Due to ``#include "DallasFuncs.cpp"``, DF is recompiled 52 times.
Rework it to build just once. The compile time goes down for me
from 1m45.3s to 1m38.8s on my 1135G7 CPU running make -j8.
The switcheroo involving OSIRISEXTERN is unnecessary; if it is empty,
it is "extern" anyway.
One function, ``osicommon_Initialize``, is present twice and can lead
to duplicate definitions in the linker stage, which is probably what
the DallasFuncs.cpp comment alluded to. It is moved away into its own
.cpp file.
Both e.g. AIGame3.cpp and DallasFuncs.cpp include
``osiris_vector.h``. Right now, this is not a problem because
DallasFuncs.cpp is not compiled itself, but included from
AIGame3.cpp, in other words, it is all just one translation unit.
I have a plan to do away with ``#include "DallasFuncs.cpp"``, which
means the linker invocation for AIGame3.so will have at least two
translation units, and thus two definitions of the osiris vector
functions, which is not allowed.
This also has the side-effect to reduce compile-time a little,
from 1m57.5s to 1m48.7s on my 1135G7 CPU using `make -j8`.
I want to namespace the stuff in DallasFuncs.cpp, and when I do that,
there comes about an ambiguity between ``NewNamespace::aUserFlagSet``
and the ``::aUserFlagSet`` declared by LEVEL15 (also ``qUserFlag``).
Due to ``#include "DallasFuncs.cpp"``, LEVEL15.cpp already has a
declaration (and definition) for ``aUserFlagSet``, and so we can jsut
remove the two lines.
gcc warns about strict aliasing violations in fix.cpp:
fix/fix.cpp: In function "int FloatRound(float)":
fix/fix.cpp:157:14: warning: dereferencing type-punned pointer will
break strict-aliasing rules [-Wstrict-aliasing]
157 | return ((*((int *)&nf)) & 0x7FFFFF) - 2048;
But these functions and then some are unused, so delete them altogether.
vp[26] is `int *`, so it tries to read 4 bytes on amd64, even though
TCP_Active, which is behind vp[26] is just a bool and 1 byte.
==95927==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000004734f40 at pc 0x7f4f8d93b952 bp 0x7ffc57f191b0 sp 0x7ffc57f191a8
READ of size 4 at 0x000004734f40 thread T0
f0 DLLMultiInit $GIT/netcon/includes/mdllinit.h:314
f1 LoadMultiDLL(char const*) $GIT/Descent3/multi_dll_mgr.cpp:690
f2 RunServerConfigs $GIT/Descent3/dedicated_server.cpp:236
f3 LoadServerConfigFile() $GIT/Descent3/dedicated_server.cpp:357
f4 InitDedicatedServer $GIT/Descent3/init.cpp:1778
f5 InitD3Systems2(bool) $GIT/Descent3/init.cpp:1952
f6 Descent3() $GIT/Descent3/descent.cpp:504
f7 oeD3LnxApp::run() $GIT/Descent3/sdlmain.cpp:151
0x000004734f41 is located 0 bytes after global variable 'TCP_active' defined in '$GIT/networking/networking.cpp:383:6' (0x4734f40) of size 1
SUMMARY: AddressSanitizer: global-buffer-overflow $GIT/netcon/includes/mdllinit.h:314 in DLLMultiInit
Resolve an out-of-bounds write in LoadServerConfigFile.
A sufficiently long path,
descent3 -dedicated /home/jengelh/.config/descent3/dedicated.conf
causes the game server to exit with
Error loading connection DLL 'cated.conf'
Which hints at a buffer overflow.
ASAN reports:
$GIT/Descent3/dedicated_server.cpp:350:24: runtime error: index 1024
out of bounds for type 'cvar_entry [36]'
$GIT/Descent3/dedicated_server.cpp:350:14: runtime error: load of
address 0x000001e677c0 with insufficient space for an object of type
'const char *'
This can happen if a line in the .cfg starts with a '#'.
Descent3/render.cpp:2989:8: warning: type "struct obj_sort_item" violates the C++ One Definition Rule [-Wodr]
2989 | struct obj_sort_item {
Descent3/terrainrender.cpp:943:8: note: a different type is defined in another translation unit
During Retribution level 13, after about 5 minutes when some timed
level script seems to run and the message "GB: Engine malfunction" is
printed, there is also an assert:
Assertion failure at msafe_CallFunction ($GIT/Descent3/multisafe.cpp:1719), triggered 1 time:
'mstruct->id != -1'
The result from SpewCreate is -1 because there are no more gun slots
available, i.e. this condition is where the function exited thru:
if (spew->gp.gunpoint < 0 || spew->gp.gunpoint >= pm->n_guns)
ASAN complained:
$GIT/Descent3/BOA.cpp:443:54: runtime error: index -1 out of bounds for type 'float [40]'
At that particular time, important variables had these values:
cur_room=36 this_portal=-1
Gazing at my own code/modification, I find it is embarrasingly wrong.
Since ``sp`` is re-initialized at every loop iteration, setting it to
(the locally-constant) ``Scorch_start`` is incorrect. Make ``sp``
really mirror ``i`` at all times; this way, it also will not be
necessary anymore to update ``sp`` within the loop.
Fixes: 20ed30eef8
It is possible to cause the death of the CollectorNomad2 object (rush
to it before it possibly leaves again into the sidepackets the ship
won't fit through). The transition happens here:
```
f0 KillObject (objp=0x3d4d3e0 <Objects+384000>, killer=0x3cef7e0 <Objects>, damage=3) at /home/jengelh/D3/Descent3/damage.cpp:1036
f1 ApplyDamageToGeneric (hit_obj=0x3d4d3e0 <Objects+384000>, killer=0x3cef7e0 <Objects>, damage_type=6, damage=3, server_says=0, weapon_id=255) at /home/jengelh/D3/Descent3/damage.cpp:1401
f2 collide_generic_and_player (robotobj=0x3d4d3e0 <Objects+384000>, playerobj=0x3cef7e0 <Objects>, collision_point=0x7f877f40a830, collision_normal=0x7f877f40a858, f_reverse_normal=true, hit_info=0x7f877f40a810) at /home/jengelh/D3/physics/collide.cpp:2127
f3 collide_two_objects (A=0x3cef7e0 <Objects>, B=0x3d4d3e0 <Objects+384000>, collision_point=0x7f877f40a830, collision_normal=0x7f877f40a858, hit_info=0x7f877f40a810) at /home/jengelh/D3/physics/collide.cpp:2505
f4 do_physics_sim (obj=0x3cef7e0 <Objects>) at /home/jengelh/D3/physics/physics.cpp:1515
f5 ObjDoFrame (obj=0x3cef7e0 <Objects>) at /home/jengelh/D3/Descent3/object.cpp:2824
f6 ObjDoFrameAll () at /home/jengelh/D3/Descent3/object.cpp:2988
f7 GameFrame () at /home/jengelh/D3/Descent3/GameLoop.cpp:2980
f8 GameSequencer () at /home/jengelh/D3/Descent3/gamesequence.cpp:1221
f9 PlayGame () at /home/jengelh/D3/Descent3/game.cpp:834
f10 MainLoop () at /home/jengelh/D3/Descent3/descent.cpp:550
f11 Descent3 () at /home/jengelh/D3/Descent3/descent.cpp:508
f12 oeD3LnxApp::run (this=0x7f877f00db50) at /home/jengelh/D3/Descent3/sdlmain.cpp:151
<frame 2> (gdb) p robotobj
$1 = {
type = 2 '\002' (OBJ_ROBOT), dummy_type = 255 '\377', id = 276,
flags = 2135072, name = 0x5020000aff30 "CollectorNomad2",
handle = 2432, next = 178, prev = -1,
control_type = 1 '\001' (CT_AI), movement_type = 2 '\002' (MC_ROLLING),
render_type = 1 '\001' (LRT_GOURAUD), lighting_render_type = 1 '\001', roomnum = 58,
pos = {x = 2350.21484, y = -263.523956, z = 1868.59888},
orient = {
rvec = {x = 0.882905424, y = 1.63964216e-14, z = -0.469550878},
uvec = {x = -1.25793295e-14, y = 1, z = 1.12662192e-14},
fvec = {x = 0.469550878, y = -4.04037088e-15, z = 0.882905424}
},...}
```
Thus, KillObject sets obj->control_type=CT_DYING. In the same game
tick, Level6.cpp then calls aAIGoalFollowPathSimple which triggers
the assertion.
```
Int3 in $GIT/Descent3/osiris_predefs.cpp at line 571.(Descent 3 Debug Break)
f0 osipf_AIGoalFollowPathSimple (objhandle=2432, path_id=21, guid=7, flags=1052928, slot=3) at $GIT/Descent3/osiris_predefs.cpp:571
f1 AI_GoalFollowPathSimple (objhandle=2432, path_id=21, guid=7, flags=1052928, slot=3) at $GIT/scripts/osiris_import.h:170
f2 aAIGoalFollowPathSimple (objhandle=2432, pathid=21, flags=1052928, goalid=7, priority=3) at $GIT/scripts/DallasFuncs.cpp:3649
f3 LevelScript_0000::CallEvent (this=0x5020000ba430, event=256, data=0x7f963e71d930) at $GIT/scripts/Level6.cpp:2465
f4 CallInstanceEvent (id=0, ptr=0x5020000ba430, event=256, data=0x7f963e71d930) at $GIT/scripts/Level6.cpp:2209
f5 Osiris_CallLevelEvent (event=256, data=0x7f963e71d930) at $GIT/Descent3/OsirisLoadandBind.cpp:2000
f6 GameFrame () at $GIT/Descent3/GameLoop.cpp:3020
f7 GameSequencer () at $GIT/Descent3/gamesequence.cpp:1221
f8 PlayGame () at $GIT/Descent3/game.cpp:834
f9 MainLoop () at $GIT/Descent3/descent.cpp:550
f10 Descent3 () at $GIT/Descent3/descent.cpp:508
f11 oeD3LnxApp::run (this=0x7f963e80db50) at $GIT/Descent3/sdlmain.cpp:151
```
