World Crash - player login

[John Adams]

The stack is useless (again), and I am asking my devs at work how I can get better info out of these crashes. Trying to learn WinDbg right now, so EQ2TC will be offline for a bit.

Meanwhile, the output window in VS2010 shows this:

HEAP[EQ2World.exe]: Heap block at 1B20C730 modified at 1B20CA66 past requested size of 32e
Windows has triggered a breakpoint in EQ2World.exe.

Which coincides with where the stack shows the break:

ntdll.dll!7c81a229()
[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]
ntdll.dll!7c87b559()
ntdll.dll!7c86a9bb()
ntdll.dll!7c85a344()
ntdll.dll!7c83e448()
> EQ2World.exe!malloc(unsigned int size) Line 89 + 0x3b bytes C
EQ2World.exe!operator new(unsigned int size) Line 59 + 0x8 bytes C++
EQ2World.exe!malloc(unsigned int size) Line 89 + 0x3b bytes C
ffffffff()

Code (malloc.c)

Code: Select all

            //  allocate memory block
            res = _heap_alloc(size);

where size = 291241300

I have no idea where this came from. The thread stack looks like this:

Code: Select all

Unflagged	>	3012	0	Worker Thread	_threadstart	malloc	Normal
Unflagged		2904	0	Main Thread	Main Thread	main	Normal
Unflagged		332	0	Worker Thread	_threadstart	LogLoop	Normal
Unflagged		3444	0	Worker Thread	_threadstart	TCPConnectionLoop	Above Normal
Unflagged		3944	0	Worker Thread	_threadstart	ServerLoop	Normal
Unflagged		900	0	Worker Thread	_threadstart	__set_flsgetvalue	Normal
Unflagged		3152	0	Worker Thread	_threadstart	Mutex::lock	Normal
Unflagged		2104	0	Worker Thread	_threadstart	EQStreamFactory::CombinePacketLoop	Normal
Unflagged		3232	0	Worker Thread	_threadstart	_read_nolock	Normal
Unflagged		2952	0	Worker Thread	_threadstart	ZoneLoop	Normal
Unflagged	>	3012	0	Worker Thread	_threadstart	malloc	Normal           <== broke here
Unflagged		3164	0	Worker Thread	_threadstart	ZoneServer::CheckSendSpawnToClient	Above Normal

My devs here say that someone is passing in an uninitialized int or something, but I have no idea who (function)

[John Adams]

Interestingly enough, I loaded the Microsoft Symbols and my stack got a lot clearer...

ntdll.dll!_DbgBreakPoint@0()
ntdll.dll!_RtlpBreakPointHeap@4() + 0x28 bytes
ntdll.dll!_RtlpCheckBusyBlockTail@4() + 0x76 bytes
ntdll.dll!_RtlpValidateHeapEntry@12() + 0x535c3 bytes
ntdll.dll!_RtlDebugFreeHeap@12() + 0x97 bytes
ntdll.dll!_RtlFreeHeapSlowly@12() + 0x17228 bytes
ntdll.dll!_RtlFreeHeap@12() + 0x147c1 bytes
EQ2World.exe!free(void * pBlock) Line 51 C
EQ2World.exe!Spawn::spawn_info_changes(Spawn * spawn, unsigned short version) Line 341 + 0xa bytes C++
> EQ2World.exe!Spawn::spawn_update_packet(Spawn * player, unsigned short version, bool override_changes, bool override_vis_changes) Line 535 + 0x15 bytes C++
EQ2World.exe!ZoneServer::SendSpawnChanges(Spawn * spawn, Client * client, bool override_changes, bool override_vis_changes) Line 1311 C++
EQ2World.exe!ZoneServer::SendSpawnChanges(Spawn * spawn) Line 1321 C++
EQ2World.exe!ZoneServer::SendSpawnChanges() Line 1425 C++
EQ2World.exe!ZoneServer::SpawnProcess() Line 977 C++
EQ2World.exe!SpawnLoop(void * tmp) Line 5076 + 0xa bytes C++
EQ2World.exe!_callthreadstart() Line 259 + 0x6 bytes C
EQ2World.exe!_threadstart(void * ptd) Line 241 + 0x5 bytes C
kernel32.dll!_BaseThreadStart@8() + 0x34 bytes

Looks like 'spawn_info_changes' might be where this one died.

[Scatman]

That error happens when you modify heap memory outside of what the OS gave you. I'll demonstrate shortly.