CR_DEVOTION + clones = crash - Hercules bug tracker archive

Issue information

Issue ID

#3475

Status

Fixed

Severity

None

Started

Hercules Elf Bot

Aug 8, 2009 5:50

Last Post

Hercules Elf Bot

Aug 8, 2009 5:50

Confirmation

N/A

Hercules Elf Bot - Aug 8, 2009 5:50

Originally posted by [b]NoH[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=3475

I had this bug with a slave clone of a GM with @allskill, but I guess it can also be reproduced with a normal player:

CODE

Stacktrace:
#0  0x00689604 in skill_castend_nodamage_id+0x2C64 (src=(struct block_list*)0x0ED96E04 <bytes:00000000F463D90E73B38E06BB033C003000000002000000>, bl=(struct block_list*)0x0A9DE5A0 <bytes:000000008C28E40083841E00BB033C002F00000001000000>, skillid=(int)255, skilllv=(int)5, tick=(unsigned int)24806282, flag=(int)0) at f:\ro\dokebi server\src\map\skill.c:3902
3902                    mer->devotion_flag = 1; // Mercenary Devoting Owner
    lv = (int)0
    count = (int)1
    sstatus = (struct status_data*)0x0ED96FEC <bytes:84062F004834010084062F00483401000B0009000B005B0027000400000004019F0196007201E402FC028D007F02610216000E000B006000E80306010107102927002700010000000000000001000000>
    hd = (struct homun_data*)0x00000000 <invalid memory>
    dstmd = (struct mob_data*)0x00000000 <invalid memory>
    mer = (struct mercenary_data*)0x00000000 <invalid memory>
    md = (struct mob_data*)0x0ED96E04 <bytes:00000000F463D90E73B38E06BB033C003000000002000000046ED90E010000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC <snip>
    dstsd = (struct map_session_data*)0x0A9DE5A0 <bytes:000000008C28E40083841E00BB033C002F00000001000000A0E59D0A05030101020202CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC <snip>
    tstatus = (struct status_data*)0x0A9DE7EC <bytes:85381B00F227000024DB1E003F2F0000F503F4030600090012040600A32C0A000A0070002800500090019FF6B00600071C00100006000C00E80300010107080FA4060000010000000000000001000000>
    type = (enum sc_type)0x86
    sd = (struct map_session_data*)0x00000000 <invalid memory>
    tsc = (struct status_change*)0x0A9DE83C <bytes:0000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 <snip>
    i = (int)0
    tsce = (struct status_change_entry*)0x00000000 <invalid memory>
#1  0x006936AF in skill_castend_id+0xB1F (tid=(int)321, tick=(unsigned int)24806282, id=(int)110015347, data=(int)0) at f:\ro\dokebi server\src\map\skill.c:5965
5965                skill_castend_nodamage_id(src,target,ud->skillid,ud->skilllv,tick,flag);
    sc = (struct status_change*)0x00000000 <invalid memory>
    src = (struct block_list*)0x0ED96E04 <bytes:00000000F463D90E73B38E06BB033C003000000002000000>
    flag = (int)0
    ud = (struct unit_data*)0x0ED96E1C <bytes:046ED90E010000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC00000000000000000000000000000000000000000 <snip>
    target = (struct block_list*)0x0A9DE5A0 <bytes:000000008C28E40083841E00BB033C002F00000001000000>
    inf = (int)262144
    inf2 = (int)1536
    md = (struct mob_data*)0x0ED96E04 <bytes:00000000F463D90E73B38E06BB033C003000000002000000046ED90E010000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC <snip>
    sd = (struct map_session_data*)0x00000000 <invalid memory>
#2  0x0053B801 in do_timer+0x451 (tick=(unsigned int)24806296) at f:\ro\dokebi server\src\common\timer.c:330
330                    timer_data[tid].func(tid, timer_data[tid].tick, timer_data[tid].id, timer_data[tid].data);
    tid = (int)321
    diff = (int)-14
#3  0x00520D4E in main+0xEE (argc=(int)1, argv=(char**)0x03401E40) at f:\ro\dokebi server\src\common\core.c:255
255                next = do_timer(gettick_nocache());
    next = (int)59
#4  0x006E9F17 in __tmainCRTStartup+0x117 () at f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c:266
    mainret = (int)0
    managedapp = (int)0
    initret = (int)0
#5  0x006E9DEF in mainCRTStartup+0xF () at f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c:182
#6  0x767910DC in BaseThreadInitThunk+0x12 ()
#7  0x777A1E9E in RtlProcessFlsData+0xD3 ()
#8  0x777A1E71 in RtlProcessFlsData+0xA6 ()

and the code involved is (skill.c):

CODE

    case CR_DEVOTION:
        {
            int count, lv;
            if( !dstsd )
            { // Only players can be devoted
                if( sd )
                    clif_skill_fail(sd, skillid, 0, 0);
                break;
            }

            if( (lv = status_get_lv(src) - dstsd->status.base_level) < 0 )
                lv = -lv;
            if( lv > battle_config.devotion_level_difference || // Level difference requeriments
                (dstsd->sc.data[type] && dstsd->sc.data[type]->val1 != src->id) || // Cannot Devote a player devoted from another source
                (skillid == ML_DEVOTION && (!mer || mer != dstsd->md)) || // Mercenary only can devote owner
                (dstsd->class_&MAPID_UPPERMASK) == MAPID_CRUSADER ) // Crusader Cannot be devoted
            {
                if( sd )
                    clif_skill_fail(sd,skillid,0,0);
                map_freeblock_unlock();
                return 1;
            }

            i = 0;
            count = (sd)? min(skilllv,5) : 1; // Mercenary only can Devote owner
            if( sd )
            { // Player Devoting Player
                ARR_FIND(0, count, i, sd->devotion[i] == bl->id );
                if( i == count )
                {
                    ARR_FIND(0, count, i, sd->devotion[i] == 0 );
                    if( i == count )
                    { // No free slots, skill Fail
                        clif_skill_fail(sd, skillid, 0, 0);
                        map_freeblock_unlock();
                        return 1;
                    }
                }

                sd->devotion[i] = bl->id;
            }
            else
                mer->devotion_flag = 1; // Mercenary Devoting Owner

            clif_skill_nodamage(src, bl, skillid, skilllv,
                sc_start4(bl, type, 100, src->id, i, skill_get_range2(src,skillid,skilllv), skill_get_time2(skillid, skilllv), 1000));
            clif_devotion(src, NULL);
        }
        break;

I'm not familiar with the syntax, but I assume "mer->devotion_flag" refers to mercenaries, hence the crash.

This post has been edited by NoHealing: Aug 7 2009, 10:51 PM