Convey does an index overflow during init() that causes the game segfault at blankscreen() -> imageplot(bb) (main.c:68). The overflow corrupts blank-image address in main.c:117 (and in this point does not segfault, probably thanks to millions of global variables..). See part of GDB session: --------- Hardware watchpoint 1: bb Old value = (SDL_Surface *) 0x0 New value = (SDL_Surface *) 0x80acff0 loadimages () at main.c:300 300 bh = loadimage( "bh" ); (gdb) c Continuing. [New Thread 0xb7695b70 (LWP 14555)] Hardware watchpoint 1: bb Old value = (SDL_Surface *) 0x80acff0 New value = (SDL_Surface *) 0xa8 0x0804912d in init () at main.c:117 117 for ( i=2 ; i<8 ; i++ ) { blobx[i]=blobx[i-1]-16 ; bloby[i]=bloby[i-1]-8;} --------- The first watch-break is okay, value has been set to some memory address at previous line (main.c:299). Next... Well, there's problem. So, i checked what blobx and bloby are: global int blobx[7], bloby[7]; (defined main.c:54:116) which means overflow by one in both vars. I enlarged those arrays to 8 which resulted in a working game. (Then after blobx and bloby definitions there is blobp[7] too, which might have eaten the overflow in some system; that variable is never used nor is found anywhere a second time in the source... Could be removed, but left it there; enlarged.) I will post the (simple) fixing patch next...
Created attachment 240403 [details, diff] Too-small-array-fix. When applied, results in a working game without index overflow.
Created attachment 240405 [details, diff] Too-small-array-fix v2. There was another "too small array". This time in info() which made sprintf generate rather funky libc error dump, when score went over 999. Interesting thing was, that this happened only with -O2 but not with -O0 (but I wasn't aware of the real problem that time). That is quite understandable, though. Now this patch contains both previously mentioned fix and the score text buffer fix.
Looks like: imageplot(tiles[9],120,300); also does the wrong thing. Care to roll that into the patch and make sure the game still works?
Hi, (In reply to comment #3) > Looks like: > > imageplot(tiles[9],120,300); > > also does the wrong thing. Care to roll that into the patch and make sure the > game still works? > roger that, I'll look into that too, tomorrow, though. There was some random feature that didn't segfault the game after v2-fix and I didn't find out why; might be related. But I'll look that.
Created attachment 240621 [details, diff] Too-small-array-fix v3. This patch contains now both my findings and Mr. Bones.' point. I couldn't make the game crash with or without the last overflow fix, but found out the reason for the random feature I mentioned in previous comment. I renamed the patch filename a bit to a better one, so there can be other patches too (that are required; read below), in order. Anyways, here's all three; next I'll try to find a way to sanely fix the remaining feature. (Problem is in speed changing WHILE NOT in tile boundary, which results plotfloor() to go haywire as end_of_tile then does not ever occur.) So please wait still for another patch that I will post here. Both, this (01) and what I'm going to write are needed.
Created attachment 240663 [details, diff] Set new speed only on tile boundary. This patch fixes the random feature mentioned before: Speed is now set only on tile boundary, so tile painting doesn't "overflow" anymore (because painting position is determined from speed and is reset only on one certain point). Sure, triggering the problem here needs player to come "diagonally" to tile where speed increase is, but as far I did that many times ruining the game then. I probably wrote some excess lines of code (variable resets) here, but that is only to follow the original code. I'd say, now with these two patch-files the game is good.
in portage. thanks for the bug report and patch work.
