Bug Tracker – Bug 1236

Client crash after pressing switch in Valiant.wad

Last modified: 2019-02-11 19:51:21 CST
Bug 1236 - Client crash after pressing switch in Valiant.wad
Summary: Client crash after pressing switch in Valiant.wad
Status: NEW
Alias: None
Product: Odamex
Classification: Unclassified
Component: Client (show other bugs)
Version: 0.7.x (Old)
Hardware: Other Other
: P5 major
Assignee: Odamex Bug Reporter
URL:
Depends on:
Blocks:
 
Reported: 2018-12-30 16:47 CST by Ralph Vickers
Modified: 2019-02-11 19:51 CST (History)
3 users (show)

See Also:

Attachments

Crash dump (321.09 KB, application/octet-stream)
2018-12-30 16:47 CST, Ralph Vickers
Details
Error seen in GZDoomBuilder (111.82 KB, image/jpeg)
2019-01-05 08:53 CST, Maëllig Desmottes
Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Vickers 2018-12-30 16:47:09 CST
Created attachment 562 [details]
Crash dump

Git build: e307cc1a. Hard crash after pressing the first switch in valiant.wad MAP01. You can noclip right through the first door and up to the platform on the right to activate the switch, which results in a hard crash. Happens reliably. Crash dump is attached.

https://www.doomworld.com/idgames/levels/doom2/Ports/megawads/valiant
Comment 1 Maëllig Desmottes 2019-01-05 08:53:05 CST
Created attachment 565 [details]
Error seen in GZDoomBuilder

After debugging it, the problem has been reported in 

bool P_SetMobjState(AActor *mobj, statenum_t state, bool cl_update).

After checking Valiant MAP01 in Doom Builder, I noticed this happened because of a voodoo doll.
Comment 2 Nick 2019-02-11 19:51:21 CST
This happens because of the custom pinky in the closet. It looks like it's a dehacked parsing issue because the state it's attempting to set is an invalid number (1074) which overflows the state buffer which is size 1005.