0005553The Dark ModGraphicspublic11.01.2023 00:17
Reporter: sneaker  
Status: resolved Resolution: fixed 
Product Version: SVN 
Target Version: TDM 2.11 Fixed in Version: TDM 2.11 
0005553: looking in keyhole crash
DescriptionOn linux (fedora 32), in fm Now & Then, looking into a keyhole causes a seg fault. I'll attach a backtrace...
Steps To Reproducelean in and look into a keyhole
related to 0005295: Func_Peek crash for 2.07 & 2.08 in 32-bit TDM 
related to 0004882: When a remote listener is active, allow the player to still hear the sounds around him 




I can also confirm this on 64-bit Linux Mint (encountered while playing Written In Stone).
This crash still happens with 2.11 beta 1.
I tried to debug this today.

When I try to printf the values of v->x, v->y, v->z in the function EnterFunctionVarArgVN():game/script/Script_Interpreter.cpp:2017, it crashes.

Really odd. It's like the `va_list args` argument passed into the function is corrupt.

Any ideas?
@nbohr1more: Can this at least be looked at with a potential fix included in 2.11? It's always reproducible and quite easy to accidentally trigger the crash.

I wish my C++ debugging skills were better, so I could potentially fix this. I code in other languages all day and don't have a good workflow yet for C++ debugging.

I'm hoping it's something simple to fix for someone who deals with C++ mostly. If this issue turns out to be obtuse, then bumping it to 2.12 makes sense.


Not sure but I wonder if adding va_start to the switch cases might prevent the bad data?


I'm trying to understand what is "look into keyhole".

Only recently I learned that if I lean onto a door sideways, then I can hear what happens inside.
But looking into keyhole?
Can someone explain exactly how to do this?
Which FM, which door, which keys on default bindings?
In "Written in Stone", there's a door with a keyhole at 1274.99 -2536.16 421.25.
Lean forward into the keyhole to peek.
I've attached a screenshot with the keyhole circled.

The mod linked below might use the same peek functionality except for every door. Not sure. It has some screenshots, though.


I cannot even start this mission on Linux build.
It crashes during loading.
Moreover, if I run it under gdb, I get the following:
  Program terminated with signal SIGKILL, Killed.

So the question for Linux lovers: how can I break at the moment when the action that result in SIGKILL happens?


I use gdb on rare occasions and often forget how it works myself. I know you first give it the file, use the "run" command, then once the crash happens using "bt" should produce a backtrace and show exactly where it occurred. Hope I didn't misremember that and if not hope it helps.


From the documentation I see, SIGKILL cannot be caught by gdb.
The only way to evaluate SIGKILL is to examine the kernel logs.

Here is my gdb replication result:

Thread 1 "thedarkmod.x64" received signal SIGSEGV, Segmentation fault.
0x0000000000b7656a in ?? ()
(gdb) bt
#0 0x0000000000b7656a in ?? ()
0000001 0x0000000000b8aa3c in ?? ()
0000002 0x0000000000b36f78 in ?? ()
0000003 0x0000000000b3a889 in ?? ()
0000004 0x0000000000b3af9b in ?? ()
0000005 0x0000000000b407e7 in ?? ()
0000006 0x0000000000b40f0a in ?? ()
0000007 0x00000000005911bd in ?? ()
#8 0x0000000000679ee1 in ?? ()
0000009 0x000000000068fdee in ?? ()
0000010 0x00000000005ea4ef in ?? ()
0000011 0x000000000050ed61 in ?? ()
0000012 0x000000000050ea0f in ?? ()
0000013 0x000000000080c273 in ?? ()
0000014 0x0000000000508142 in ?? ()
0000015 0x00000000004b3e1e in ?? ()
0000016 0x0000000000476a2d in ?? ()
0000017 0x00007ffff6f0ac87 in __libc_start_main (main=0x4769e0, argc=1,
    argv=0x7fffffffe018, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffe008)
    at ../csu/libc-start.c:310
0000018 0x000000000047ad99 in ?? ()

I need to build a debug build I think...
Thank you all for looking into this. =)
Sounds like we all need to find a good C++ debugging setup on Linux.

After reading AluminiumHaste's posts on the forum,
it seems that the keyhole peek feature needs some more work in general.

For 2.11 release, maybe a simple, temporary fix for Linux would be to ignore func_peek.
That would avoid the crash until the root cause is found,
and it would at least provide a better experience for the player in the meantime.

I've attached a patch that disables peek on Linux.
(Maybe there's a better way to disable it. This is working for me, though.)
@nbohr1more: Please let me know if you get a debug build working on Linux.

I wasn't able to get a debug build working at all and didn't spend time troubleshooting why.


I have attached a backtrace made with gdb run against a compile of the latest SVN release ( debug build )
I don't why I thought thedarkmod.x64.debug would be the debug build, but I did when I was originally debugging this in December. I must have been tired.
I use my own script to automatically build TDM, so I didn't catch `DCMAKE_BUILD_TYPE=Release` back in December.
Today, I got a debug build just fine after compiling it using `DCMAKE_BUILD_TYPE=Debug`.
I must be less tired today.
And, I learned that thedarkmod.x64.debug has all of the debug symbols and info, which is quite important.

With the release build, I got an almost identical backtrace as nbohr1more and sneaker when I was debugging this in December.

Today, with the debug build, I got different results.
First, the keyhole peek feature actually worked some of the time! Odd!
It works once or twice before crashing.
(Attached some screenshots.)

Second, I got a different backtrace.
(See attachment.)
Try to replace line 5274 of Physics_Player.cpp with the following:
  pThread->CallFunctionArgs(func, true, "eev", peekEntity, door, &normal);
Notice the ampersand before normal.

If it helps, commit this, I guess...

I'm in debugging combat crash, and cannot rebuild TDM right now =(


Thank you!

Will do. :)


Rev 10240

The crash is fixed.

The keyhole in the mission doesn't properly reveal the contents of the room but can be tracked in another bug tracker.
Seems to be working well!
Thank you!

Yeah, the keyhole peek feature itself needs a bit more work.

