PDA

View Full Version : showeq-5.13.10.0 crashing for me


pita
02-23-2010, 04:46 PM
I just came back from a week out of town, and downloaded the latest showeq-5.13.10.0.
Which won't run for me on Ubuntu 9.10, latest patches installed. It crashes right after the map loads, and skittles start to appear. Also, just as an FYI, I tried to revert back to the patched version of 5.13.9.x that I had functioning, though it was throwing some errors, and I seem to be getting the same issue.

Here is a back trace:



(gdb) bt
#0 0x00bc1422 in __kernel_vsyscall ()
#1 0x00bec4d1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0x00bef932 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x00c22ee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x00ca2ed8 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
#5 0x00ca1f10 in __chk_fail () from /lib/tls/i686/cmov/libc.so.6
#6 0x00ca1284 in __strcpy_chk () from /lib/tls/i686/cmov/libc.so.6
#7 0x08074891 in strcpy (this=0x8306ed0, data=0x87cafd3 "\002", len=73,
dir=2 '\002') at /usr/include/bits/string3.h:106
#8 SpawnShell::newGroundItem (this=0x8306ed0, data=0x87cafd3 "\002", len=73,
dir=2 '\002') at spawnshell.cpp:345
#9 0x08076f6a in SpawnShell::qt_invoke (this=0x8306ed0, _id=3, _o=0xbfffc760)
at spawnshell.moc:390
#10 0x0057835a in QObject::activate_signal(QConnectionList*, QUObject*) ()
from /usr/lib/libqt-mt.so.3
#11 0x0809275f in EQPacketDispatch::signal (this=0x84bcf68,
t0=0x87cafd3 "\002", t1=73, t2=2 '\002') at packetinfo.moc:99
#12 0x0808eeed in EQPacketStream::dispatchPacket (this=0x83b7a98,
data=0x87cafd3 "\002", len=73, opCode=23685, opcodeEntry=0x840c568)
at packetstream.cpp:435
#13 0x0808f6e2 in EQPacketStream::processPacket (this=0x83b7a98, packet=...,
isSubpacket=true) at packetstream.cpp:713
#14 0x0808f9c2 in EQPacketStream::processPacket (this=0x83b7a98, packet=...,
---Type <return> to continue, or q <return> to quit---
isSubpacket=true) at packetstream.cpp:801
#15 0x0808f7e0 in EQPacketStream::processPacket (this=0x83b7a98, packet=...,
isSubpacket=false) at packetstream.cpp:653
#16 0x08090258 in EQPacketStream::handlePacket (this=0x83b7a98, packet=...)
at packetstream.cpp:566
#17 0x0809868e in EQPacket::dispatchPacket (this=0x8370990, packet=...)
at packet.cpp:659
#18 0x080987e5 in EQPacket::dispatchPacket (this=0x8370990) at packet.cpp:583
#19 EQPacket::processPackets (this=0x8370990) at packet.cpp:400
#20 0x0809c338 in EQPacket::qt_invoke (this=0x8370990, _id=2, _o=0xbfffebe8)
at packet.moc:577
#21 0x0057835a in QObject::activate_signal(QConnectionList*, QUObject*) ()
from /usr/lib/libqt-mt.so.3
#22 0x0057a328 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3
#23 0x008d8f39 in QTimer::timeout() () from /usr/lib/libqt-mt.so.3
#24 0x0059c82e in QTimer::event(QEvent*) () from /usr/lib/libqt-mt.so.3
#25 0x005134b7 in QApplication::internalNotify(QObject*, QEvent*) ()
from /usr/lib/libqt-mt.so.3
#26 0x0051442b in QApplication::notify(QObject*, QEvent*) ()
from /usr/lib/libqt-mt.so.3
#27 0x00508f02 in QEventLoop::activateTimers() () from /usr/lib/libqt-mt.so.3
#28 0x004be0d6 in QEventLoop::processEvents(unsigned int) ()
from /usr/lib/libqt-mt.so.3
---Type <return> to continue, or q <return> to quit---
#29 0x0052c4b0 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3
#30 0x0052c356 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3
#31 0x00513b0f in QApplication::exec() () from /usr/lib/libqt-mt.so.3
#32 0x0806a358 in main (argc=1, argv=0xbffff874) at main.cpp:723
(gdb)
Anyone have any idea of what I can do to resolve this? Any help is appreciated.
ieatacid
02-23-2010, 05:01 PM
I forgot to account for ground items that might not be named. Try this:


Index: src/spawnshell.cpp

================================================== =================

--- src/spawnshell.cpp (revision 750)

+++ src/spawnshell.cpp (working copy)

@@ -336,13 +336,17 @@

makeDropStruct ds;

QString name;

union { uint32_t n; float f; } x;

+ memset(&ds, 0, sizeof(makeDropStruct));



// read drop id

ds.dropId = netStream.readUInt32NC();



// read name

name = netStream.readText();

- strcpy(ds.idFile, name.latin1());

+ if(name.length())

+ {

+ strcpy(ds.idFile, name.latin1());

+ }



// read past zone id

netStream.readUInt32NC();
pita
02-23-2010, 06:16 PM
The diff posted failed to apply, so I manually changed the code specified to the following:


makeDropStruct ds;
QString name;
union { uint32_t n; float f; } x;
memset(&ds, 0, sizeof(makeDropStruct));

// read drop id
ds.dropId = netStream.readUInt32NC();

// read name
name = netStream.readText();
if(name.length())
{
strcpy(ds.idFile, name.latin1());
}

// read past zone id
netStream.readUInt32NC();


Still experiencing the same error. I commented the "strcpy(ds.idFile, name.latin1());" line out and recompiled, and it no longer crashes.
lostsoul
02-23-2010, 07:07 PM
heres my crash info just incase it helps

*** buffer overflow detected ***: showeq terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f7b322052c7]
/lib/libc.so.6[0x7f7b32203170]
showeq[0x435ae7]
showeq[0x43788a]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectio nListP8QUObject+0x13f)[0x7f7b33602e3f]
showeq[0x451f48]
showeq[0x44f308]
showeq[0x44fcf3]
showeq[0x44fbc2]
showeq[0x4505fa]
showeq[0x4587d9]
showeq[0x4588fb]
showeq[0x45c338]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectio nListP8QUObject+0x13f)[0x7f7b33602e3f]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEi+0x92)[0x7f7b33605162]
/usr/lib/libqt-mt.so.3(_ZN6QTimer5eventEP6QEvent+0x25)[0x7f7b336232a5]
/usr/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjec tP6QEvent+0xd5)[0x7f7b335a54a5]
/usr/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent +0x5a)[0x7f7b335a627a]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop14activateTimersEv+0x283)[0x7f7b3359bbe3]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0xb56)[0x7f7b33555f96]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x31)[0x7f7b335bbec1]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x22)[0x7f7b335bbd82]
showeq[0x42abf1]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f7b321245a6]
showeq[0x427d29]
======= Memory map: ========
00400000-00649000 r-xp 00000000 08:01 7577885 /usr/local/bin/showeq
00849000-0084a000 r--p 00249000 08:01 7577885 /usr/local/bin/showeq
0084a000-0084e000 rw-p 0024a000 08:01 7577885 /usr/local/bin/showeq
0084e000-0084f000 rw-p 0084e000 00:00 0
01803000-01d00000 rw-p 01803000 00:00 0 [heap]
7f7b28000000-7f7b28167000 rw-p 7f7b28000000 00:00 0
7f7b28167000-7f7b2c000000 ---p 7f7b28167000 00:00 0
7f7b2d687000-7f7b2d695000 r-xp 00000000 08:01 8159261 /usr/lib/qt3/plugins/inputmethods/libqxim.so
7f7b2d695000-7f7b2d895000 ---p 0000e000 08:01 8159261 /usr/lib/qt3/plugins/inputmethods/libqxim.so
7f7b2d895000-7f7b2d896000 rw-p 0000e000 08:01 8159261 /usr/lib/qt3/plugins/inputmethods/libqxim.so
7f7b2d896000-7f7b2d8bc000 r-xp 00000000 08:01 8159259 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
7f7b2d8bc000-7f7b2dabc000 ---p 00026000 08:01 8159259 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
7f7b2dabc000-7f7b2dabd000 rw-p 00026000 08:01 8159259 /usr/lib/qt3/plugins/inputmethods/libqsimple.so
7f7b2dabd000-7f7b2dac2000 r-xp 00000000 08:01 8159257 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
7f7b2dac2000-7f7b2dcc1000 ---p 00005000 08:01 8159257 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
7f7b2dcc1000-7f7b2dcc2000 rw-p 00004000 08:01 8159257 /usr/lib/qt3/plugins/inputmethods/libqimsw-none.so
7f7b2dcc2000-7f7b2dcce000 r-xp 00000000 08:01 8159255 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
7f7b2dcce000-7f7b2dece000 ---p 0000c000 08:01 8159255 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
7f7b2dece000-7f7b2decf000 rw-p 0000c000 08:01 8159255 /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
7f7b2decf000-7f7b2df67000 r--p 00000000 08:01 7626856 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f7b2df67000-7f7b2df68000 ---p 7f7b2df67000 00:00 0
7f7b2df68000-7f7b2e768000 rw-p 7f7b2df68000 00:00 0
7f7b2e768000-7f7b2eb60000 rw-s 00000000 00:04 3288669 socket:[3288669]
7f7b2eb60000-7f7b2eb8b000 r-xp 00000000 08:01 8545107 /usr/lib/libkdefx.so.4.2.0
7f7b2eb8b000-7f7b2ed8b000 ---p 0002b000 08:01 8545107 /usr/lib/libkdefx.so.4.2.0
7f7b2ed8b000-7f7b2ed8c000 r--p 0002b000 08:01 8545107 /usr/lib/libkdefx.so.4.2.0
7f7b2ed8c000-7f7b2ed8d000 rw-p 0002c000 08:01 8545107 /usr/lib/libkdefx.so.4.2.0
7f7b2ed8d000-7f7b2edab000 r-xp 00000000 08:01 8170247 /usr/lib/kde3/plugins/styles/plastik.so
7f7b2edab000-7f7b2efab000 ---p 0001e000 08:01 8170247 /usr/lib/kde3/plugins/styles/plastik.so
7f7b2efab000-7f7b2efac000 r--p 0001e000 08:01 8170247 /usr/lib/kde3/plugins/styles/plastik.so
7f7b2efac000-7f7b2efad000 rw-p 0001f000 08:01 8170247 /usr/lib/kde3/plugins/styles/plastik.so
7f7b2efad000-7f7b2efb2000 r-xp 00000000 08:01 7472345 /usr/lib/libXdmcp.so.6.0.0
7f7b2efb2000-7f7b2f1b1000 ---p 00005000 08:01 7472345 /usr/lib/libXdmcp.so.6.0.0
7f7b2f1b1000-7f7b2f1b2000 rw-p 00004000 08:01 7472345 /usr/lib/libXdmcp.so.6.0.0
7f7b2f1b2000-7f7b2f1b5000 r-xp 00000000 08:01 8855659 /lib/libuuid.so.1.2
7f7b2f1b5000-7f7b2f3b5000 ---p 00003000 08:01 8855659 /lib/libuuid.so.1.2
7f7b2f3b5000-7f7b2f3b6000 r--p 00003000 08:01 8855659 /lib/libuuid.so.1.2
7f7b2f3b6000-7f7b2f3b7000 rw-p 00004000 08:01 8855659 /lib/libuuid.so.1.2
7f7b2f3b7000-7f7b2f3d2000 r-xp 00000000 08:01 8544395 /usr/lib/libxcb.so.1.1.0
7f7b2f3d2000-7f7b2f5d1000 ---p 0001b000 08:01 8544395 /usr/lib/libxcb.so.1.1.0
7f7b2f5d1000-7f7b2f5d2000 r--p 0001a000 08:01 8544395 /usr/lib/libxcb.so.1.1.0
7f7b2f5d2000-7f7b2f5d3000 rw-p 0001b000 08:01 8544395 /usr/lib/libxcb.so.1.1.0
7f7b2f5d3000-7f7b2f5d5000 r-xp 00000000 08:01 8544373 /usr/lib/libXau.so.6.0.0
7f7b2f5d5000-7f7b2f7d4000 ---p 00002000 08:01 8544373 /usr/lib/libXau.so.6.0.0
7f7b2f7d4000-7f7b2f7d5000 r--p 00001000 08:01 8544373 /usr/lib/libXau.so.6.0.0
7f7b2f7d5000-7f7b2f7d6000 rw-p 00002000 08:01 8544373 /usr/lib/libXau.so.6.0.0
7f7b2f7d6000-7f7b2f7db000 r-xp 00000000 08:01 7472726 /usr/lib/libXfixes.so.3.1.0
7f7b2f7db000-7f7b2f9da000 ---p 00005000 08:01 7472726 /usr/lib/libXfixes.so.3.1.0
7f7b2f9da000-7f7b2f9db000 rw-p 00004000 08:01 7472726 /usr/lib/libXfixes.so.3.1.0
7f7b2f9db000-7f7b2fa02000 r-xp 00000000 08:01 7471288 /usr/lib/libexpat.so.1.5.2
7f7b2fa02000-7f7b2fc02000 ---p 00027000 08:01 7471288 /usr/lib/libexpat.so.1.5.2
7f7b2fc02000-7f7b2fc04000 r--p 00027000 08:01 7471288 /usr/lib/libexpat.so.1.5.2
7f7b2fc04000-7f7b2fc05000 rw-p 00029000 08:01 7471288 /usr/lib/libexpat.so.1.5.2
7f7b2fc05000-7f7b2fc07000 r-xp 00000000 08:01 8855802 /lib/libdl-2.9.so
7f7b2fc07000-7f7b2fe07000 ---p 00002000 08:01 8855802 /lib/libdl-2.9.so
7f7b2fe07000-7f7b2fe08000 r--p 00002000 08:01 8855802 /lib/libdl-2.9.so
7f7b2fe08000-7f7b2fe09000 rw-p 00003000 08:01 8855802 /lib/libdl-2.9.so
7f7b2fe09000-7f7b2fe20000 r-xp 00000000 08:01 7472673 /usr/lib/libICE.so.6.3.0
7f7b2fe20000-7f7b3001f000 ---p 00017000 08:01 7472673 /usr/lib/libICE.so.6.3.0
7f7b3001f000-7f7b30021000 rw-p 00016000 08:01 7472673 /usr/lib/libICE.so.6.3.0
7f7b30021000-7f7b30024000 rw-p 7f7b30021000 00:00 0
7f7b30024000-7f7b3002c000 r-xp 00000000 08:01 8544445 /usr/lib/libSM.so.6.0.0
7f7b3002c000-7f7b3022b000 ---p 00008000 08:01 8544445 /usr/lib/libSM.so.6.0.0
7f7b3022b000-7f7b3022c000 r--p 00007000 08:01 8544445 /usr/lib/libSM.so.6.0.0
7f7b3022c000-7f7b3022d000 rw-p 00008000 08:01 8544445 /usr/lib/libSM.so.6.0.0
7f7b3022d000-7f7b3032f000 r-xp 00000000 08:01 7471138 /usr/lib/libX11.so.6.2.0
7f7b3032f000-7f7b3052f000 ---p 00102000 08:01 7471138 /usr/lib/libX11.so.6.2.0
7f7b3052f000-7f7b30530000 r--p 00102000 08:01 7471138 /usr/lib/libX11.so.6.2.0
7f7b30530000-7f7b30534000 rw-p 00103000 08:01 7471138 /usr/lib/libX11.so.6.2.0
7f7b30534000-7f7b30545000 r-xp 00000000 08:01 8544359 /usr/lib/libXext.so.6.4.0
7f7b30545000-7f7b30744000 ---p 00011000 08:01 8544359 /usr/lib/libXext.so.6.4.0
7f7b30744000-7f7b30745000 r--p 00010000 08:01 8544359 /usr/lib/libXext.so.6.4.0
7f7b30745000-7f7b30746000 rw-Aborted
d@d-desktop:~$
pita
02-25-2010, 07:56 PM
I stuck a puts(name) in front of the strcpy(ds.idFile, name.latin1()); and it was outputting a 16character string, similar to IT10805_ACTORDEF.
I made the assumption that there was some extra space needed in the idfile part of the struct.

Resolved this by changing makeDropStruct in everquest.h

from:


/*0056*/ char idFile[16]; // ACTOR ID
/*0072*/ uint32_t unknown0072[5]; // ***Placeholder

to:


/*0056*/ char idFile[18]; // ACTOR ID
/*0075*/ uint32_t unknown0072[3]; // ***Placeholder
ieatacid
02-25-2010, 09:43 PM
Thanks.

I looked back in the client and it appears to be reading 30 bytes of data for that string.