SIGABRT after set fire in the basement.

[ghost]

Version : 0.B-1110-g703d730-dirty
Compiled at Ubuntu/ with gcc.

I set a fire in the basement(there were black widow spiders), and press '.' key to pass my turn.
Then I got a crash.
The second attempt also crashed, and I have save file.

gdb message is :
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff0071700 (LWP 3235)]
[New Thread 0x7fffeab83700 (LWP 3236)]
[New Thread 0x7fffe6149700 (LWP 3237)]
[Thread 0x7fffe6149700 (LWP 3237) exited]
/usr/include/c++/4.8/debug/safe_iterator.h:293:error: attempt to increment
a singular iterator.

Objects involved in the operation:
iterator "this" @ 0x0x7fffffffd340 {
type = N11__gnu_debug14_Safe_iteratorIN9__gnu_cxx17__normal_iteratorIPK4itemNSt9__cxx19986vectorIS3_SaIS3_EEEEENSt7__debug6vectorIS3_S8_EEEE (constant iterator);
state = singular;
references sequence with type `NSt7__debug6vectorI4itemSaIS1_EEE' @ 0x0x7fffffffd340
}

Program received signal SIGABRT, Aborted.
0x00007ffff6af7bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: 그런 파일이나 디렉터리가 없습니다.(=means no such file or directory)
(gdb) where
#0 0x00007ffff6af7bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6afafc8 in __GI_abort () at abort.c:89
#2 0x00007ffff7453175 in __gnu_debug::_Error_formatter::_M_error() const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x0000000000414a3a in __gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<item const*, std::__cxx1998::vector<item, std::allocator > >, std::__debug::vector<item, std::allocator > >::operator++ (this=0x7fffffffd340)

at /usr/include/c++/4.8/debug/safe_iterator.h:291

#4 0x00000000005efd06 in map::process_fields_in_submap (this=0x3d453d8, current_submap=0x6519110, submap_x=5, submap_y=4)

at src/field.cpp:752

#5 0x00000000005edb50 in map::process_fields (this=0x3d453d8) at src/field.cpp:417
#6 0x0000000000611c13 in game::do_turn (this=0x3d45240) at src/game.cpp:1486
#7 0x00000000008a2eab in main (argc=0, argv=0x7fffffffde70) at src/main.cpp:292

(gdb)

[narc0tiq]

Version : 0.B-1110-g703d730-dirty

Does it reproduce on the current build without any changes? A lot of things happened in the last 18 days.

[ghost]

On current build It reproduced.
but in gdb message, source line changed.

commit 5d24962
Author: KA101 [email protected]
Date: Wed Dec 24 02:25:41 2014 -0500

gdb message is:

[Thread 0x7fffe6149700 (LWP 5288) exited]
/usr/include/c++/4.8/debug/safe_iterator.h:279:error: attempt to
dereference a singular iterator.

Objects involved in the operation:
iterator "this" @ 0x0x7fffffffd300 {
type = N11__gnu_debug14_Safe_iteratorINSt9__cxx199814_List_iteratorI4itemEENSt7__debug4listIS3_SaIS3_EEEEE (mutable iterator);
state = singular;
references sequence with type `NSt7__debug4listI4itemSaIS1_EEE' @ 0x0x7fffffffd300
}

Program received signal SIGABRT, Aborted.
0x00007ffff6af7bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: 그런 파일이나 디렉터리가 없습니다.
(gdb) where
#0 0x00007ffff6af7bb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6afafc8 in __GI_abort () at abort.c:89
#2 0x00007ffff7453175 in __gnu_debug::_Error_formatter::_M_error() const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x00000000004255a2 in __gnu_debug::_Safe_iteratorstd::__cxx1998::_List_iterator<item, std::__debug::list<item, std::allocator > >::operator-> (this=0x7fffffffd300) at /usr/include/c++/4.8/debug/safe_iterator.h:277
#4 0x0000000000618175 in map::process_fields_in_submap (this=0x3d96e98, current_submap=0x6525c90, submap_x=5, submap_y=4)
at src/field.cpp:734
#5 0x0000000000616066 in map::process_fields (this=0x3d96e98) at src/field.cpp:417
#6 0x000000000063a3b7 in game::do_turn (this=0x3d96d00) at src/game.cpp:1475
#7 0x00000000008c712f in main (argc=0, argv=0x7fffffffde70) at src/main.cpp:296
(gdb)

[narc0tiq]

Interesting. Here's the line referenced originally: https://github.com/CleverRaven/Cataclysm-DDA/blob/703d730/src/field.cpp#L752, which looks right for the stated error (incrementing a singular iterator).

Here's the new error line: https://github.com/CleverRaven/Cataclysm-DDA/blob/5d24962/src/field.cpp#L734, which also looks right for the stated error (dereferencing a singular iterator).

Of note, in both cases we're talking about an iterator acquired from items_here, obtained from i_at(x, y), so it all has to do with the overhaul kevin's given us so far in #10293, #10370, and #10599.

[ghost]

Thank you for informing.
It seems to manipulate fuel iterator which is no longer valid, And it crash when process the firing tile which has explodable ammo items. Exploding ammo cause shooting damage to other item. If an item is destroyed by shooting damage, container remove item by other iterator, then it makes fuel iterator to invalidate, I guess..

If ammo is cookoff, calls g->explosion: https://github.com/CleverRaven/Cataclysm-DDA/blob/master/src/field.cpp#L628

Then game::explosion() calls map::shoot() : https://github.com/CleverRaven/Cataclysm-DDA/blob/master/src/game.cpp#L6906

Then map::shoot() checks damaged item, erases damaged item.
https://github.com/CleverRaven/Cataclysm-DDA/blob/master/src/map.cpp#L2435

After container changes, it seems that fuel iterator is no longer valid.

I changed code at game::explosion for testing.

               m.shoot(tx, ty, dam, j == traj.size() - 1, shrapnel_effects);

to

                if (tx != x && ty != y) {
                    m.shoot(tx, ty, dam, j == traj.size() - 1, shrapnel_effects);
                }

Then it is not remove item on field (x,y), And the crash is no longer present.
But I think this is not a correct patch, and sorry for my bad english. :)

[kevingranade]

Fixed by #10684 Reopen if you see it again.

[ghost]

No more crash on my save file. Thank you.