<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40080 >
There are at least 148 *city->id references in 44 files (and untold others
with other pointer names).
I've found a serious overflow bug already. The ids are unsigned short, the
range is 65536 numbers, but ai/aidata.c allocates all players arrays with:
/* max size of a short */
#define MAX_NUM_ID 32767
BV_DEFINE(bv_id, MAX_NUM_ID);
BV_SET(ai->stats.diplomat_reservations, pcity->id);
(Boom!)
And the constant is wrong anyway, somebody forgot zero!
This is fairly old code? Does anybody understand it? Do we need AI stats?
_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev
