URL:
http://gna.org/bugs/?16495
Summary: Possible crash in server_remove_player()
Project: Freeciv
Submitted by: pepeto
Submitted on: vendredi 20.08.2010 à 09:00
Category: general
Severity: 3 - Normal
Priority: 5 - Normal
Status: Ready For Test
Assigned to: pepeto
Originator Email:
Open/Closed: Open
Release: trunk, S2_2
Discussion Lock: Any
Operating System: None
Planned Release: 2.2.3, 2.3.0
___
Details:
Using
conn_list_iterate(pplayer-connections, pconn) {
connection_detach(pconn);
} conn_list_iterate_end;
is dangerous, because if there are connections following the connection which
is actually playing in the list, the connection will be empty after the end of
the iteration, causing the loop using freed datas. I didn't make the server
crashing, but this function is used in lot of places in stdinhand.c, so it
probably can cause a crash somewhere.
Fix attached.
___
File Attachments:
---
Date: vendredi 20.08.2010 à 09:00 Name: trunk_server_remove_player.diff
Size: 765 o By: pepeto
http://gna.org/bugs/download.php?file_id=9930
---
Date: vendredi 20.08.2010 à 09:00 Name: S2_2_server_remove_player.diff
Size: 742 o By: pepeto
http://gna.org/bugs/download.php?file_id=9931
___
Reply to this item at:
http://gna.org/bugs/?16495
___
Message posté via/par Gna!
http://gna.org/
___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev
