Follow-up Comment #2, bug #15426 (project freeciv):

This bug can potentially cause the server to crash.  For example, consider
server/unittools.c : 744

if (what_pillaged == S_LAST && punit->activity_base != -1) {
  unit_pillage_base(ptile, base_by_number(punit->activity_base));
} else {
  tile_clear_special(ptile, what_pillaged);

Note that the field activity_base has type Base_type_id.  If it ends up with
the value 255 instead of -1 because of the bug, the if-clause will execute,
calling unit_pillage_base with NULL as the base.  The unit_pillage_base
function dereferences the NULL pointer.  Game over.

Is there any objection to the proposed fix?  It seems clear that if a type
uses signed values, it should be a signed type.


Reply to this item at:


  Message sent via/by Gna!

Freeciv-dev mailing list

Reply via email to