Follow-up Comment #2, bug #15426 (project freeciv):

This bug can potentially cause the server to crash.  For example, consider
server/unittools.c : 744

if (what_pillaged == S_LAST && punit->activity_base != -1) {
  unit_pillage_base(ptile, base_by_number(punit->activity_base));
} else {
  tile_clear_special(ptile, what_pillaged);
}

Note that the field activity_base has type Base_type_id.  If it ends up with
the value 255 instead of -1 because of the bug, the if-clause will execute,
calling unit_pillage_base with NULL as the base.  The unit_pillage_base
function dereferences the NULL pointer.  Game over.

Is there any objection to the proposed fix?  It seems clear that if a type
uses signed values, it should be a signed type.


    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?15426>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to