P_DamageMobj SIGSEGVs if inflictor is nil

Tatsuru

2.3 will have menus
Moderator
Sonic Team Junior
Discovered this when making a typo inside a MobjDamage hook. I passed "inflict" (that wasn't declared and thus should be nil) instead of the provided inflictor and the game promptly SIGSEGVs when getting to that line.

Code:
addHook("MobjDamage", function(mo, [B]inflictor[/B], source)
	.
	.
	.
	P_DamageMobj(mo, [B]inflict[/B], source, 10000)
	return true

While I believe this probably doesn't have to do with the argument being nil per se (inflictorless damage exists after all) this might be related the amount of damage dealt, being the magic number that kills players. I had to reproduce the crash in 32-bit since 64-bit wasn't outputing any RPT files, and that's how I also found out that in 64-bit only the host's client crashed, but in 32-bit all players crash with them as well.

RPT file:
-------------------

Error occurred on Thursday, June 13, 2019 at 19:32:22.

srb2win.exe caused an Access Violation at location 004869D7 in module srb2win.exe Reading from location 00000064.

Registers:
eax=01774800 ebx=01774660 ecx=76e57084 edx=00634424 esi=00000000 edi=01a7f4ce
eip=004869d7 esp=01a7f490 ebp=0d62f6e0 iopl=0 nv up ei pl zr na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246

AddrPC Params
004869D7 01774660 0D62F6E0 00000000 srb2win.exe!P_HitDeathMessages
0049916E 0D6004869D7 01774660 0D6E4B00 00000000 srb2win.exe!P_HitDeathMessages
0049916E 0D6E5A78 00000000 0D6E4B00 srb2win.exe!P_SetPlayerMobjState
0048A8E7 0D5680D8 00000004 FFFFFFFE srb2win.exe!P_DamageMobj.part.5
00548AFF 00002710 00000000 0D6E4B00 srb2win.exe!l0053F637 01A7F66C 01A7F6A4 04560000 srb2win.exe!luaD_precall
7002D594 00002733 0D6602C8 00557348 atcuf32.dll!AtcQueryRegion
70012EEE 0D555768 00000001 01A7F738 atcuf32.dll!0x2eee
0053FDBD 0D555768 00000070012EEE 0D5680D8 000000!luaD_call
0055D913 0D555768 0000053FDBD 0D5680D8 00000002 0D5680D8 srb2wi00548!luaD_call
0055D913 0D5680D8 00000003 FFFFFFFE srb2win.exe!Lua_optoption
00548A4B 0D5680D8 00000003 006C7D45 srb2win.exe!luaL_checknumber
0056DFB4 0D5680D8 0D565D90 00000001 srb2win.exe!mobj_set
00539F60 0D5680D8 00539F40 01A7F8A8 srb2win.exe!f_call
00540585 05AABD60 0D565D90 01A7F878 srb2win.exe!luaD_pcall
00557998 0D5680D8 00539F40 01A7F8A8 srb2win.exe!luaV_gettable
0053CB81 0D5680D8 0D56819C 0D565D90 srb2win.exe!lua_pcall
0053BC8B 0D5680D8 00000004 00000001 srb2win.exe!lua_gettable
00566EB2 0D6E5A78 0D6E5130 0D6E4B00 srb2win.exe!LUAh_MobjDamage
0048A851 0D5680D8 00000000 03BA0000 srb2win.exe!P_DamageMobj.part.5
0053FDBD 03E105F0 0D565D7!RtlSetLastWin32Error
7002B611 00000001 0D62FD10 0D62F6E0 atcuf32.dll!AtcQueryRegion
00491239 0D62F0B7002B611 00000001 0D6E5130 0D6E4!PIT_CheckThing
00497214 00000036 00000015 00490B10 srb2win.exe!P_BlockThingsIterator
0048F9E0 0D62FD10 0E7B11CF 01BC16AD srb2win.exe!P_CheckPosition
004930CD 0D62FD10 0E798205 01955EBF srb2win.exe!P_TryMove
0049E4CB 00000000 00000000 00000000 srb2win.exe!P_XYMovement

srb2win.exe
ntdll.dll 6.2.16299.936
KERNEL32.DLL 6.2.16299.1087
KERNELBASE.dll 6.2.16299.1004
atcuf32.dll 1.25.200.0
apphelp.dll 6.2.16299.98
ADVAPI32.DLL 6.2.16299.696
msvcrt.dll 7.0.16299.125
sechost.dll 6.2.16299.696
RPCRT4.dll 6.2.16299.1029
SspiCli.dll 6.2.16299.755
CRYPTBASE.dll 6.2.16299.15SspiCli.dll 6.2.16299.755
CRYPTBASE.dll 6.2.16299.15
bcryptPrimitives.dll 6.2.16299.1004
USER32.dll 6.2.16299.125
win32u.dll 6.2.16299.15
GDI32.dll 6.2.16299.665
gdi32full.dll 6.2.16299.1087
msvcpWS2_32.dll 6.2.16299.15
libgme.dll
SDL2.dll 2.0.9.0
IMM32.DLL 6.2.16299.15
combase.dll 6.2.16299.1004
ole32.dll 6.2.16299.1004
OLEAUT32.dll 6.2.16299.1087
SETUPAPI.dll 6.2.16299.248
cfgmgr32.dll 6.2.16299.15
SHELL32.dll 6.2.16299.1004
shcore.dll 6.2.16299.522
windows.storage.dll 6.2.16299.1059
shlwapi.dll 6.2.16299.402
kernel.appcore.dll 6.2.16299.492
powrprof.dll 6.2.16299.15
profapi.dll 6.2.16299.15
SDL2_mixer.dll 2.0.4.0
IPHLPAPI.DLL 6.2.16299.15
libmingwex-0.dll
VERSION.dll 6.2.16299.15
WINMM.DLL 6.2.16299.15
WINMMBASE.dll 6.2.16299.15
exchndl.dll 0.9.0.0
PSAPI.DLL 6.2.16299.15
mgwhelp.dll 0.9.0.0
dbghelp.dll 6.2.16299.15
dbgcore.DLL 6.2.16299.15
uxtheme.dll 6.2.16299.755
MSCTF.dll 6.2.16299.696
tiptsf.dll 6.2.16299.492
dwmapi.dll 6.2.16299.15
clbcatq.dll 2001.12.10941.16384
D3D9.DLL 6.2.16299.98
igdumdim32.dll 21.20.16.4599
igc32.dll 21.20.16.4599
dinput8.dll 6.2.16299.461
inputhost.dll
CoreMessaging.dll 6.2.16299.1004
ntmarta.dll 6.2.16299.15
wintypes.dll 6.2.16299.402
D3D9.DLL 6.2.16299.98
igdumdim32HID.DLL 6.2.16299.15
DEVOBJ.dll 6.2.16299.15
WINTRUST.dll 6.2.16299.936
MSASN1.dll 6.2.16299.15
CRYPT32.dll 6.2.16299.402
DSOUND.DLL 6.2.16299.15
MMDevAPI.DLL 6.2.16299.15
PROPSYS.dll 7.0.16299.1004
wdmaud.drv 6.2.16299.15
ksuser.dll 6.2.16299.15
AVRT.dll 6.2.16299.15
AUDIOSES.DLL 6.2.16299.1004
msacm32.drv 6.2.16299.15
MSACM32.dll 6.2.16299.15
midimap.dll 6.2.16299.15
libFLAC-8.dll
libogg-0.dll
libmodplug-1.dll
libmpg123-0.dll
libvorbisfile-3.dll
libvorbis-0.dll
uiautomationcore.dll 7.2.16299.1004
sxs.dll 6.2.16299.15
Windows.UI.dll 6.2.16299.15
TextInputFramework.dll 6.2.16299.15
OLEACC.dll 7.2.16299.15
twinapi.dll 6.2.16299.248
twinapi.appcore.dll 6.2.16299.1004
RMCLIENT.dll 6.2.16299.371
bcrypt.dll 6.2.16299.492
mswsock.dll 6.2.16299.15

Windows 6.2.9200
DrMingw 0.9.0

6.2.16299.492

Windows 6.2.9200
DrMingw 0.9.0

-------------------

Error occurred on Thursday, June 13, 2019 at 19:35:07.

srb2win.exe caused an Access Violation at location 00485968 in module srb2win.exe Reading from location 00000064.

Registers:
eax=00000000 ebx=017a5220 ecx=0065994c edx=01abf547 esi=0d68b0e8 edi=00000000
eip=00485968 esp=01abf4f0 ebp=01abf52e iopl=0 nv up ei pl zr na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246

AddrPC Params
00485968 F5780500 271001AB 11040000 srb2win.exe!P_HitDeathMessages
32207265 271001AB 11040000 74801545
F5780500 11040000 74801545 616C50E3
271001AB 74801545 616C50E3 20726579
11040000 616C50E3 20726579 00460032 igdumdim32.dll!@GTPIN_IGC_Instrument@32
74801545 20726579 00460032 61A80000 combase.dll!0x21545
616C50E3 00460032 61A80000 09600000
20726579 61A80000 09600000 00280000
00460032 09600000 00280000 000A0000 srb2win.exe!M_CanShowLevelInList.constprop.37
61A80000 00280000 000A0000 8C440000
09600000 000A0000 8C440000 F5780D5B
00280000 8C440000 F5780D5B A48801AB
000A0000 F5780D5B A48801AB B0E80D68
8C440000 A48801AB B0E80D68 00000D68
F5780D5B B0E80D68 00000D68 52200000
A48801AB 00000D68 52200000 9AB2017A
B0E80D68 52200000 9AB2017A A4880048

srb2win.exe
ntdll.dll 10.0.16299.936
KERNEL32.DLL 10.0.16299.1087
KERNELBASE.dll 10.0.16299.1004
atcuf32.dll 1.25.200.0
ADVAPI32.dll 10.0.16299.696
msvcrt.dll 7.0.16299.125
sechost.dll 10.0.16299.696
RPCRT4.dll 10.0.16299.1029
SspiCli.dll 10.0.16299.755
CRYPTBASE.dll 10.0.16299.15
bcryptPrimitives.dll 10.0.16299.1004
USER32.dll 10.0.16299.125
win32u.dll 10.0.16299.15
GDI32.dll 10.0.16299.665
gdi32full.dll 10.0.16299.1087
msvcp_win.dll 10.0.16299.1059
ucrtbase.dll 10.0.16299.1059
WS2_32.dll 10.0.16299.15
libgme.dll
SDL2.dll 2.0.9.0
IMM32.DLL 10.0.16299.15
combase.dll 10.0.16299.1004
ole32.dll 10.0.16299.1004
OLEAUT32.dll 10.0.16299.1087
SETUPAPI.dll 10.0.16299.248
cfgmgr32.dll 10.0.16299.15
SHELL32.dll 10.0.16299.1004
shcore.dll 10.0.16299.522
windows.storage.dll 10.0.16299.1059
shlwapi.dll 10.0.16299.402
kernel.appcore.dll 10.0.16299.492
powrprof.dll 10.0.16299.15
profapi.dll 10.0.16299.15
SDL2_mixer.dll 2.0.4.0
IPHLPAPI.DLL 10.0.16299.15
VERSION.dll 10.0.16299.15
WINMM.DLL 10.0.16299.15
WINMMBASE.dll 10.0.16299.15
exchndl.dll 0.9.0.0
PSAPI.DLL 10.0.16299.15
mgwhelp.dll 0.9.0.0
dbghelp.dll 10.0.16299.15
dbgcore.DLL 10.0.16299.15
uxtheme.dll 10.0.16299.755
MSCTF.dll 10.0.16299.696
tiptsf.dll 10.0.16299.492
dwmapi.dll 10.0.16299.15
clbcatq.dll 2001.12.10941.16384
TextInputFramework.dll 10.0.16299.15
CoreUIComponents.dll 10.0.16299.1004
CoreMessaging.dll 10.0.16299.1004
ntmarta.dll 10.0.16299.15
wintypes.dll 10.0.16299.402
D3D9.DLL 10.0.16299.98
igdumdim32.dll 21.20.16.4599
igc32.dll 21.20.16.4599
dinput8.dll 10.0.16299.461
HID.DLL 10.0.16299.15
inputhost.dll
DEVOBJ.dll 10.0.16299.15
WINTRUST.dll 10.0.16299.936
MSASN1.dll 10.0.16299.15
CRYPT32.dll 10.0.16299.402
DSOUND.DLL 10.0.16299.15
MMDevAPI.DLL 10.0.16299.15
PROPSYS.dll 7.0.16299.1004
wdmaud.drv 10.0.16299.15
ksuser.dll 10.0.16299.15
AVRT.dll 10.0.16299.15
AUDIOSES.DLL 10.0.16299.1004
msacm32.drv 10.0.16299.15
MSACM32.dll 10.0.16299.15
midimap.dll 10.0.16299.15
libFLAC-8.dll
libogg-0.dll
libmodplug-1.dll
libmpg123-0.dll
libvorbisfile-3.dll
libvorbis-0.dll
uiautomationcore.dll 7.2.16299.1004
sxs.dll 10.0.16299.15
Windows.UI.dll 10.0.16299.15
OLEACC.dll 7.2.16299.15
twinapi.dll 10.0.16299.248
twinapi.appcore.dll 10.0.16299.1004
RMCLIENT.dll 10.0.16299.371
bcrypt.dll 10.0.16299.492
mswsock.dll 10.0.16299.15

Windows 10.0.16299
DrMingw 0.9.0

6299.15
midimap.dll 10.0.16299.15
libFLAC-8.dll
libogg-0.dll
libmodplug-1.dll
libmpg123-0.dll
libvorbisfile-3.dll
libvorbis-0.dll
mswsock.dll 10.0.16299.15
uiautomationcore.dll 7.2.16299.1004
sxs.dll 10.0.16299.15
Windows.UI.dll 10.0.16299.15
OLEACC.dll 7.2.16299.15
twinapi.dll 10.0.16299.248
twinapi.appcore.dll 10.0.16299.1004
RMCLIENT.dll 10.0.16299.371
bcrypt.dll 10.0.16299.492

Windows 10.0.16299
DrMingw 0.9.0
 
Last edited:
You are not supposed to use P_DamageMobj inside of the MobjDamage hook, because the MobjDamage hook is executed whenever P_DamageMobj is executed.
 
You are not supposed to use P_DamageMobj inside of the MobjDamage hook, because the MobjDamage hook is executed whenever P_DamageMobj is executed.

I've taken note of that quite earlier (notice the date of the testing being 13 June), but at the time I thought the game would promptly call P_KillMobj due to the fatal damage, so I didn't regard it. Besides, the reason I employed this setup in the first place is because when I tried to alter the damage argument provided by the hook, it didn't seem to work.

At any rate, the function still works if the provided inflictor is correctly passed, despite it making no explicit checks for whether it's nil or not.
 
Last edited:
You are not supposed to use P_DamageMobj inside of the MobjDamage hook, because the MobjDamage hook is executed whenever P_DamageMobj is executed.
If you return true in a MobjDamage hook, the P_DamageMobj that caused the hook won't be called.

So there can be a reason to use P_DamageMobj inside a MobjDamage hook if one does that, for example to have custom Lua code happen after, not before, the object is damaged.
 

Who is viewing this thread (Total: 1, Members: 0, Guests: 1)

Back
Top