subject:"\[Freeciv\-Dev\] \[bug #19800\] Server crash after reading \"multiplayer.serv\" or \"civ.serv\""

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

2012-06-15 Thread pepeto

Follow-up Comment #3, bug #19800 (project freeciv):

Revision: 21191 ; This is valgrind backtrace :


==32115== Memcheck, a memory error detector
==32115== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==32115== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==32115== Command: server/freeciv-server
==32115== 
This is the server for Freeciv version 2.3.2+
You can learn a lot about Freeciv at http://www.freeciv.org/
2: Loading rulesets.
==32115== Conditional jump or move depends on uninitialised value(s)
==32115==at 0x4057DD8: inflateReset2 (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4057EC7: inflateInit2_ (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0xFFFE: ???
==32115== 
==32115== Conditional jump or move depends on uninitialised value(s)
==32115==at 0x4057DD8: inflateReset2 (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4057EC7: inflateInit2_ (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4F462FDF: ???
==32115== 
==32115== Conditional jump or move depends on uninitialised value(s)
==32115==at 0x4057DD8: inflateReset2 (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4057EC7: inflateInit2_ (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4FDB0A0A: ???
==32115== 
2: ai_data_init(): 0x68d63f0 nb 0 "noname"
2: AI*1 has been added as Easy level AI-controlled player.
2: ai_data_init(): 0x68ea540 nb 1 "noname"
2: AI*2 has been added as Easy level AI-controlled player.
2: ai_data_init(): 0x68fe7d0 nb 2 "noname"
2: AI*3 has been added as Easy level AI-controlled player.
2: ai_data_init(): 0x6912ba0 nb 3 "noname"
2: AI*4 has been added as Easy level AI-controlled player.
2: ai_data_init(): 0x69270b0 nb 4 "noname"
2: AI*5 has been added as Easy level AI-controlled player.
2: Now accepting new client connections.

For introductory help, type 'help'.
> 
2: Connection request from pepeto from localhost
2: c1 has client version 2.3.2+
2: pepeto has connected from localhost.
> ==32115== Conditional jump or move depends on uninitialised value(s)
==32115==at 0x4057DD8: inflateReset2 (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4057EC7: inflateInit2_ (in
/lib/i386-linux-gnu/libz.so.1.2.3.4)
==32115==by 0x4FDB0EB1: ???
==32115== 

pepeto: '/read multiplayer'
2: Loading script file 'data/multiplayer.serv'.
pepeto: '# Server commands to make multiplayer Freeciv rules
'
pepeto: '#
'
pepeto: '
'
pepeto: 'rulesetdir multiplayer
'
2: Ruleset directory set to "multiplayer"
2: Loading rulesets.
==32115== Invalid read of size 4
==32115==at 0x8125F88: government_number (government.c:93)
==32115==by 0x80B779F: package_player_info (plrhand.c:872)
==32115==by 0x80B7EE7: send_player_info_c_real (plrhand.c:717)
==32115==by 0x80B8010: send_player_info_c (plrhand.c:690)
==32115==by 0x80C7A7B: load_rulesets (ruleset.c:3968)
==32115==by 0x80571FE: set_rulesetdir (stdinhand.c:3694)
==32115==by 0x805CF1F: handle_stdin_input_real.part.15 (stdinhand.c:4124)
==32115==by 0x805F04F: read_init_script_real (stdinhand.c:1196)
==32115==by 0x805C578: handle_stdin_input_real.part.15 (stdinhand.c:1113)
==32115==by 0x8101147: handle_chat_msg_req (handchat.c:343)
==32115==by 0x80B1E9E: server_handle_packet (hand_gen.c:40)
==32115==by 0x804FEC1: server_packet_input (srv_main.c:1498)
==32115==  Address 0x43391a0 is 0 bytes inside a block of size 1,344 free'd
==32115==at 0x402B06C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==32115==by 0x8126B7C: governments_free (government.c:536)
==32115==by 0x8125731: game_ruleset_free (game.c:493)
==32115==by 0x80C7A54: load_rulesets (ruleset.c:3983)
==32115==by 0x80571FE: set_rulesetdir (stdinhand.c:3694)
==32115==by 0x805CF1F: handle_stdin_input_real.part.15 (stdinhand.c:4124)
==32115==by 0x805F04F: read_init_script_real (stdinhand.c:1196)
==32115==by 0x805C578: handle_stdin_input_real.part.15 (stdinhand.c:1113)
==32115==by 0x8101147: handle_chat_msg_req (handchat.c:343)
==32115==by 0x80B1E9E: server_handle_packet (hand_gen.c:40)
==32115==by 0x804FEC1: server_packet_input (srv_main.c:1498)
==32115==by 0x80DF00D: server_sniff_all_input (sernet.c:448)
==32115== 
2: Ruleset: 'generator' has been set to "Island-based" (ISLAND).
2: Ruleset: 'topology' has been set to "Wrap East-West" and "Wrap North-South"
(WRAPX|WRAPY).
2: Ruleset: 'startpos' has been set to "One player per continent" (SINGLE).
2: Ruleset: 'alltemperate' has been set to enabled.
2: Ruleset: 'separatepoles' has been set to disabled.
2: Ruleset: 'huts' has been set to 0.
2: Ruleset: 'aifill' has been set to 0.
2: Ruleset: 'diplomacy' has been set to "Disabled for everyone" (DISABLED).
2: Ruleset: 'contactturns' has been set to 0.
2: Ruleset: 'revolen' has been set to 2.
2: Ruleset: 'barbarians' has been set to "No barbarians" (DISABLED).
2: Ruleset: 'techpenalty' has been set to 0.
2: Ruleset: 'startunits' ha

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

2012-06-14 Thread Marko Lindqvist

Follow-up Comment #2, bug #19800 (project freeciv):

> I can't trivially reproduce this

As this seems to be about ai->government_want being non-NULL illegal pointer
it could be simply that it's not initialized. 1) To avoid compiler setting it
to NULL you need to compile with optimization. 2) You must be lucky that the
uninitialized value is something that does not just happen to pass.

Pepeto: Can you add logging to ai_data_init() and ai_data_close() with player
names to check that they are always called in pairs (ai_data_init() must be
called before ai_data_close() and ai_data_close() should not be called
multiple times)

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

2012-06-14 Thread Jacob Nevins

Follow-up Comment #1, bug #19800 (project freeciv):

Hey pepeto, long time no see...

I can't trivially reproduce this with head of S2_3 (r21191), but then I don't
think the line numbers in the backtrace match up with that. Which revision was
this?

We fixed several player-removal bugs recently, but none strikes me as
obviously relevant.

___

Reply to this item at:

  

___
  Message sent via/by Gna!
  http://gna.org/


___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

2012-06-12 Thread pepeto

URL:
  

 Summary: Server crash after reading "multiplayer.serv" or
"civ.serv"
 Project: Freeciv
Submitted by: pepeto
Submitted on: mar. 12 juin 2012 12:36:30 CEST
Category: general
Severity: 3 - Normal
Priority: 5 - Normal
  Status: None
 Assigned to: None
Originator Email: 
 Open/Closed: Open
 Release: S2_3
 Discussion Lock: Any
Operating System: GNU/Linux
 Planned Release: 

___

Details:

I get a crash when quitting the server after having loaded "multiplayer" or
"civ2" rulesets at first turn.


*** glibc detected *** /usr/local/bin/freeciv-server: free(): invalid next
size (fast): 0x0883c438 ***
=== Backtrace: =
/lib/i386-linux-gnu/libc.so.6(+0x73e42)[0x1e8e42]
/usr/local/bin/freeciv-server[0x8088fcc]
/usr/local/bin/freeciv-server[0x80b87fd]
/usr/local/bin/freeciv-server[0x805159a]
/usr/local/bin/freeciv-server[0x80516b2]
/usr/local/bin/freeciv-server[0x805ccb5]
/usr/local/bin/freeciv-server[0x8100998]
/usr/local/bin/freeciv-server[0x80b1a5f]
/usr/local/bin/freeciv-server[0x804fe92]
/usr/local/bin/freeciv-server[0x80dea16]
/usr/local/bin/freeciv-server[0x8051ded]
/usr/local/bin/freeciv-server[0x804b68c]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x18e4d3]
/usr/local/bin/freeciv-server[0x804bc65]
=== Memory map: 
0011-0013 r-xp  08:01 8388653   
/lib/i386-linux-gnu/ld-2.15.so
0013-00131000 r--p 0001f000 08:01 8388653   
/lib/i386-linux-gnu/ld-2.15.so
00131000-00132000 rw-p 0002 08:01 8388653   
/lib/i386-linux-gnu/ld-2.15.so
00132000-00133000 r-xp  00:00 0  [vdso]
00133000-00147000 r-xp  08:01 8388673   
/lib/i386-linux-gnu/libz.so.1.2.3.4
00147000-00148000 r--p 00013000 08:01 8388673   
/lib/i386-linux-gnu/libz.so.1.2.3.4
00148000-00149000 rw-p 00014000 08:01 8388673   
/lib/i386-linux-gnu/libz.so.1.2.3.4
00149000-00173000 r-xp  08:01 8393785   
/lib/i386-linux-gnu/libm-2.15.so
00173000-00174000 r--p 00029000 08:01 8393785   
/lib/i386-linux-gnu/libm-2.15.so
00174000-00175000 rw-p 0002a000 08:01 8393785   
/lib/i386-linux-gnu/libm-2.15.so
00175000-00314000 r-xp  08:01 8393781   
/lib/i386-linux-gnu/libc-2.15.so
00314000-00316000 r--p 0019f000 08:01 8393781   
/lib/i386-linux-gnu/libc-2.15.so
00316000-00317000 rw-p 001a1000 08:01 8393781   
/lib/i386-linux-gnu/libc-2.15.so
00317000-0031a000 rw-p  00:00 0 
0031a000-00325000 r-xp  08:01 8393790   
/lib/i386-linux-gnu/libnss_files-2.15.so
00325000-00326000 r--p a000 08:01 8393790   
/lib/i386-linux-gnu/libnss_files-2.15.so
00326000-00327000 rw-p b000 08:01 8393790   
/lib/i386-linux-gnu/libnss_files-2.15.so
00327000-00343000 r-xp  08:01 8388853   
/lib/i386-linux-gnu/libgcc_s.so.1
00343000-00344000 r--p 0001b000 08:01 8388853   
/lib/i386-linux-gnu/libgcc_s.so.1
00344000-00345000 rw-p 0001c000 08:01 8388853   
/lib/i386-linux-gnu/libgcc_s.so.1
08048000-0826f000 r-xp  08:01 10890857  
/usr/local/bin/freeciv-server
0826f000-0827 r--p 00226000 08:01 10890857  
/usr/local/bin/freeciv-server
0827-08274000 rw-p 00227000 08:01 10890857  
/usr/local/bin/freeciv-server
08274000-0936e000 rw-p  00:00 0  [heap]
b7c69000-b7cd3000 rw-p  00:00 0 
b7cd3000-b7cda000 r--s  08:01 10496484  
/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
b7cda000-b7de2000 r--p  08:01 11014208  
/usr/local/share/locale/fr/LC_MESSAGES/freeciv.mo
b7de2000-b7fe2000 r--p  08:01 10487192  
/usr/lib/locale/locale-archive
b7fe2000-b7fe4000 rw-p  00:00 0 
b7ffd000-b7ffe000 r--p 002cc000 08:01 10487192  
/usr/lib/locale/locale-archive
b7ffe000-b800 rw-p  00:00 0 
bffb6000-c000 rw-p  00:00 0  [stack]

Program received signal SIGABRT, Aborted.
0x00132416 in __kernel_vsyscall ()
(gdb) bt
#0  0x00132416 in __kernel_vsyscall ()
#1  0x001a31ef in __GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0x001a6835 in __GI_abort () at abort.c:91
#3  0x001de2fa in __libc_message (do_abort=2, 
fmt=0x2d63bc "*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
#4  0x001e8e42 in malloc_printerr (action=, 
str=, ptr=0x883c438) at malloc.c:5007
#5  0x08088fcc in ai_data_close (pplayer=0x8958428) at advdata.c:905
#6  0x080b87fd in server_remove_player (pplayer=0x8958428) at plrhand.c:1182
#7  0x0805159a in server_game_free () at srv_main.c:2529
#8  0x080516b2 in server_quit () at srv_main.c:1308
#9  0x0805ccb5 in quit_game (check=false, caller=0x827cd80) at
stdinhand.c:3866
#10 handle_stdin_input_real (caller=0x827cd80, str=, 
check=false, read_recursion=0) at stdinhand.c:4110
#11 0x08100998 in handle_chat_msg_req (pconn=0x827cd80, 
messag

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

[Freeciv-Dev] [bug #19800] Server crash after reading "multiplayer.serv" or "civ.serv"

4 matches

Site Navigation

Mail list logo

Footer information