<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40020 >

I just ran it under S2_1 as:

$ ./ser -f ~/-0200x.sav -p 5557
...
> set timeout 1
> start
...
> civserver: player.c:246: player_index: Assertion `pplayer' failed.
Aborted (core dumped)


Then the same under valgrind:
==5035== Invalid read of size 4
==5035==    at 0x808A7B4: maybe_make_contact (plrhand.c:1206)
==5035==    by 0x806D1E9: move_unit (unittools.c:2853)
==5035==    by 0x80B11C4: handle_unit_move_request (unithand.c:1201)
==5035==    by 0x813D2E8: ai_unit_move (aitools.c:1022)
==5035==    by 0x813B69C: ai_unit_execute_path (aitools.c:194)
==5035==    by 0x813BDFF: ai_follow_path (aitools.c:385)
==5035==    by 0x813C10B: ai_unit_goto_constrained (aitools.c:459)
==5035==    by 0x813C9B3: ai_unit_goto (aitools.c:790)
==5035==    by 0x813BBA9: ai_gothere (aitools.c:317)
==5035==    by 0x8141B85: ai_military_attack (aiunit.c:1755)
==5035==    by 0x81423AF: ai_manage_military (aiunit.c:2078)
==5035==    by 0x8142B09: ai_manage_unit (aiunit.c:2245)
==5035==    by 0x8142F7F: ai_manage_units (aiunit.c:2351)
==5035==    by 0x81343BE: ai_do_first_activities (aihand.c:426)
==5035==    by 0x8054D25: ai_start_phase (srv_main.c:594)
==5035==    by 0x8055124: begin_phase (srv_main.c:726)
==5035==    by 0x80571D9: srv_running (srv_main.c:1816)
==5035==    by 0x8057B87: srv_main (srv_main.c:2194)
==5035==    by 0x804B195: main (civserver.c:258)
==5035==  Address 0x4dd2e30 is 8 bytes inside a block of size 12 free'd
==5035==    at 0x402365C: free (vg_replace_malloc.c:323)
==5035==    by 0x8050488: genlist_unlink (genlist.c:141)
==5035==    by 0x80C7B3F: unit_list_unlink (speclist.h:105)
==5035==    by 0x80C7AD0: game_remove_unit (game.c:148)
==5035==    by 0x8068E13: server_remove_unit (unittools.c:1374)
==5035==    by 0x8069072: wipe_unit (unittools.c:1436)
==5035==    by 0x8068014: bounce_unit (unittools.c:1044)
==5035==    by 0x8068393: resolve_stack_conflicts (unittools.c:1086)
==5035==    by 0x8068403: resolve_unit_stacks (unittools.c:1110)
==5035==    by 0x8088937: update_players_after_alliance_breakup
(plrhand.c:457)
==5035==    by 0x8088BB2: handle_diplomacy_cancel_pact (plrhand.c:546)
==5035==    by 0x808A5C9: make_contact (plrhand.c:1180)
==5035==    by 0x808A7F3: maybe_make_contact (plrhand.c:1207)
==5035==    by 0x806D1E9: move_unit (unittools.c:2853)
==5035==    by 0x80B11C4: handle_unit_move_request (unithand.c:1201)
==5035==    by 0x813D2E8: ai_unit_move (aitools.c:1022)
==5035==    by 0x813B69C: ai_unit_execute_path (aitools.c:194)
==5035==    by 0x813BDFF: ai_follow_path (aitools.c:385)
==5035==    by 0x813C10B: ai_unit_goto_constrained (aitools.c:459)
==5035==    by 0x813C9B3: ai_unit_goto (aitools.c:790)
==5035==    by 0x813BBA9: ai_gothere (aitools.c:317)
==5035==    by 0x8141B85: ai_military_attack (aiunit.c:1755)
==5035==    by 0x81423AF: ai_manage_military (aiunit.c:2078)
==5035==    by 0x8142B09: ai_manage_unit (aiunit.c:2245)
==5035==    by 0x8142F7F: ai_manage_units (aiunit.c:2351)
==5035==    by 0x81343BE: ai_do_first_activities (aihand.c:426)
==5035==    by 0x8054D25: ai_start_phase (srv_main.c:594)
==5035==    by 0x8055124: begin_phase (srv_main.c:726)
==5035==    by 0x80571D9: srv_running (srv_main.c:1816)
==5035==    by 0x8057B87: srv_main (srv_main.c:2194)
==5035==    by 0x804B195: main (civserver.c:258)

make_contact kills the unit because of the broken treaty and bouncing
(strange in itself but whatever).  Then since maybe_make_contact doesn't
use a proper iterator it breaks the loop.  Attached patch should fix it
for 2.1 and most likely 2.2/trunk.

-jason

Index: server/plrhand.c
===================================================================
--- server/plrhand.c	(revision 14329)
+++ server/plrhand.c	(working copy)
@@ -1203,9 +1203,9 @@
     if (pcity) {
       make_contact(pplayer, city_owner(pcity), ptile);
     }
-    unit_list_iterate(tile1->units, punit) {
+    unit_list_iterate_safe(tile1->units, punit) {
       make_contact(pplayer, unit_owner(punit), ptile);
-    } unit_list_iterate_end;
+    } unit_list_iterate_safe_end;
   } square_iterate_end;
 }
 
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to