Skip to content

Mountain Trials level is unplayable #725

New issue
New issue
Open
Open
Mountain Trials level is unplayable#725
Labels
BugLevels
@ckeyboard

Description

@ckeyboard
ckeyboard
opened on Jun 18, 2025

I'm currently running TSC 2.2.0-dev in Ubuntu and encountered a number of game crashing bugs that makes Mountain Trials unplayable. The first issue, dying in Mountain Trials causes the whole game to crash with the following message:

Unloaded level: /opt/tsc/share/tsc/levels/mountain_trials.tsclvl

==10274==ERROR: AddressSanitizer: heap-use-after-free on address 0x5110001ca180 at pc 0x555555f14efc bp 0x7fffffff91f0 sp 0x7fffffff91e0
READ of size 1 at 0x5110001ca180 thread T0
#0 0x555555f14efb in TSC::cGL_Surface::~cGL_Surface() /home/user/TSC/tsc/src/video/gl_surface.cpp:72
#1 0x555555d894e5 in TSC::cSprite::~cSprite() /home/user/TSC/tsc/src/objects/sprite.cpp:350
#2 0x555555d895b7 in TSC::cSprite::~cSprite() /home/user/TSC/tsc/src/objects/sprite.cpp:353
#3 0x555555aaa544 in TSC::cObject_ManagerTSC::cSprite::Delete_All() /home/user/TSC/tsc/src/overworld/../overworld/../core/../core/obj_manager.hpp:80
#4 0x555555aa5464 in TSC::cSprite_Manager::Delete_All(bool) /home/user/TSC/tsc/src/core/sprite_manager.cpp:248
#5 0x555555c16352 in TSC::cLevel::Unload(bool) /home/user/TSC/tsc/src/level/level.cpp:292
#6 0x555555c79193 in TSC::cLevel_Manager::Unload() /home/user/TSC/tsc/src/level/level_manager.cpp:97
#7 0x555555a6e727 in TSC::Handle_Generic_Game_Events(CEGUI::XMLAttributes const&) /home/user/TSC/tsc/src/core/game_core.cpp:175
#8 0x555555a6d92b in TSC::Handle_Game_Events() /home/user/TSC/tsc/src/core/game_core.cpp:159
#9 0x555555a9218c in TSC::Update_Game() /home/user/TSC/tsc/src/core/main.cpp:591
#10 0x555555a8e486 in main /home/user/TSC/tsc/src/core/main.cpp:202
#11 0x7ffff6c2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#12 0x7ffff6c2a28a in __libc_start_main_impl ../csu/libc-start.c:360
#13 0x5555559d3f74 in _start (/opt/tsc/bin/tsc+0x47ff74) (BuildId: e1b480925b201108bf43d69d98e417b1471fb8ce)

0x5110001ca180 is located 128 bytes inside of 216-byte region [0x5110001ca100,0x5110001ca1d8)
freed by thread T0 here:
#0 0x7ffff78ff0a8 in operator delete(void*) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:152
#1 0x555555d894ed in TSC::cSprite::~cSprite() /home/user/TSC/tsc/src/objects/sprite.cpp:350
#2 0x555555d895b7 in TSC::cSprite::~cSprite() /home/user/TSC/tsc/src/objects/sprite.cpp:353
#3 0x555555aaa544 in TSC::cObject_ManagerTSC::cSprite::Delete_All() /home/user/TSC/tsc/src/overworld/../overworld/../core/../core/obj_manager.hpp:80
#4 0x555555aa5464 in TSC::cSprite_Manager::Delete_All(bool) /home/user/TSC/tsc/src/core/sprite_manager.cpp:248
#5 0x555555c16352 in TSC::cLevel::Unload(bool) /home/user/TSC/tsc/src/level/level.cpp:292
#6 0x555555c79193 in TSC::cLevel_Manager::Unload() /home/user/TSC/tsc/src/level/level_manager.cpp:97
#7 0x555555a6e727 in TSC::Handle_Generic_Game_Events(CEGUI::XMLAttributes const&) /home/user/TSC/tsc/src/core/game_core.cpp:175
#8 0x555555a6d92b in TSC::Handle_Game_Events() /home/user/TSC/tsc/src/core/game_core.cpp:159
#9 0x555555a9218c in TSC::Update_Game() /home/user/TSC/tsc/src/core/main.cpp:591
#10 0x555555a8e486 in main /home/user/TSC/tsc/src/core/main.cpp:202
#11 0x7ffff6c2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#12 0x7ffff6c2a28a in __libc_start_main_impl ../csu/libc-start.c:360
#13 0x5555559d3f74 in _start (/opt/tsc/bin/tsc+0x47ff74) (BuildId: e1b480925b201108bf43d69d98e417b1471fb8ce)

previously allocated by thread T0 here:
#0 0x7ffff78fe548 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x555555f5c454 in TSC::cVideo::Create_Texture(sf::Image*, bool, unsigned int, unsigned int) const /home/user/TSC/tsc/src/video/video.cpp:1069
#2 0x555555f5b781 in TSC::cVideo::Load_GL_Surface(boost::filesystem::path, bool, bool) /home/user/TSC/tsc/src/video/video.cpp:930
#3 0x555555f596cf in TSC::cVideo::Get_Surface(boost::filesystem::path, bool) /home/user/TSC/tsc/src/video/video.cpp:812
#4 0x555555c51c80 in TSC::cLevelLoader::Create_Sprites_From_XML_Tag(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, TSC::XmlAttributes&, int, TSC::cSprite_Manager*) /home/user/TSC/tsc/src/level/level_loader.cpp:493
#5 0x555555c43d7d in TSC::cLevelLoader::Create_Level_Objects_From_XML_Tag(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, TSC::XmlAttributes&, int, TSC::cSprite_Manager*) /home/user/TSC/tsc/src/level/level_loader.cpp:297
#6 0x555555c436c1 in TSC::cLevelLoader::Parse_Level_Object_Tag(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&) /home/user/TSC/tsc/src/level/level_loader.cpp:263
#7 0x555555c3fe1a in TSC::cLevelLoader::on_end_element(Glib::ustring const&) /home/user/TSC/tsc/src/level/level_loader.cpp:156
#8 0x7ffff734a608 in xmlpp::SaxParserCallback::end_element(void*, unsigned char const*) (/lib/x86_64-linux-gnu/libxml++-2.6.so.2+0x26608) (BuildId: 5e6ef20e94f0b4584aa976626da539815181efff)
#9 0x7ffff6458fa6 (/lib/x86_64-linux-gnu/libxml2.so.2+0x185fa6) (BuildId: a45b2da2952671a2ae7b918a27898c5d329fc440)
#10 0x7ffff63292fa (/lib/x86_64-linux-gnu/libxml2.so.2+0x562fa) (BuildId: a45b2da2952671a2ae7b918a27898c5d329fc440)
#11 0x7ffff6329cd2 (/lib/x86_64-linux-gnu/libxml2.so.2+0x56cd2) (BuildId: a45b2da2952671a2ae7b918a27898c5d329fc440)
#12 0x7ffff6329f47 in xmlParseElement (/lib/x86_64-linux-gnu/libxml2.so.2+0x56f47) (BuildId: a45b2da2952671a2ae7b918a27898c5d329fc440)
#13 0x7ffff632e003 in xmlParseDocument (/lib/x86_64-linux-gnu/libxml2.so.2+0x5b003) (BuildId: a45b2da2952671a2ae7b918a27898c5d329fc440)
#14 0x7ffff7343d4e in xmlpp::SaxParser::parse() (/lib/x86_64-linux-gnu/libxml++-2.6.so.2+0x1fd4e) (BuildId: 5e6ef20e94f0b4584aa976626da539815181efff)
#15 0x7ffff7343171 in xmlpp::SaxParser::parse_file(Glib::ustring const&) (/lib/x86_64-linux-gnu/libxml++-2.6.so.2+0x1f171) (BuildId: 5e6ef20e94f0b4584aa976626da539815181efff)
#16 0x555555c3eecb in TSC::cLevelLoader::parse_file(boost::filesystem::path) /home/user/TSC/tsc/src/level/level_loader.cpp:89
#17 0x555555c1532b in TSC::cLevel::Load_From_File(boost::filesystem::path) /home/user/TSC/tsc/src/level/level.cpp:217
#18 0x555555c797de in TSC::cLevel_Manager::Load(std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool) /home/user/TSC/tsc/src/level/level_manager.cpp:135
#19 0x555555a6fbb1 in TSC::Handle_Generic_Game_Events(CEGUI::XMLAttributes const&) /home/user/TSC/tsc/src/core/game_core.cpp:224
#20 0x555555a6d92b in TSC::Handle_Game_Events() /home/user/TSC/tsc/src/core/game_core.cpp:159
#21 0x555555a9218c in TSC::Update_Game() /home/user/TSC/tsc/src/core/main.cpp:591
#22 0x555555a8e486 in main /home/user/TSC/tsc/src/core/main.cpp:202
#23 0x7ffff6c2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#24 0x7ffff6c2a28a in __libc_start_main_impl ../csu/libc-start.c:360
#25 0x5555559d3f74 in _start (/opt/tsc/bin/tsc+0x47ff74) (BuildId: e1b480925b201108bf43d69d98e417b1471fb8ce)

SUMMARY: AddressSanitizer: heap-use-after-free /home/user/TSC/tsc/src/video/gl_surface.cpp:72 in TSC::cGL_Surface::~cGL_Surface()
Shadow bytes around the buggy address:
0x5110001c9f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x5110001c9f80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x5110001ca000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x5110001ca080: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x5110001ca100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x5110001ca180:[fd]fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x5110001ca200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x5110001ca280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x5110001ca300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x5110001ca380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x5110001ca400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10274==ABORTING
[Thread 0x7fffdefe16c0 (LWP 10289) exited]
[Thread 0x7fffe2af06c0 (LWP 10283) exited]
[Thread 0x7fffe0fe56c0 (LWP 10285) exited]
[Thread 0x7fffcd4366c0 (LWP 10298) exited]
[Thread 0x7fffe5dfe6c0 (LWP 10278) exited]
[Thread 0x7ffff5e19840 (LWP 10274) exited]
[Thread 0x7fffc99c36c0 (LWP 10303) exited]
[Thread 0x7fffcadfe6c0 (LWP 10301) exited]
[Thread 0x7fffcc11e6c0 (LWP 10300) exited]
[Thread 0x7fffce7406c0 (LWP 10296) exited]
[Thread 0x7fffd0e5f6c0 (LWP 10294) exited]
[Thread 0x7fffdaec26c0 (LWP 10293) exited]
[Thread 0x7fffdd7de6c0 (LWP 10292) exited]
[Thread 0x7fffddfdf6c0 (LWP 10291) exited]
[Thread 0x7fffde7e06c0 (LWP 10290) exited]
[Thread 0x7fffdf7e26c0 (LWP 10288) exited]
[Thread 0x7fffdffe36c0 (LWP 10287) exited]
[Thread 0x7fffe07e46c0 (LWP 10286) exited]
[Thread 0x7fffe17e66c0 (LWP 10284) exited]
[Thread 0x7fffe32f16c0 (LWP 10282) exited]
[Thread 0x7fffe3af26c0 (LWP 10281) exited]
[Thread 0x7fffe42f36c0 (LWP 10280) exited]
[Thread 0x7fffe55fd6c0 (LWP 10279) exited]
[Thread 0x7fffe65ff6c0 (LWP 10277) exited]
[Thread 0x7fffcfa4a6c0 (LWP 10295) exited]
[New process 10274]
[Inferior 1 (process 10274) exited with code 01]

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugLevels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions