Update of bug #19800 (project freeciv):

                 Summary: Server crash after reading "multiplayer.serv" or
"civ.serv" => Server crash after reading "multiplayer.serv" or "civ2.serv"


Follow-up Comment #4:

The calls to ai_data_init() and ai_data_close() look balanced.

However, the second significant valgrind error ("Invalid write of size 4") is
relevant, I think.

When ai_data_init() is called for a player, it allocates ai->government_want
according to the government_count() in force at the time.

It looks like ai_data_init() is only called when a player is first created.
I'm guessing the problem is that if a player exists over a ruleset reload,
that player's government_want remains sized for the old ruleset.

It looks like ai_data_default() is called to reinitialise the player on
ruleset reload, but that doesn't reallocate ai->government_want. However it
does memset it, based on the *new* government_count().

Since the civ2 and multiplayer rulesets have an extra government compared to
the classic ruleset (Fundamentalism), that memset will overrun.

Is the fix simply to reallocate government_want in ai_data_default() rather
than ai_data_init()?
I'll leave this for someone else...

(The other valgrind error looks unrelated -- although player data applicable
to long-gone rulesets is also implicated -- so I've raised it as bug #19814.)


Reply to this item at:


  Message sent via/by Gna!

Freeciv-dev mailing list

Reply via email to