Summary: "/set rare X", "/set situational X" etc crash
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Tue Feb  8 01:27:59 2011
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
                 Release: 2.2.4,2.3.0-beta3
         Discussion Lock: Any
        Operating System: None
         Planned Release: 



Noticed while reading code:

server/stdinhand.c:set_command() calls lookup_option().

lookup_option() checks the names of option groups before checking individual
option names, and if it finds a match, returns the magic number -3.

Unfortunately, the caller (set_command()) doesn't check for -3 (only -1 and
-2). On S2_2 this causes an assertion failure in setting_by_number(). On
S2_3/trunk, the assertion has been removed, so the server segfaults a bit
later on. (I think S2_1 also does the wrong thing.)

Additionally, on S2_3/trunk only, lookup_option() checks for the specific
string 'rulesetdir', and returns -4 (again unhandled) if it finds it, so "/set
rulesetdir X" kills the server too.

I think these special behaviours in lookup_option() are primarily for the use
of '/show', and their bad effects on '/set' are a side effect.

These crashes can be provoked by anyone with 'basic' or higher access to the


Reply to this item at:


  Message sent via/by Gna!

Freeciv-dev mailing list

Reply via email to