Follow-up Comment #1, bug #14415 (project freeciv):

Valgrind trace:
==22729== Invalid write of size 1
==22729==    at 0x4C280AF: strcpy (mc_replace_strmem.c:268)
==22729==    by 0x4691E2: load_rulesets (ruleset.c:914)
==22729==    by 0x47ACAF: game_load_internal (savegame.c:4454)
==22729==    by 0x47F276: game_load (savegame.c:4040)
==22729==    by 0x4180DC: load_command (stdinhand.c:3562)
==22729==    by 0x40EDDC: srv_main (srv_main.c:2141)
==22729==    by 0x404280: main (civserver.c:290)
==22729==  Address 0x6f3095f is 0 bytes after a block of size 7 alloc'd
==22729==    at 0x4C278AE: malloc (vg_replace_malloc.c:207)
==22729==    by 0x507681: fc_real_malloc (mem.c:82)
==22729==    by 0x5043F5: set_user_unit_flag_name (unittype.c:608)
==22729==    by 0x4691E2: load_rulesets (ruleset.c:914)
==22729==    by 0x47ACAF: game_load_internal (savegame.c:4454)
==22729==    by 0x47F276: game_load (savegame.c:4040)
==22729==    by 0x4180DC: load_command (stdinhand.c:3562)
==22729==    by 0x40EDDC: srv_main (srv_main.c:2141)
==22729==    by 0x404280: main (civserver.c:290)

Patch:
Index: common/unittype.c
===================================================================
--- common/unittype.c   (révision 16016)
+++ common/unittype.c   (copie de travail)
@@ -599,14 +599,13 @@
 
   assert(id >= F_USER_FLAG_1 && id < F_LAST);
 
-  if (user_flag_names[ufid] != 0) {
+  if (user_flag_names[ufid] != NULL) {
     free(user_flag_names[ufid]);
     user_flag_names[ufid] = NULL;
   }
 
-  if (name) {
-    user_flag_names[ufid] = fc_malloc(strlen(name));
-    strcpy(user_flag_names[ufid], name);
+  if (name && name[0] != '\0') {
+    user_flag_names[ufid] = mystrdup(name);
   }
 }

==22729== Invalid write of size 8
==22729==    at 0x47B43A: game_load_internal (savegame.c:4476)
==22729==    by 0x47F276: game_load (savegame.c:4040)
==22729==    by 0x4180DC: load_command (stdinhand.c:3562)
==22729==    by 0x40EDDC: srv_main (srv_main.c:2141)
==22729==    by 0x404280: main (civserver.c:290)
==22729==  Address 0x72c4a08 is 0 bytes after a block of size 32 alloc'd
==22729==    at 0x4C278AE: malloc (vg_replace_malloc.c:207)
==22729==    by 0x507681: fc_real_malloc (mem.c:82)
==22729==    by 0x507796: fc_real_calloc (mem.c:127)
==22729==    by 0x47B3B9: game_load_internal (savegame.c:4470)
==22729==    by 0x47F276: game_load (savegame.c:4040)
==22729==    by 0x4180DC: load_command (stdinhand.c:3562)
==22729==    by 0x40EDDC: srv_main (srv_main.c:2141)
==22729==    by 0x404280: main (civserver.c:290)

Patch:
Index: server/savegame.c
===================================================================
--- server/savegame.c   (révision 16016)
+++ server/savegame.c   (copie de travail)
@@ -4472,7 +4472,7 @@
       base_order[j] = find_base_type_by_rule_name(modname[j]);
     }
     free(modname);
-    for (; j < game.control.num_base_types + (4 -
(game.control.num_base_types % 4)); j++) {
+    for (; j < game.control.num_base_types; j++) {
       base_order[j] = NULL;
     }
   }

Going to commit those patches this evening if nobody complains.


(file #6852, file #6853)
    _______________________________________________________

Additional Item Attachment:

File name: trunk_S2_2_set_user_unit_flag_name.diff Size:0 KB
File name: trunk_S2_2_load_bases.diff     Size:0 KB


    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?14415>

_______________________________________________
  Message posté via/par Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to