Thread: SigSegv Violation

I've been fixing errors like crazy for this program I recently downloaded. It runs a server, but that's not my problem. Every few hours or so I get a Segmentation Violation. I'm a little past an average C Programmer, but this Segmentation Violation is still beyond my knowledge. I highlighted the Segmentation Error location in red.

Segmentation Violation:

Code:

Program received signal SIGSEGV, Segmentation fault.
0x08055770 in clif_additem (sd=0x15e34b60, n=47, amount=1, fail=0)
    at clif.c:1856
1856            buf=WFIFOP(fd,0);

Code:

int clif_additem(struct map_session_data *sd, int n, int amount, int fail) {
    int fd,j;
    unsigned char *buf;

    nullpo_retr(0, sd);

    fd=sd->fd;
    buf=WFIFOP(fd,0);
    if(fail) {
        WBUFW(buf,0)=0xa0;
        WBUFW(buf,2)=n+2;
        WBUFW(buf,4)=amount;
        WBUFW(buf,6)=0;
        WBUFB(buf,8)=0;
        WBUFB(buf,9)=0;
        WBUFB(buf,10)=0;
        WBUFW(buf,11)=0;
        WBUFW(buf,13)=0;
        WBUFW(buf,15)=0;
        WBUFW(buf,17)=0;
        WBUFW(buf,19)=0;
        WBUFB(buf,21)=0;
        WBUFB(buf,22)=fail;
    } else {
        if (n<0 || n>=MAX_INVENTORY || sd->status.inventory[n].nameid <=0 || sd->inventory_data[n] == NULL)
            return 1;

        WBUFW(buf,0)=0xa0;
        WBUFW(buf,2)=n+2;
        WBUFW(buf,4)=amount;
        if (sd->inventory_data[n]->view_id > 0)
            WBUFW(buf,6)=sd->inventory_data[n]->view_id;
        else
            WBUFW(buf,6)=sd->status.inventory[n].nameid;
        WBUFB(buf,8)=sd->status.inventory[n].identify;
        WBUFB(buf,9)=sd->status.inventory[n].attribute;
        WBUFB(buf,10)=sd->status.inventory[n].refine;
        if(sd->status.inventory[n].card[0]==0x00ff || sd->status.inventory[n].card[0]==0x00fe || sd->status.inventory[n].card[0]==(short)0xff00) {
            WBUFW(buf,11)=sd->status.inventory[n].card[0];
            WBUFW(buf,13)=sd->status.inventory[n].card[1];
            WBUFW(buf,15)=sd->status.inventory[n].card[2];
            WBUFW(buf,17)=sd->status.inventory[n].card[3];
        } else {
            if (sd->status.inventory[n].card[0] > 0 && (j=itemdb_viewid(sd->status.inventory[n].card[0])) > 0)
                WBUFW(buf,11)=j;
            else
                WBUFW(buf,11)=sd->status.inventory[n].card[0];
            if (sd->status.inventory[n].card[1] > 0 && (j=itemdb_viewid(sd->status.inventory[n].card[1])) > 0)
                WBUFW(buf,13)=j;
            else
                WBUFW(buf,13)=sd->status.inventory[n].card[1];
            if (sd->status.inventory[n].card[2] > 0 && (j=itemdb_viewid(sd->status.inventory[n].card[2])) > 0)
                WBUFW(buf,15)=j;
            else
                WBUFW(buf,15)=sd->status.inventory[n].card[2];
            if (sd->status.inventory[n].card[3] > 0 && (j=itemdb_viewid(sd->status.inventory[n].card[3])) > 0)
                WBUFW(buf,17)=j;
            else
                WBUFW(buf,17)=sd->status.inventory[n].card[3];
        }
        WBUFW(buf,19)=pc_equippoint(sd,n);
        WBUFB(buf,21)=(sd->inventory_data[n]->type == 7)? 4:sd->inventory_data[n]->type;
        WBUFB(buf,22)=fail;
    }

    WFIFOSET(fd,packet_len_table[0xa0]);
    return 0;
}

Tell me if you need to see more code in order to fix this problem.

A friend introduced me to this forum, and he said that you guys could probably help. Well, I sure hope you can, because this kills my server every now-and-then.

Thanks,
Mellowz

I'm not familiar with WFIFOP(). Do you have the code for that handy or can you point to some documentation on it?

Quoting "Unix Network Programming" by W. Richards Stevens

Pages 45-46

Referencing an address outside a process' address space generates a SIGSEGV signal. The specific hardware conditions and the signals that they generate, can differ from one Uix implementation to another. These types of signals are normally sent from the kernel to a process.

Page 49, regarding SIGSEGV

This signal is generated byan implementation dependent hardware fault. A segmentation violation is typically generated when a process references a memory address that it is not allowed to access.

Basicly, keep track of your pointers better, and make sure you don't run out of your array boundaries, and you'll be fine.

Quzah.

> fd=sd->fd;
Run the code in the debugger (probably gdb) and wait for it to crash.
Then use the debugger to examine the sd and sd->fd values (to make sure they're OK)

If WFIFOP is allocating memory (via malloc), then the real problem is most likely to be memory has been trashed (elsewhere), and it's only now that you get to notice (the segfault).

If it really is a malloc buffer overrun problem, then I would suggest either "valgrind" or "electric fence" to diagnose where memory actually gets corrupted rather than where you find out.