Client crash when Joining GrangerHub [GPP] server (EXEC_BAD_ACCESS)

Question

Client crash when Joining GrangerHub [GPP] server (EXEC_BAD_ACCESS)

wtfbbqhax opened this issue 2 years ago · comments

Victor Roemer commented 2 years ago

Very scary execution path when connecting to GrangerHubs' [GPP] tremded(s).

Branch: HEAD:lightweight
Commit: 1e8edec

Reproduction

Goto Server Navigation, and Join to any "GrangerHub * [GPP]"

Result

The client crashes with EXEC_BAD_ACCESS in the vm->Call() while iterating over all 14 (or 15?).
When looking into this, I found this very interesting call stack as well

Debugger Screenshot:

Call Stack:

VMFactory::createVM(VMType, char const*, long (*)(long*)) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/vm.h:263)
CL_InitUI() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_ui.cpp:1156)
CL_StartHunkUsers(bool) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:3340)
Com_GameRestart(int, bool) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/common.cpp:2428)
FS_ConditionalRestart(int, bool) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/files.cpp:3828)
CL_OldGame() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:1301)
CL_Disconnect(bool) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:1428)
::Com_Error(int, const char *, ...) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/common.cpp:324)
CL_CgameSystemCalls(long*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_cgame.cpp:428)
VM_CallInterpreted(vm_t*, int*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/vm_interpreted.cpp:513)
BytecodeVM::Call(int, ...) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/vm.cpp:389)
CL_InitCGame() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_cgame.cpp:823)
CL_DownloadsComplete() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:1931)
CL_InitDownloads() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:2218)
CL_ParseGamestate(msg_t*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_parse.cpp:553)
CL_ParseServerMessage(msg_t*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_parse.cpp:941)
CL_PacketEvent(netadr_t, msg_t*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/client/cl_main.cpp:3994)
NET_Event(fd_set*) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/net_ip.cpp:1771)
NET_Sleep(int) (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/net_ip.cpp:1830)
Com_Frame() (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/qcommon/common.cpp:2987)
main (/Users/victor.roemer/co/wtfbbqhax/tremulous/src/sys/sys_main.cpp:731)
start (@start:110)

What I think should be happening

On server browser, we are running native UI DLL module.
After clicking Join:

Downloads server info
HTTP Download any missing Pk3's

Load UI.QVM from serverPaks

probingUI?
Another HTTP Download?

CGame QVM will be loaded

Com_Error

Victor Roemer · Answer 1 · Mon Aug 01 2022 06:55:09 GMT+0800 (China Standard Time)

I have found the issue already, but I want to document the loading behavior of the UI MODULE

Sequence diagram of a functional Join

After clicking Join

Then a HTTP Download starts.
and After Download completes

Loads UI QVM Module

After that, Loads CGAME QVM Module

Notes:

It is very awkward to me that these very important subsystems with nearly implementation are not done together in an obvious place