[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Status: Ready For Test = Fixed Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #5, bug #21900 (project freeciv): I think I have found a solution to this problem. I have created a patch for Freeciv-web, which can be found here: https://github.com/freeciv/freeciv-web/blob/b9dd9655290207532ca50861e4bb78d2da9be1b2/freeciv/patches/action_prob_crash.patch The same patch can be applied to Freeciv SVN trunk, I think. If you see the code here: http://svn.gna.org/viewcvs/freeciv/trunk/server/unithand.c there is a comment about Check if the request is valid., but the function should return and not continue if the request is invalid. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #6, bug #21900 (project freeciv): I have created a patch for Freeciv-web Thank you. I should obviously have added that return statement when I wrote that code. A new pair of eyes was able to see that it wasn't there. Please remove the comment about it being temporary and upload the new version of your patch here. (No comment above it required) If you don't have commit access to Freeciv I'll commit it for you (after waiting the required 36 hours). ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #7, bug #21900 (project freeciv): patch attached! (file #20514) ___ Additional Item Attachment: File name: action_prob_crash.patchSize:0 KB ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Category: freeciv-web = general Status: In Progress = Ready For Test Release: = TRUNK Planned Release: = 2.6.0 ___ Follow-up Comment #8: patch attached! Thank you. The count down (36 hours) is starting now. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Status:None = In Progress Assigned to:None = sveinung ___ Follow-up Comment #3: Any help fixing this? I'll have a look during the weekend. (I'm assuming you meant that as in could someone fix this and not could someone help me fix this. If I'm wrong let me know and I'll give you hints in stead) ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #4, bug #21900 (project freeciv): Thanks! You understood what I meant correctly! ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #2, bug #21900 (project freeciv):
Here's a related stack trace from a segmentation fault crash, also in
action_prob() and handle_unit_get_actions() in actions.c
Program terminated with signal 11, Segmentation fault.
#0 0x08198459 in player_has_real_embassy (pplayer=pplayer@entry=0x0,
pplayer2=pplayer2@entry=0x9d134f8)
at player.c:189
No locals.
#1 0x0819849e in player_has_embassy (pplayer=0x0, pplayer2=0x9d134f8) at
player.c:178
No locals.
#2 0x08145591 in can_see_techs_of_target (pow_player=pow_player@entry=0x0,
target_player=target_player@entry=0x9d134f8) at metaknowledge.c:247
No locals.
#3 0x0812b268 in tech_can_be_stolen (target_player=0x9d134f8,
actor_player=0x0) at actions.c:447
No locals.
#4 action_prob (wanted_action=wanted_action@entry=ACTION_SPY_STEAL_TECH,
actor_player=0x0,
actor_tile=actor_tile@entry=0x0, actor_unit=actor_unit@entry=0x0,
target_player=target_player@entry=0x9d134f8,
target_city=target_city@entry=0xaf50ec0,
target_tile=target_tile@entry=0x9db5a80,
target_unit=target_unit@entry=0x0, target_specialist=0x0,
target_output=0x0, target_building=0x0, actor_specialist=0x0,
actor_output=0x0, actor_building=0x0,
actor_city=0x0) at actions.c:609
known = 2
chance = 254
#5 0x0812bb40 in action_prob_vs_city (actor_unit=actor_unit@entry=0x0,
action_id=action_id@entry=7,
target_city=target_city@entry=0xaf50ec0) at actions.c:660
No locals.
#6 0x080e0180 in handle_unit_get_actions (pc=pc@entry=0x82977a0
connections, actor_unit_id=663,
target_tile_id=11062) at unithand.c:239
act = 7
actor_player = optimized out
actor_unit = 0x0
target_tile = optimized out
probabilities = {255, 0, 0, 255, 255, 255, 255, 0, 0, 0}
target_unit = 0x0
target_city = 0xaf50ec0
#7 0x0809d879 in server_handle_packet
(type=type@entry=PACKET_UNIT_GET_ACTIONS,
packet=packet@entry=0xb043938, pplayer=pplayer@entry=0xa2e58d0,
pconn=pconn@entry=0x82977a0 connections) at hand_gen.c:250
No locals.
#8 0x08051608 in server_packet_input (pconn=pconn@entry=0x82977a0
connections, packet=0xb043938,
type=87) at srv_main.c:1702
pplayer = 0xa2e58d0
__FUNCTION__ = server_packet_input
#9 0x080d58c7 in incoming_client_packets (pconn=optimized out) at
sernet.c:450
command_ok = optimized out
packet = {data = 0xb043938, type = PACKET_UNIT_GET_ACTIONS}
#10 server_sniff_all_input () at sernet.c:842
pconn = 0x82977a0 connections
nb = optimized out
i = optimized out
s = optimized out
max_desc = optimized out
readfs = {fds_bits = {128, 0 repeats 31 times}}
writefs = {fds_bits = {0 repeats 32 times}}
exceptfs = {fds_bits = {0 repeats 32 times}}
tv = {tv_sec = 0, tv_usec = 98}
__FUNCTION__ = server_sniff_all_input
#11 0x08052e2d in srv_running () at srv_main.c:2401
save_counter = 1
i = optimized out
is_new_turn = true
skip_mapimg = false
eot_timer = optimized out
need_send_pending_events = false
#12 srv_main () at srv_main.c:2879
__FUNCTION__ = srv_main
#13 0x0804cb02 in main (argc=17, argv=0xbf974d94) at civserver.c:458
inx = 17
showhelp = optimized out
showvers = optimized out
option = optimized out
__FUNCTION__ = main
___
Reply to this item at:
http://gna.org/bugs/?21900
___
Message sent via/by Gna!
http://gna.org/
___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
URL:
http://gna.org/bugs/?21900
Summary: Segmentation fault in utype_has_flag in Freeciv-web
Project: Freeciv
Submitted by: andreasr
Submitted on: Wed 09 Apr 2014 04:31:13 PM UTC
Category: freeciv-web
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release:
Discussion Lock: Any
Operating System: GNU/Linux
Planned Release:
___
Details:
Hi!
I get some segmentation faults in utype_has_flag in unittype.c, for some
Freeciv-web games. This is from Freeciv revision 24737 running on the
production server http//play.freeciv.org/
Any help fixing this? I'm not sure if this is a Freeciv-web specific bug, or a
general problem in the Freeciv C server. I vaguely remember some segmentation
fault fixes in action_prob recently, perhaps this is related.
Backtrace generated from coredump:
Program terminated with signal 11, Segmentation fault.
#0 0x081ac007 in utype_has_flag (punittype=0x0, flag=23) at unittype.c:190
flag = 23
punittype = 0x0
#1 0x0812b228 in ap_diplomat_battle (pdefender=0x95ba150, pattacker=0x0)
at actions.c:481
chance = optimized out
#2 action_prob (wanted_action=wanted_action@entry=ACTION_SPY_SABOTAGE_UNIT,
actor_player=0x0, actor_tile=actor_tile@entry=0x0,
actor_unit=actor_unit@entry=0x0,
target_player=target_player@entry=0x9d49048,
target_city=target_city@entry=0x9a41208,
target_tile=target_tile@entry=0xb692e2d0,
target_unit=target_unit@entry=0x95ba150, target_specialist=0x0,
target_output=0x0, target_building=0x0, actor_specialist=0x0,
actor_output=0x0, actor_building=0x0, actor_city=0x0) at actions.c:580
known = 2
chance = 254
#3 0x0812bbf4 in action_prob_vs_unit (actor_unit=actor_unit@entry=0x0,
action_id=action_id@entry=1, target_unit=target_unit@entry=0x95ba150)
at actions.c:688
No locals.
#4 0x080e01ec in handle_unit_get_actions (
pc=pc@entry=0x82977a0 connections, actor_unit_id=4888,
target_tile_id=2298) at unithand.c:242
act = 1
actor_player = optimized out
actor_unit = 0x0
target_tile = optimized out
probabilities = {255, 0, 0, 0, 0, 0, 0, 0, 0, 0}
target_unit = 0x95ba150
target_city = 0x9a41208
#5 0x0809d879 in server_handle_packet (
type=type@entry=PACKET_UNIT_GET_ACTIONS, packet=packet@entry=0x8b134e0,
pplayer=pplayer@entry=0x9a56248, pconn=pconn@entry=0x82977a0
connections)
at hand_gen.c:250
No locals.
#6 0x08051608 in server_packet_input (
pconn=pconn@entry=0x82977a0 connections, packet=0x8b134e0, type=87)
at srv_main.c:1702
pplayer = 0x9a56248
__FUNCTION__ = server_packet_input
#7 0x080d58c7 in incoming_client_packets (pconn=optimized out)
at sernet.c:450
command_ok = optimized out
packet = {data = 0x8b134e0, type = PACKET_UNIT_GET_ACTIONS}
#8 server_sniff_all_input () at sernet.c:842
pconn = 0x82977a0 connections
nb = optimized out
i = optimized out
s = optimized out
max_desc = optimized out
readfs = {fds_bits = {128, 0 repeats 31 times}}
writefs = {fds_bits = {0 repeats 32 times}}
exceptfs = {fds_bits = {0 repeats 32 times}}
tv = {tv_sec = 0, tv_usec = 97}
__FUNCTION__ = server_sniff_all_input
#9 0x08052e2d in srv_running () at srv_main.c:2401
save_counter = 1
i = optimized out
is_new_turn = true
skip_mapimg = false
eot_timer = optimized out
need_send_pending_events = false
#10 srv_main () at srv_main.c:2879
__FUNCTION__ = srv_main
#11 0x0804cb02 in main (argc=17, argv=0xbf922c14) at civserver.c:458
inx = 17
showhelp = optimized out
showvers = optimized out
s = optimized out
max_desc = optimized out
readfs = {fds_bits = {128, 0 repeats 31 times}}
writefs = {fds_bits = {0 repeats 32 times}}
exceptfs = {fds_bits = {0 repeats 32 times}}
tv = {tv_sec = 0, tv_usec = 97}
__FUNCTION__ = server_sniff_all_input
#9 0x08052e2d in srv_running () at srv_main.c:2401
save_counter = 1
i = optimized out
is_new_turn = true
skip_mapimg = false
eot_timer = optimized out
need_send_pending_events = false
#10 srv_main () at srv_main.c:2879
__FUNCTION__ = srv_main
#11 0x0804cb02 in main (argc=17, argv=0xbf922c14) at civserver.c:458
inx = 17
showhelp = optimized out
showvers = optimized out
---Type return to continue, or q return to quit---
option = optimized out
__FUNCTION__ = main
This is what the function in unittype.c looks like:
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #1, bug #21900 (project freeciv): The crash happens in code introduced in this commit, I think: http://svn.gna.org/viewcvs/freeciv/trunk/common/actions.c?r1=24644r2=24655 Hopefully this will help with finding the cause of the segfault. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
