[Wesnoth-bugs] [bug #25086] bunch of problems with (almost) empty maps; UB/hang/crash when terminating

Tue, 20 Sep 2016 06:11:30 -0700 

URL:
  <http://gna.org/bugs/?25086>

                 Summary: bunch of problems with (almost) empty maps;
UB/hang/crash when terminating
                 Project: Battle for Wesnoth
            Submitted by: matthiaskrgr
            Submitted on: Tue 20 Sep 2016 01:10:35 PM UTC
                Category: Bug
                Severity: 2 - Minor
                Priority: 5 - Normal
              Item Group: Multiplayer
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: git
        Operating System: linux

    _______________________________________________________

Details:

While trying to crash the game, I used a plain map from the editor which I
resized to 1x1, the map looked like this:

Gg, Gg, Gg
Gg, Gg, Gg
Gg, Gg, Gg


and loaded tried to start a multiplayer match on it.

There was some UB

/usr/include/c++/6.1.1/bits/stl_vector.h:796:41: runtime error: reference
binding to null pointer of type 'const struct value_type'
/home/matthias/vcs/github/wesnoth/src/units/drawer.cpp:48:33: runtime error:
reference binding to null pointer of type 'const struct team'
/usr/include/c++/6.1.1/bits/stl_vector.h:796:41: runtime error: reference
binding to null pointer of type 'const struct value_type'
/home/matthias/vcs/github/wesnoth/src/units/drawer.cpp:48:33: runtime error:
reference binding to null pointer of type 'const struct team'
/usr/include/c++/6.1.1/bits/stl_vector.h:781:41: runtime error: reference
binding to null pointer of type 'struct value_type'
/home/matthias/vcs/github/wesnoth/src/playsingle_controller.cpp:623:65:
runtime error: reference binding to null pointer of type 'const struct team'
20160920 15:05:03 error engine: Playing game with 0 teams.


and the game appeared to have locked up.
The UI was updating but it didn't react to any clicks.
When I ctrl+c'ed it in the terminal, a heap use after free showed up (see
logs).





    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 20 Sep 2016 01:10:35 PM UTC  Name: empty_map_ub_crash.log  Size:
42kB   By: matthiaskrgr

<http://gna.org/bugs/download.php?file_id=28681>
-------------------------------------------------------
Date: Tue 20 Sep 2016 01:10:35 PM UTC  Name: empty.map  Size: 33B   By:
matthiaskrgr

<http://gna.org/bugs/download.php?file_id=28682>

    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?25086>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Wesnoth-bugs mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-bugs

Reply via email to