Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=37
(Originally mentioned in
this topic)
CODE
Core was generated by `./map-server_sql'.
Program terminated with signal 11, Segmentation fault.
#0 status_get_sc (bl=0xdededead) at status.c:4362
4362 switch (bl->type) {
(gdb) bt
#0 status_get_sc (bl=0xdededead) at status.c:4362
#1 0x08092cb9 in status_change_end (bl=0xaabdd764, type=95, tid=-1) at status.c:6224
#2 0x0812ed6b in unit_remove_map (bl=0xaabdd764, clrtype=3) at unit.c:1611
#3 0x0812f34a in unit_free (bl=0xaabdd764, clrtype=3) at unit.c:1743
#4 0x08050c38 in map_quit (sd=0xaabdd764) at map.c:1671
#5 0x08051a77 in cleanup_sub (bl=0xaabdd764, ap=0xbfd17f9c "k\23223\b�2\222�L126\b�\177ѿf[23\b�1") at map.c:3437
#6 0x0804f086 in map_foreachinmap (func=0x80519d0 <cleanup_sub>, m=459, type=<value optimized out>) at map.c:1249
#7 0x08050e83 in do_final () at map.c:3489
#8 0x08134a15 in main (argc=1, argv=0xbfd18084) at core.c:257
QUOTE
Skotlex checked the code and found that the third crash apparently happens in BladeStop and SafetyWall's status change end routine, because the status holds a direct memory pointer to a character. If that character is unloaded, the pointer becomes invalid.
The fix would be to store the id instead of the pointer, and look up the target.
This post has been edited by theultramage: Sep 10 2007, 02:08 PM