[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Status: Ready For Test = Fixed Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #5, bug #21900 (project freeciv): I think I have found a solution to this problem. I have created a patch for Freeciv-web, which can be found here: https://github.com/freeciv/freeciv-web/blob/b9dd9655290207532ca50861e4bb78d2da9be1b2/freeciv/patches/action_prob_crash.patch The same patch can be applied to Freeciv SVN trunk, I think. If you see the code here: http://svn.gna.org/viewcvs/freeciv/trunk/server/unithand.c there is a comment about Check if the request is valid., but the function should return and not continue if the request is invalid. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #6, bug #21900 (project freeciv): I have created a patch for Freeciv-web Thank you. I should obviously have added that return statement when I wrote that code. A new pair of eyes was able to see that it wasn't there. Please remove the comment about it being temporary and upload the new version of your patch here. (No comment above it required) If you don't have commit access to Freeciv I'll commit it for you (after waiting the required 36 hours). ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #7, bug #21900 (project freeciv): patch attached! (file #20514) ___ Additional Item Attachment: File name: action_prob_crash.patchSize:0 KB ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Category: freeciv-web = general Status: In Progress = Ready For Test Release: = TRUNK Planned Release: = 2.6.0 ___ Follow-up Comment #8: patch attached! Thank you. The count down (36 hours) is starting now. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Update of bug #21900 (project freeciv): Status:None = In Progress Assigned to:None = sveinung ___ Follow-up Comment #3: Any help fixing this? I'll have a look during the weekend. (I'm assuming you meant that as in could someone fix this and not could someone help me fix this. If I'm wrong let me know and I'll give you hints in stead) ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #4, bug #21900 (project freeciv): Thanks! You understood what I meant correctly! ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #2, bug #21900 (project freeciv): Here's a related stack trace from a segmentation fault crash, also in action_prob() and handle_unit_get_actions() in actions.c Program terminated with signal 11, Segmentation fault. #0 0x08198459 in player_has_real_embassy (pplayer=pplayer@entry=0x0, pplayer2=pplayer2@entry=0x9d134f8) at player.c:189 No locals. #1 0x0819849e in player_has_embassy (pplayer=0x0, pplayer2=0x9d134f8) at player.c:178 No locals. #2 0x08145591 in can_see_techs_of_target (pow_player=pow_player@entry=0x0, target_player=target_player@entry=0x9d134f8) at metaknowledge.c:247 No locals. #3 0x0812b268 in tech_can_be_stolen (target_player=0x9d134f8, actor_player=0x0) at actions.c:447 No locals. #4 action_prob (wanted_action=wanted_action@entry=ACTION_SPY_STEAL_TECH, actor_player=0x0, actor_tile=actor_tile@entry=0x0, actor_unit=actor_unit@entry=0x0, target_player=target_player@entry=0x9d134f8, target_city=target_city@entry=0xaf50ec0, target_tile=target_tile@entry=0x9db5a80, target_unit=target_unit@entry=0x0, target_specialist=0x0, target_output=0x0, target_building=0x0, actor_specialist=0x0, actor_output=0x0, actor_building=0x0, actor_city=0x0) at actions.c:609 known = 2 chance = 254 #5 0x0812bb40 in action_prob_vs_city (actor_unit=actor_unit@entry=0x0, action_id=action_id@entry=7, target_city=target_city@entry=0xaf50ec0) at actions.c:660 No locals. #6 0x080e0180 in handle_unit_get_actions (pc=pc@entry=0x82977a0 connections, actor_unit_id=663, target_tile_id=11062) at unithand.c:239 act = 7 actor_player = optimized out actor_unit = 0x0 target_tile = optimized out probabilities = {255, 0, 0, 255, 255, 255, 255, 0, 0, 0} target_unit = 0x0 target_city = 0xaf50ec0 #7 0x0809d879 in server_handle_packet (type=type@entry=PACKET_UNIT_GET_ACTIONS, packet=packet@entry=0xb043938, pplayer=pplayer@entry=0xa2e58d0, pconn=pconn@entry=0x82977a0 connections) at hand_gen.c:250 No locals. #8 0x08051608 in server_packet_input (pconn=pconn@entry=0x82977a0 connections, packet=0xb043938, type=87) at srv_main.c:1702 pplayer = 0xa2e58d0 __FUNCTION__ = server_packet_input #9 0x080d58c7 in incoming_client_packets (pconn=optimized out) at sernet.c:450 command_ok = optimized out packet = {data = 0xb043938, type = PACKET_UNIT_GET_ACTIONS} #10 server_sniff_all_input () at sernet.c:842 pconn = 0x82977a0 connections nb = optimized out i = optimized out s = optimized out max_desc = optimized out readfs = {fds_bits = {128, 0 repeats 31 times}} writefs = {fds_bits = {0 repeats 32 times}} exceptfs = {fds_bits = {0 repeats 32 times}} tv = {tv_sec = 0, tv_usec = 98} __FUNCTION__ = server_sniff_all_input #11 0x08052e2d in srv_running () at srv_main.c:2401 save_counter = 1 i = optimized out is_new_turn = true skip_mapimg = false eot_timer = optimized out need_send_pending_events = false #12 srv_main () at srv_main.c:2879 __FUNCTION__ = srv_main #13 0x0804cb02 in main (argc=17, argv=0xbf974d94) at civserver.c:458 inx = 17 showhelp = optimized out showvers = optimized out option = optimized out __FUNCTION__ = main ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
URL: http://gna.org/bugs/?21900 Summary: Segmentation fault in utype_has_flag in Freeciv-web Project: Freeciv Submitted by: andreasr Submitted on: Wed 09 Apr 2014 04:31:13 PM UTC Category: freeciv-web Severity: 3 - Normal Priority: 5 - Normal Status: None Assigned to: None Originator Email: Open/Closed: Open Release: Discussion Lock: Any Operating System: GNU/Linux Planned Release: ___ Details: Hi! I get some segmentation faults in utype_has_flag in unittype.c, for some Freeciv-web games. This is from Freeciv revision 24737 running on the production server http//play.freeciv.org/ Any help fixing this? I'm not sure if this is a Freeciv-web specific bug, or a general problem in the Freeciv C server. I vaguely remember some segmentation fault fixes in action_prob recently, perhaps this is related. Backtrace generated from coredump: Program terminated with signal 11, Segmentation fault. #0 0x081ac007 in utype_has_flag (punittype=0x0, flag=23) at unittype.c:190 flag = 23 punittype = 0x0 #1 0x0812b228 in ap_diplomat_battle (pdefender=0x95ba150, pattacker=0x0) at actions.c:481 chance = optimized out #2 action_prob (wanted_action=wanted_action@entry=ACTION_SPY_SABOTAGE_UNIT, actor_player=0x0, actor_tile=actor_tile@entry=0x0, actor_unit=actor_unit@entry=0x0, target_player=target_player@entry=0x9d49048, target_city=target_city@entry=0x9a41208, target_tile=target_tile@entry=0xb692e2d0, target_unit=target_unit@entry=0x95ba150, target_specialist=0x0, target_output=0x0, target_building=0x0, actor_specialist=0x0, actor_output=0x0, actor_building=0x0, actor_city=0x0) at actions.c:580 known = 2 chance = 254 #3 0x0812bbf4 in action_prob_vs_unit (actor_unit=actor_unit@entry=0x0, action_id=action_id@entry=1, target_unit=target_unit@entry=0x95ba150) at actions.c:688 No locals. #4 0x080e01ec in handle_unit_get_actions ( pc=pc@entry=0x82977a0 connections, actor_unit_id=4888, target_tile_id=2298) at unithand.c:242 act = 1 actor_player = optimized out actor_unit = 0x0 target_tile = optimized out probabilities = {255, 0, 0, 0, 0, 0, 0, 0, 0, 0} target_unit = 0x95ba150 target_city = 0x9a41208 #5 0x0809d879 in server_handle_packet ( type=type@entry=PACKET_UNIT_GET_ACTIONS, packet=packet@entry=0x8b134e0, pplayer=pplayer@entry=0x9a56248, pconn=pconn@entry=0x82977a0 connections) at hand_gen.c:250 No locals. #6 0x08051608 in server_packet_input ( pconn=pconn@entry=0x82977a0 connections, packet=0x8b134e0, type=87) at srv_main.c:1702 pplayer = 0x9a56248 __FUNCTION__ = server_packet_input #7 0x080d58c7 in incoming_client_packets (pconn=optimized out) at sernet.c:450 command_ok = optimized out packet = {data = 0x8b134e0, type = PACKET_UNIT_GET_ACTIONS} #8 server_sniff_all_input () at sernet.c:842 pconn = 0x82977a0 connections nb = optimized out i = optimized out s = optimized out max_desc = optimized out readfs = {fds_bits = {128, 0 repeats 31 times}} writefs = {fds_bits = {0 repeats 32 times}} exceptfs = {fds_bits = {0 repeats 32 times}} tv = {tv_sec = 0, tv_usec = 97} __FUNCTION__ = server_sniff_all_input #9 0x08052e2d in srv_running () at srv_main.c:2401 save_counter = 1 i = optimized out is_new_turn = true skip_mapimg = false eot_timer = optimized out need_send_pending_events = false #10 srv_main () at srv_main.c:2879 __FUNCTION__ = srv_main #11 0x0804cb02 in main (argc=17, argv=0xbf922c14) at civserver.c:458 inx = 17 showhelp = optimized out showvers = optimized out s = optimized out max_desc = optimized out readfs = {fds_bits = {128, 0 repeats 31 times}} writefs = {fds_bits = {0 repeats 32 times}} exceptfs = {fds_bits = {0 repeats 32 times}} tv = {tv_sec = 0, tv_usec = 97} __FUNCTION__ = server_sniff_all_input #9 0x08052e2d in srv_running () at srv_main.c:2401 save_counter = 1 i = optimized out is_new_turn = true skip_mapimg = false eot_timer = optimized out need_send_pending_events = false #10 srv_main () at srv_main.c:2879 __FUNCTION__ = srv_main #11 0x0804cb02 in main (argc=17, argv=0xbf922c14) at civserver.c:458 inx = 17 showhelp = optimized out showvers = optimized out ---Type return to continue, or q return to quit--- option = optimized out __FUNCTION__ = main This is what the function in unittype.c looks like:
[Freeciv-Dev] [bug #21900] Segmentation fault in utype_has_flag in Freeciv-web
Follow-up Comment #1, bug #21900 (project freeciv): The crash happens in code introduced in this commit, I think: http://svn.gna.org/viewcvs/freeciv/trunk/common/actions.c?r1=24644r2=24655 Hopefully this will help with finding the cause of the segfault. ___ Reply to this item at: http://gna.org/bugs/?21900 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev