Fishing Crash Information

**Lerpolo** · 09-09-2014 12:16 PM

Hello, before I begin to go into detail about this post, I want to state that:

I AM NOT the owner of this account.
I was told by an SE support representitive to borrow a friends account to make this post.
The information I post here is strictly to help get this bug fixed.
I understand this has been reported before, but this is a full detail post explaining the cause and a fix.

Platform: Windows [But this bug happens on all platforms.]
ISP: Local reseller, not a major ISP.
Type of Internet Connection: Radio / DSL
Date & Time: N/A (This is a pre-existing bug and has been confirmed already.)
Frequency: Very Often (Again, pre-existing bug that is confirmed and known.)
Character Name: N/A [This bug occurs on all characters.]
Race: N/A [This bug occurs on all races.]
World: N/A [This bug occurs on all worlds.]
Main Job: N/A [This bug occurs on all jobs.]
Support Job: N/A [This bug occurs on all jobs.]
Area and Coordinates: N/A [This bug occurs anywhere fishing is available.]
Party or Solo: N/A [This bug occurs regardless if you are in a party or not.]
NPC Name: N/A [No NPC is involved in this bug.]
Monster Name: N/A [No monster is involved in this bug.]

Steps:

Equip a rod and bait to fish.
Begin fishing in a valid fishing location.
Attempt to fight whatever catches the line.

At this point the crash may / may not happen.

Information Regarding This Crash
Another thread currently details this crash at:
http://forum.square-enix.com/ffxi/threads/43901-Game-crash-while-fishing?highlight=fishing

When the crash occurs, you can open FFXiMain.dll in a debugger and stop at the cause of the crash. For example, a recent occurrence for me was crashed here:

Code:

.text:10081CC0 sub_10081CC0    proc near               ; CODE XREF: sub_10081630+9Bp
.text:10081CC0                 mov     eax, dword_1041BCAC
.text:10081CC5                 test    eax, eax
.text:10081CC7                 jz      short loc_10081CFF
.text:10081CC9                 push    esi
.text:10081CCA                 call    _rand
.text:10081CCF                 cdq
.text:10081CD0                 mov     ecx, 33h
.text:10081CD5                 idiv    ecx
.text:10081CD7                 mov     esi, edx
.text:10081CD9                 call    _rand
.text:10081CDE                 cdq
.text:10081CDF                 mov     ecx, 33h
.text:10081CE4                 idiv    ecx
.text:10081CE6                 mov     ecx, dword_1041BCAC
.text:10081CEC                 mov     eax, [ecx]
.text:10081CEE                 add     esi, edx
.text:10081CF0                 xor     edx, edx
.text:10081CF2                 div     esi
.text:10081CF4                 pop     esi
.text:10081CF5                 neg     eax
.text:10081CF7                 sbb     eax, eax
.text:10081CF9                 neg     eax
.text:10081CFB                 mov     [ecx+4], eax
.text:10081CFE                 retn
.text:10081CFF ; ---------------------------------------------------------------------------
.text:10081CFF
.text:10081CFF loc_10081CFF:                           ; CODE XREF: sub_10081CC0+7j
.text:10081CFF                 mov     large dword ptr ds:4, 0
.text:10081D09                 retn
.text:10081D09 sub_10081CC0    endp

The issue at hand is the fact that this function has the possibility to divide by zero. If we translate this code to a semi-readable format, we will have:

Code:

    v1 = rand() % 51;
    result = *(_DWORD *)dword_1042D1CC / (unsigned int)(rand() % 51 + v1) != 0;
    *(_DWORD *)(dword_1042D1CC + 4) = result;

For those that understand coding, v1 has the potential to be 0.
rand() % 51 means that we want a random number between (and including) 0 and 51.

The next line shows that we can potentially cause a divide by zero error here:

Code:

result = *(_DWORD *)dword_1042D1CC / (unsigned int)(rand() % 51 + v1) != 0;

If both the v1 variable and the new rand()%51 call are both 0, we land up attempting to divide the value of 0x1042D1CC by zero resulting in a crash.

If we trace what calls this function we land up in another function that has, yet another, divide by zero possibility. We have the chunk of code here:

Code:

        *(_DWORD *)(v25 + 8) = (signed __int64)((double)*(signed int *)(v25 + 8) + v26);
        *(_WORD *)(dword_105C3B88 + 58) = (signed __int64)((double)*(signed int *)(dword_1042D1D0 + 8)
                                                         * 100.0
                                                         / (double)*(signed int *)dword_1042D1D0);
        result = *(_DWORD *)(dword_1042D1D0 + 4);

If the value of 0x1042D1D0 is 0, then we are yet again dividing by zero.

From other reports and crash dumps I have seen from others, there are other fishing crashes, however this one seems to be the one that happens the most and has been reported the most.

Again, this is just information to try and help you resolve this issue and get it fixed.

And again, I am not the owner of this account, I was told by an SE representative to use a friends account to make this post because I do not have an active subscription at this time.

The representatives name was: "Agent Daniel A"

~ atom0s

Thread: Fishing Crash Information

Thread Tools

Search Thread

Display

Fishing Crash Information