subject:"\[Freeciv\-Dev\] \[bug #16797\] Segmentation fault in tile

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-09 Thread pepeto


Follow-up Comment #4, bug #16797 (project freeciv):

I can reproduce, loading file #10638. Valgrind report:

==25011== Invalid read of size 8
==25011==at 0x577DD9: unit_tile (unit.c:1367)
==25011==by 0x4212B6: kill_unit (unittools.c:1856)
==25011==by 0x4B10F9: unit_attack_handling (unithand.c:1103)
==25011==by 0x4B073E: unit_move_handling (unithand.c:1426)
==25011==by 0x42D684: ai_unit_attack (aitools.c:928)
==25011==by 0x445D4F: adv_unit_execute_path (advgoto.c:100)
==25011==by 0x4321B2: ai_military_rampage (aiunit.c:715)
==25011==by 0x434BAD: ai_military_attack (aiunit.c:1800)
==25011==by 0x43640E: ai_manage_military (aiunit.c:2145)
==25011==by 0x437553: ai_manage_unit (aiunit.c:2330)
==25011==by 0x438E77: ai_manage_units (aiunit.c:2436)
==25011==by 0x4BB5C8: ai_do_first_activities (aihand.c:482)
==25011==  Address 0xa9b7d18 is 8 bytes inside a block of size 224 free'd
==25011==at 0x4C280BD: free (vg_replace_malloc.c:366)
==25011==by 0x41C036: server_remove_unit (unittools.c:1481)
==25011==by 0x4201F7: wipe_unit (unittools.c:1569)
==25011==by 0x4212F2: kill_unit (unittools.c:1859)
==25011==by 0x4B10F9: unit_attack_handling (unithand.c:1103)
==25011==by 0x4B073E: unit_move_handling (unithand.c:1426)
==25011==by 0x42D684: ai_unit_attack (aitools.c:928)
==25011==by 0x445D4F: adv_unit_execute_path (advgoto.c:100)
==25011==by 0x4321B2: ai_military_rampage (aiunit.c:715)
==25011==by 0x434BAD: ai_military_attack (aiunit.c:1800)
==25011==by 0x43640E: ai_manage_military (aiunit.c:2145)
==25011==by 0x437553: ai_manage_unit (aiunit.c:2330)



___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message posté via/par Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-09 Thread pepeto


Update of bug #16797 (project freeciv):

  Status:None = Ready For Test 
 Assigned to:None = pepeto 

___

Follow-up Comment #5:

Fix attached. It was using punit-tile even in the tile unit iteration. If
punit was not the last removed, it was deferencing an inconsistent pointer.


(file #10681)
___

Additional Item Attachment:

File name: trunk_kill_unit.diff   Size:3 KB


___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message posté via/par Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-09 Thread Jason Dorje Short


Follow-up Comment #6, bug #16797 (project freeciv):

Yep good catch. The actual bug is in the final loop at the bottom of the
function but using ptile throughout does make it easier to read.  I'm also
going to set punit = NULL right before the loop so any future bugs of this
kind trigger immediately, and add a comment and fix indentation.

___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-09 Thread Jason Dorje Short


Update of bug #16797 (project freeciv):

Severity:  3 - Normal = 5 - Blocker
  Status:  Ready For Test = Fixed  
 Assigned to:  pepeto = jdorje 
 Open/Closed:Open = Closed 


___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-02 Thread Matthias Pfafferodt


URL:
  http://gna.org/bugs/?16797

 Summary: Segmentation fault in tile_city()
 Project: Freeciv
Submitted by: syntron
Submitted on: Samstag 02.10.2010 um 11:23
Category: general
Severity: 3 - Normal
Priority: 5 - Normal
  Status: None
 Assigned to: None
Originator Email: 
 Open/Closed: Open
 Release: trunk
 Discussion Lock: Any
Operating System: None
 Planned Release: 2.3.0

___

Details:

It fails at

is_city_center(pcity, ptile)

which is a macro:

#define is_city_center(_city, _tile) (_city-tile == _tile)

The city tile pointer seems to be invalid at this point. The error happens
for different calls to the function so somethere some memory seems to be
overwritten.

Savefile attached (use './ser -F -f freeciv-T0271-Y01721-auto.sav.bz2')


#0  0x00577629 in tile_city (ptile=0x1d6b290) at tile.c:78
pcity = (struct city *) 0x1
#1  0x004e7219 in is_unit_reachable_at (defender=0x15461f0,
attacker=0x1d13010,
location=0x1) at combat.c:88
No locals.
#2  0x00422f9b in kill_unit (pkiller=0x1d13010, punit=0x1d6b660,
vet=value optimized out)
at unittools.c:1855
punit2 = (struct unit *) 0x15461f0
punit2_index = 2
punit2_size = 3
i = value optimized out
pkiller_link = [l tgt=\unit\ id=1925 name=\Howitzer\
/]\000\000\000\000\000\000\000\000`��\001\000\000\000\000��,\001\000\000\000\000p�\000\000\000\000\000��W\000\000\000\000\000`��\001\000\000\000\000#�N\000\000\000\000\000\017\000\000\000\000\000\000\000\025\000\000\000\000\000\000\000]\000\000\0009\002\000\000\r�W\000\000\000\000
punit_link = [l tgt=\tile\ x=15
y=21]Spy[/l]\000\0200�\001\000\000\000\000\021�X\000\000\000\000\\000\000\\000\000\000\020\002\210,�\177\000\\001\210,�\177\000\000n�`\000\000\000\000\000\200\000\210,�\177\000\0009_V,
'\0' repeats 13 times,
[\000\000\000\000\000\000\000\006{a\000\000\000\000\000�\207^\000\000\000\000
pvictim = (struct player *) 0x1541ba0
pvictor = (struct player *) 0x153e010
ransom = value optimized out
unitcount = value optimized out
__FUNCTION__ = kill_unit
#3  0x004b27ca in unit_attack_handling (punit=0x1d13010,
pdefender=0x1d6b660) at unithand.c:1103
winner_id = 1925
loser_link = [l tgt=\tile\ x=15
y=21]Spy[/l]\000��,\001\000\000\000\000\...@o\000\000\000\000\000\0200�\001\000\000\000\000u?o\000\000\000\000\000��,\001\000\000\000\000\032AO\000\000\000\000\000`��\001\000\000\000\000\0200�\001\000\000\000\000\036\000\000\000\000\000\000\000\000\000\000K\000\000\000\001\000\000\000\021\000\000\000�aT\001\000\000\000
winner_link = [l tgt=\unit\ id=1925 name=\Howitzer\
/]\�\001\000\000\000\000��,\001\000\000\000\000\202pn\000\000\000\000\...@�,\001\000\000\000\000�aT\001\000\000\000\000\002\000\000\000\001\000\000\000�aT\001,
'\0' repeats 20 times,
\002\000\000\000\000\000\000\000AuN\000\000\000\000
ploser = (struct unit *) 0x1d6b660
pwinner = (struct unit *) 0x1d13010
pcity = (struct city *) 0x0
moves_used = 0
def_moves_used = 0
old_unit_vet = 1
old_defender_vet = 0
vet = 0
winner_id = 1925
def_tile = (struct tile *) 0x12ce4e8
pplayer = (struct player *) 0x153e010
__FUNCTION__ = unit_attack_handling
#4  0x004b1ded in unit_move_handling (punit=0x1d13010,
pdesttile=0x12ce4e8, igzoc=false,
move_diplomat_city=false) at unithand.c:1423
victim = value optimized out
pplayer = (struct player *) 0x153e010
pcity = (struct city *) 0x0
__FUNCTION__ = unit_move_handling
#5  0x0043614a in ai_unit_attack (punit=0x1d13010, ptile=0x12ce4e8)
at aitools.c:928
bodyguard = (struct unit *) 0x0
sanity = 1925
alive = value optimized out
__FUNCTION__ = ai_unit_attack
#6  0x00442d9a in adv_unit_execute_path (punit=0x1d13010,
path=0x14d0f20) at advgoto.c:100
plr = value optimized out
ptile = (struct tile *) 0x12ce4e8
id = 1925
is_ai = true
i = 15
__FUNCTION__ = adv_unit_execute_path
#7  0x004b7b1b in ai_military_rampage (punit=0x1d13010, thresh_adj=1,
thresh_move=1)
at aiunit.c:720
count = 6
path = (struct pf_path *) 0x14d0f20
__FUNCTION__ = ai_military_rampage
#8  0x004ba420 in ai_military_attack (pplayer=0x153e010,
punit=0x1d13010) at aiunit.c:1803
dest_tile = value optimized out
id = 1925
ct = value optimized out
pcity = value optimized out
start_tile = (struct tile *) 0x12c4e58
__FUNCTION__ = ai_military_attack
#9  0x004bbd87 in ai_manage_military (pplayer=0x153e010,
punit=0x1d13010)

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-02 Thread pepeto


Follow-up Comment #1, bug #16797 (project freeciv):

It may be related to bug #16775. I have encountered similar bugs when
attempting to fix patch #1850.


___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message posté via/par Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-02 Thread Matthias Pfafferodt


Follow-up Comment #2, bug #16797 (project freeciv):

I run some autogames at the moment. This bug killed 12 of 17 games till now.
Two there killed by another cause. So only 3 did finish with a victory.

___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Nachricht geschickt von/durch Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

2010-10-02 Thread pepeto


Follow-up Comment #3, bug #16797 (project freeciv):

Applying the patch for bug #16775 seems to fix the problem.


___

Reply to this item at:

  http://gna.org/bugs/?16797

___
  Message posté via/par Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

[Freeciv-Dev] [bug #16797] Segmentation fault in tile_city()

8 matches

Site Navigation

Mail list logo

Footer information