<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40075 >
William Allen Simpson wrote:
> ==12774== Address 0x5391ca0 is 0 bytes inside a block of size 76 free'd
> ==12774== at 0x402365C: free (vg_replace_malloc.c:323)
> ==12774== by 0x80E6669: reality_check_city (citytools.c:1792)
>
> playtile->site = NULL;
> free(pdcity);
>
This goes back to the very reason that the border code was re-written!
(PR#39830) border expansion acquires destroyed city
In PR#39830, I'd tweaked the test without changing the logic (because the
problem was elsewhere):
- if (!pcity || (pcity && pcity->id != pdcity->id)) {
+ if (!pcity || pcity->id != pdcity->identity) {
Note that the second pcity was logically redundant.
But I missed another problem with the test, a problem that goes back years!
It may explain many bug reports! And the corrupted savegames!
dlsend_packet_city_remove(pplayer->connections, pdcity->identity);
playtile->site = NULL;
free(pdcity);
For the first clause (!pcity), sending city_remove should be OK.
But the second clause (pcity->id != pdcity->identity) is absolutely wrong.
There's still a city there, we shouldn't be freeing the dummy city, nor
telling the client to remove its city. Have to look further, but it seems
that we need to *update* the city, instead.
Now I have to look at all 10 calls to reality_check_city()....
Also, determine how the city id might change. Building another city in the
same place?
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
