URL:
<http://gna.org/bugs/?20627>
Summary: RECEIVE_PACKET_END returns pointer to local memory
Project: Freeciv
Submitted by: cazfi
Submitted on: Sat 16 Mar 2013 11:27:47 PM EET
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release:
Discussion Lock: Any
Operating System: None
Planned Release:
_______________________________________________________
Details:
Something noticed while updating freeciv-web:
RECEIVE_PACKET_START does:
struct packet_type packet_buf, *result = &packet_buf;
So "result" is pointer to local variable (structure) packet_buf.
RECEIVE_PACKET_END:
*result = packet_buf;
return result;
First line seems redundant. "result" already points to packet_buf so it's
copying it's own contents.
Latter line seems like critical bug: it returns pointer to local packet_buf,
which expires at the same time - memory pointed becomes subject to be reused
and overwritten with something else.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?20627>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
