URL:
<http://gna.org/bugs/?23887>
Summary: command crashes server
Project: Freeciv
Submitted by: andreasr
Submitted on: Sat 19 Sep 2015 10:40:23 PM UTC
Category: general
Severity: 4 - Important
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release: trunk
Discussion Lock: Any
Operating System: GNU/Linux
Planned Release:
_______________________________________________________
Details:
The following command will cause a segmentation fault in the current
Freeciv-web server:
/set reveal map start
Backtrace here:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI___libc_free (mem=0x686374616d206f4e) at malloc.c:2929
2929 malloc.c: No such file or directory.
Traceback (most recent call last):
File
"/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19-gdb.py",
line 63, in <module>
from libstdcxx.v6.printers import register_libstdcxx_printers
ImportError: No module named 'libstdcxx'
(gdb) bt full
#0 __GI___libc_free (mem=0x686374616d206f4e) at malloc.c:2929
ar_ptr = <optimized out>
p = <optimized out>
hook = 0x0
#1 0x000000000059f716 in free_tokens (tokens=tokens@entry=0x7fffb99157e0,
ntokens=ntokens@entry=3) at shared.c:334
i = 2
#2 0x0000000000413d6d in set_command (
caller=caller@entry=0x87a560 <connections>,
str=str@entry=0x7fffb99164f0 "reveal map start", check=check@entry=false)
at stdinhand.c:2975
args = {0xeb8e30 "\340", <incomplete sequence \353>,
0xeb5c20 " \216", <incomplete sequence \353>}
val = 119
cmd = <optimized out>
nargs = 3
pset = <optimized out>
do_update = <optimized out>
reject_msg = "No match for \"map\".", '\000' <repeats 236 times>
ret = false
#3 0x000000000041a060 in handle_stdin_input_real (
caller=caller@entry=0x87a560 <connections>, str=<optimized out>,
str@entry=0x7fffb9917010 "/set reveal map start",
check=check@entry=false,
---Type <return> to continue, or q <return> to quit---
read_recursion=read_recursion@entry=0) at stdinhand.c:4277
full_command = "set reveal map start", '\000' <repeats 28 times>,
"\377\377\377\377\377\377\377\377", '\000' <repeats 14 times>, "
\000\000\000\000\000\000\000\000\000N\000\000\000\377\177", '\000' <repeats 34
times>, "\001\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377N",
'\000' <repeats 11 times>, "\377\177
\000\000\000\000\000\000\000\000\000pc\221\271\377\177\000\000cz`\000\000\000\000\000\002\000\000\000\000\000\000\000O\000\000\000v\177\000\000fz`",
'\000' <repeats 13 times>...
command =
"set\000\000\000\000\000P\353\244\002\000\000\000\000\000\020\000\000\000\000\000\000\006\311\324\377v\177\000\000\020\000\000\000\000\000\000\000\274%\000\000\000\000\000\000\001\000\000\000\000\000\000\000\244\201",
'\000' <repeats 22 times>,
"\372\000\000\000\000\000\000\000\000\020\000\000\000\000\000\000\b\000\000\000\000\000\000\000*\223\375U\000\000\000\000\340\034U\034\000\000\000\000\252A\374U\000\000\000\000È\216+\000\000\000\000\252A\374U\000\000\000\000È\216+",
'\000' <repeats 28 times>,
"P\353\244\002\000\000\000\000\n\000\000\000\000\000\000\000\000+Freeciv."...
arg = "reveal map
start\000f\221\271\377\177\000\000`e\221\271\377\177\000\000`\236\346\000\000\000\000\000\360\236\346\000\000\000\000\000search
your-server.de\n\000\061\060\060\n\000BY HAND -- YOUR CHANGES WILL BE
OVERWRITTEN\n\000nf(8)\n\000|\000\000\000\377\177\000\000@\240\346\000\000\000\000\000\000\237\346\000\000\000\000\000@gA\371v\177\000\000pg\221\271\377\177\000\000\220h\221\271\377\177\000\000\200\036\347\000\000\000\000\000){\320\377v\177\000\000\000challen"...
---Type <return> to continue, or q <return> to quit---
cptr_s = <optimized out>
cptr_d = <optimized out>
cmd = CMD_SET
level = <optimized out>
__FUNCTION__ = "handle_stdin_input_real"
#4 0x000000000041d199 in handle_stdin_input (
caller=caller@entry=0x87a560 <connections>,
str=str@entry=0x7fffb9917010 "/set reveal map start") at stdinhand.c:4028
No locals.
#5 0x00000000004c1e40 in handle_chat_msg_req (
pconn=pconn@entry=0x87a560 <connections>, message=<optimized out>)
at handchat.c:343
real_message = "/set reveal map start", '\000' <repeats 83 times>,
"\024\213\354\000w\177\000\000\016\224\337\000\000\000\000\000\020\222\337\000\000\000\000\000\016\224\337\000\377\000\000\000\024\213\354\000w\177\000\000\016\224\337\000\000\000\000\000\020\222\337\000\000\000\000\000\000\000\000\000\377\000\000\000Dq\221\271\377\177\000\000\276Q\207\000\000\000\000\000\362Q\207\000\000\000\000\000\370p`\000\000\000\000\000"...
cp = <optimized out>
double_colon = <optimized out>
#6 0x000000000046f418 in server_handle_packet (
type=type@entry=PACKET_CHAT_MSG_REQ, packet=<optimized out>,
pplayer=pplayer@entry=0x0, pconn=pconn@entry=0x87a560 <connections>)
---Type <return> to continue, or q <return> to quit---
at hand_gen.c:40
No locals.
#7 0x000000000040c008 in server_packet_input (
pconn=pconn@entry=0x87a560 <connections>, packet=<optimized out>,
type=26)
at srv_main.c:1884
pplayer = <optimized out>
__FUNCTION__ = "server_packet_input"
#8 0x00000000004a62be in incoming_client_packets (pconn=<optimized out>)
at sernet.c:460
command_ok = <optimized out>
packet = {data = 0xeb8e70, type = PACKET_CHAT_MSG_REQ}
#9 server_sniff_all_input () at sernet.c:856
pconn = 0x87a560 <connections>
nb = <optimized out>
i = <optimized out>
s = <optimized out>
max_desc = <optimized out>
readfs = {fds_bits = {64, 0 <repeats 15 times>}}
writefs = {fds_bits = {0 <repeats 16 times>}}
exceptfs = {fds_bits = {0 <repeats 16 times>}}
tv = {tv_sec = 0, tv_usec = 847806}
__FUNCTION__ = "server_sniff_all_input"
#10 0x000000000040e5cd in srv_main () at srv_main.c:3187
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?23887>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
