted by MattB

That's just weird (to a non-coder), but an astonishing catch!
And as for win8, I just paid an extra £120 to get win7 for my new laptop...

Well worth it. windblow$ 8 is a disaster

**fizzix** · April 8, 2014, 13:37

Originally posted by Atanvarno

I can reproduce this on Win7, but it requires that the monster list subwindow is just the right width so that the accented i in Ibun's name is barely visible (or would become barely visible when taking two steps to the west if it weren't for the crash).

I've had a similar problem in the past:
http://angband.oook.cz/forum/showthread.php?t=6618

Very nice work

**PowerWyrm** · April 8, 2014, 14:01

Reproduced under Win7:
- move 2 squares left until Ibun gets in LOS
- reduce Term-1 width (monster list window) until the name becomes "[U] Ibun, Son of Mî (asleep) 2 S 6 W"
- game crashes

I compiled the source using my BC++5 environment and launched the exe in debug mode. Result is as follows: project angband.exe crashes with EAccessViolation at address 0051551B, reading address 11111119.

Here's the list of function calls at the moment of the crash:
- update_monlist_subwindow(EVENT_MONSTERLIST)
- monster_list_show_subwindow(16, 39)
- monster_list_format_textblock(list, textblock, 16, 39, ...)
- monster_list_format_section(list, textblock, MONSTER_LIST_SECTION_LOS, 1, 39, ...)
- textblock_append_c(tb, line_attr, "%-*s%s\n", full_width = 57, line_buffer = "[U] Ibun, Son of MÃ (asleep)", location = " 2 S 6 W") [line 419]
- textblock_vappend_c(tb, attr, fmt, vp)

At this point, a malloc-ed string temp_space is created from the va_args: temp_space = "[U] Ibun, Son of MÃ (asleep) 2 S 6 W\n".

Next call is Term_mbstowcs(NULL, temp_space, 0) to get the new length, but this call fails. The hook in Term_mbstowcs calls Term_mbstowcs_win from main-win.c: return (size_t)(MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, src, -1, NULL, 0) - 1);

Here the MultiByteToWideChar function fails (error code = 1113, ERROR_NO_UNICODE_TRANSLATION, "No mapping for the Unicode character exists in the target multi-byte code page") and returns 0. In this case, Term_mbstowcs returns -1, which is used as the new length. The following call tries to resize the textblock to an invalid size (-1 as a u32 value!) and fails with a crash...

Testing a little more in debug mode, it's easy to trace down the problem. Putting a breakpoint in update_monlist_subwindow, I was able to test the faulty code with term width = 40 then term width = 39. And here it is:

Code:

		/* Clip the monster name to fit, and append the sleep tag. */
		name_width = MIN(full_width - strlen(asleep), sizeof(line_buffer));
		get_mon_name(line_buffer, name_width + 1, list->entries[entry_index].race, list->entries[entry_index].count[section]);
		my_strcat(line_buffer, asleep, sizeof(line_buffer));

When term width = 40, everything works fine:
- name_width = 20
- line_buffer = "[U] Ibun, Son of MÃ®"

When term width = 39, the name is truncated!
- name_width = 19
- line_buffer = "[U] Ibun, Son of MÃ"

Then of course, the last character is not a valid unicode character anymore...

Fix: in get_mon_name(), ensure that the last character, if it's an unicode character, is not truncated.

**Timo Pietilä** · April 8, 2014, 14:05

Originally posted by Bogatyr

Well worth it. windblow$ 8 is a disaster

Vista v2. It seems that MS has a pattern that every other OS is disaster. Maybe Windows 9 will be OK again.

**Derakon** · April 8, 2014, 15:23

Originally posted by PowerWyrm

Then of course, the last character is not a valid unicode character anymore...

Fix: in get_mon_name(), ensure that the last character, if it's an unicode character, is not truncated.

Great detective work! Sounds like it should be a fairly straightforward fix. The "safer" thing to do might actually be to truncate past the unicode character as well, instead of not truncating it.

Also, there's probably a similar bug with item names and the item list.

**MattB** · April 8, 2014, 22:55

Originally posted by PowerWyrm

"[U] Ibun, Son of MÃ (asleep)

Well I can't pretend to have understood more than the odd word of your post, but at least we now know, at long last, who Ibun's poor mother was.
(And Matilde was asleep at the time! Bloody petty dwarves!)

3.5.0 reproducible crash

3.5.0 reproducible crash

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment