You know... I love this game... mostly because I can mod it until I love this game

I typically play on a standard map, standard speed.
I have found that repeatedly I crash at some point typically entering the industrial age.
My latest crashed at turn 206. I do believe it has to do with the number of units on the map.

Sometimes I can just reload from the last autosave [which I have set to every turn because of crashes] and often continue. But eventually I get to the point where that does not work... then I may be able to back up a few autosaves [there are 10] and carry on past the point there I crashed... but sometimes that too does not work... at which point I usually abandon the game and start a new one.

But I would like to be able to finish a game. So I am going to start to investigate this a bit more. You see the last few times [while I did not record it accurately] it seemed to me that my crashes are occurring at the same place. As a software developer myself I can understand the joy and simplicity that is a reliable and reproducible error. So... here is a dump of the error:


Unhandled exception at 0x00582816 in CivilizationV.exe: 0xC0000005: Access violation reading location 0x00000024.

call stack:
CivilizationV.exe!00582816()
[Frames below may be incorrect and/or missing, no symbols loaded for CivilizationV.exe]
CivilizationV.exe!00710dcd()
CivilizationV.exe!0073286b()
CivilizationV.exe!0069dc3c()
CivilizationV.exe!0067d954()
CivilizationV.exe!004e9817()
CivilizationV.exe!00827dc9()
CivilizationV.exe!005dc795()
CivilizationV.exe!0056ad47()
CivilizationV.exe!00723caf()
user32.dll!7e41929b()
CivilizationV.exe!007c5a65()
CivilizationV.exe!004aae37()
CivilizationV.exe!0088f3ed()
kernel32.dll!7c817077()
CivilizationV.exe!0069006c()
CivilizationV.exe!0047002e()

// assembly code for last few instructions before entering the offending frame:
...
00710DC0 push ecx
00710DC1 mov ecx,edi
00710DC3 movss dword ptr [esp],xmm0
00710DC8 call 00582810
00710DCD mov ecx,edi

// the start of the frame with the error
00582810 push esi
00582811 mov esi,dword ptr [ecx+4Ch]
00582814 mov edx,dword ptr [esi]
00582816 mov eax,dword ptr [edx+24h] // this is where the error is... it means copy the 32 bit dword found at edx+24h to eax... but EDX is 00000000 because that is the value at ESI
00582819 sub eax,dword ptr [edx+20h]
0058281C mov esi,dword ptr [esi+30h]
0058281F add edx,1Ch
00582822 sar eax,6
00582825 test eax,eax
00582827 jbe 00582869
00582829 movss xmm1,dword ptr [esp+8]
0058282F lea edx,[esi+0Ah]
00582832 mov esi,eax
00582834 movzx eax,word ptr [edx+28h]
00582838 add eax,27h
0058283B lea eax,[eax+eax*2]
0058283E movss xmm0,dword ptr [ecx+eax*4]
00582843 comiss xmm1,xmm0
00582846 lea eax,[ecx+eax*4]
00582849 jb 00582861
0058284B movss xmm2,dword ptr [eax+4]
00582850 addss xmm2,xmm0
00582854 comiss xmm2,xmm1
00582857 jb 00582861
00582859 mov eax,2
0058285E mov word ptr [edx],ax
00582861 add edx,40h
00582864 sub esi,1
00582867 jne 00582834
00582869 pop esi
0058286A ret 4

EAX 00BE04E0
EDX 00000000
ESI 7C7B4EA0
ECX 4E088C24

trying to access some value at some fixed offset from a pointer to a memory space kinda screams null pointer to me.
In fact grabbing the value at edx+24h and then immediately subtracting the value at edx+20h says to me "get the length of this array"
I have not bothered to tease out what the rest of this assembly code is doing but it looks a lot like iterating over the elements in an array and return when done.

I would dearly love to see this error no more