Summary: "/set rare X", "/set situational X" etc crash
Submitted by: jtn
Submitted on: Tue Feb 8 01:27:59 2011
Severity: 3 - Normal
Priority: 5 - Normal
Assigned to: None
Discussion Lock: Any
Operating System: None
Noticed while reading code:
server/stdinhand.c:set_command() calls lookup_option().
lookup_option() checks the names of option groups before checking individual
option names, and if it finds a match, returns the magic number -3.
Unfortunately, the caller (set_command()) doesn't check for -3 (only -1 and
-2). On S2_2 this causes an assertion failure in setting_by_number(). On
S2_3/trunk, the assertion has been removed, so the server segfaults a bit
later on. (I think S2_1 also does the wrong thing.)
Additionally, on S2_3/trunk only, lookup_option() checks for the specific
string 'rulesetdir', and returns -4 (again unhandled) if it finds it, so "/set
rulesetdir X" kills the server too.
I think these special behaviours in lookup_option() are primarily for the use
of '/show', and their bad effects on '/set' are a side effect.
These crashes can be provoked by anyone with 'basic' or higher access to the
Reply to this item at:
Message sent via/by Gna!
Freeciv-dev mailing list