New crash offsets!
-
So as some may know, FWToW has finally entered closed beta and we’re now going through the fun job of discovering and fixing bugs… but these few have us entirely stumped.
As far as I know, the crashes always happen near 0x11c22 in EngBase.dll (I had 20, Sushi had 24). I’m fairly sure at this point that they are related to selecting a new target - most crashes happen shortly after if not during SetTarget calls, and all people were clicking on a ship (player or NPC) when it happened for them. Thing is, the crash is random; you can easily click on a ship 10 times without issue, then come back later to the same ship and crash. It does not appear to be related to a specific ship, though we might just be missing data there. This bug is entirely client-side; the server is rock solid.
I don’t know if anybody’s encountered this before, but I don’t recall any mention of it. Any tips guys? What could cause a crash on selecting NPCs, and only infrequently?
-
Update: after some work with Cannon, I’ve implemented minidumps in the client hook we’re using thanks to the code in FLHook 1.6.1 and I’ve nailed it down to a hook we’re doing around RenderScene.
I’ll see what I can dig up from there
-
All I can tell you is it does test for an invalid pointer, so I guess it’s another one using an already-destroyed object (but that’s strange, because it’s the jmp that’s failing, not the jump table). It’s called a lot, but there is one call from a ship, as part of beam_object from PhySys::Update. It seems to return an orientation matrix (possibly with a following vector).
-
Thanks adoxa, hopefully w0d can figure out what the client hook does that could cause this.
For the time being I’ve added a try/catch around the problematic block and, while FL seems to hate me for it, it eventually recovers and runs alright (at least, for the one time I managed to make it “crash”), despite crashing on exit. This is definitely not a permanent fix, but I guess it’s better than nothing.
-
Went to have another go, trying to see where it’s called after you select a target, but it’s called far too often, from too many places, to narrow down (since after I removed all the calls before selecting a target, it didn’t break at all). And to clarify: it wants a transform, not a matrix.
Here’s a more specific plugin. It will log to EXE\EngBase-011C22-bad.txt, giving a line like:
2011-05-27 16:12:22.312: [07EB1148] = EngBase.066295D0; caller = Freelancer.005a03cf ```The bit in brackets is okay (and largely meaningless, unfortunately), it's when it tries to read from what's there when it crashes. I expect a crash will look like:2011-05-27 16:12:22.312: [whatever] = CDCDCDCD; caller = wherever
-
i have already encoutner such a bug, solved by a clear and clean instal, then the bug did not reappear.
I have encounter this bug modifying the HUD (interface folder) with some new files, without making a clean install before.Don’t know if it can help you,
have a nice day^^
