URL:
  <http://gna.org/bugs/?16495>

                 Summary: Possible crash in server_remove_player()
                 Project: Freeciv
            Submitted by: pepeto
            Submitted on: vendredi 20.08.2010 à 09:00
                Category: general
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: Ready For Test
             Assigned to: pepeto
        Originator Email: 
             Open/Closed: Open
                 Release: trunk, S2_2
         Discussion Lock: Any
        Operating System: None
         Planned Release: 2.2.3, 2.3.0

    _______________________________________________________

Details:

Using

conn_list_iterate(pplayer->connections, pconn) {
  connection_detach(pconn);
} conn_list_iterate_end;

is dangerous, because if there are connections following the connection which
is actually playing in the list, the connection will be empty after the end of
the iteration, causing the loop using freed datas. I didn't make the server
crashing, but this function is used in lot of places in stdinhand.c, so it
probably can cause a crash somewhere.

Fix attached.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: vendredi 20.08.2010 à 09:00  Name: trunk_server_remove_player.diff 
Size: 765 o   By: pepeto

<http://gna.org/bugs/download.php?file_id=9930>
-------------------------------------------------------
Date: vendredi 20.08.2010 à 09:00  Name: S2_2_server_remove_player.diff 
Size: 742 o   By: pepeto

<http://gna.org/bugs/download.php?file_id=9931>

    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?16495>

_______________________________________________
  Message posté via/par Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to