URL:
<http://gna.org/bugs/?21349>
Summary: Handicaps pointer rather than contents copied on
civil war => double free()
Project: Freeciv
Submitted by: jtn
Submitted on: Sat Dec 14 16:03:50 2013
Category: ai
Severity: 3 - Normal
Priority: 5 - Normal
Status: In Progress
Assigned to: jtn
Originator Email:
Open/Closed: Open
Release: trunk r23854
Discussion Lock: Any
Operating System: Any
Planned Release: 2.6.0
_______________________________________________________
Details:
In split_player(), we have
cplayer->ai_common.handicaps = pplayer->ai_common.handicaps;
handicaps is a void* allocated by handicaps_init() and freed by
handicaps_close(), so should be copied deeply rather than shallowly. (Caused
by patch #4197, I think.)
This manifested as an invalid free() on server shutdown. Presumably also a
tiny memory leak.
*** glibc detected *** ./server/freeciv-server: free(): invalid pointer:
0x0000000003f8e880 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f6971bbfb96]
./server/freeciv-server(handicaps_close+0x10)[0x45ce30]
./server/freeciv-server(server_remove_player+0x195)[0x49eee5]
./server/freeciv-server(server_game_free+0xbc)[0x43b95c]
./server/freeciv-server(server_quit+0x18)[0x43bb18]
./server/freeciv-server[0x44b0eb]
./server/freeciv-server(handle_chat_msg_req+0x45d)[0x4f12bd]
./server/freeciv-server(server_handle_packet+0x6d2)[0x4966d2]
./server/freeciv-server(server_packet_input+0xbb)[0x43946b]
./server/freeciv-server(server_sniff_all_input+0x8b2)[0x4d7632]
./server/freeciv-server(srv_main+0xaa5)[0x43c625]
./server/freeciv-server(main+0x78a)[0x43405a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f6971b6276d]
./server/freeciv-server[0x4346b1]
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?21349>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
